A few people asked for slides and links from the security talk from The Ajax Experience last week:

General Links:

• OWASP: Open Web App Security Project
• Security Resources from the OpenAjax Alliance Wiki
• Mozilla on Same-Origin Policy

XSS:

• Introductions from: Wikipedia and Apache
• Cheat Sheet: Long list of XSS vectors from RSnake
• Explanation of DOM Based XSS
• Explanation of Samy is my Hero worm
• Fairly old FAQ at CGI Security
• List of XSS holes in popular web applications

CSRF:

• Introduction from: Wikipedia and here
• Article by Chris Shiflett and CSRF Redirector test tool
• CSRF FAQ at CGI Security
• Array constructor overriding and setter overriding
• A solution: SameRefererOnly
• Protecting a JSON or JavaScript Service

Blogs:

• Jeremiah Grossman
• Chris Shiflett
• RSnake
• GNUCITIZEN
• Google Online Security
• 0x000000
• Darknet

Here are the slides from the talk I did at Future of Web Apps in London last week.

Quite a few of the other talks have been uploaded to the same place:

Dion Almaer: Future of Web Apps: Google Gears

John Resig: The Future of Firefox and JavaScript

Matt Mullenweg: Architecture Behind WordPress.com

Suw Charman: Preparing for Enterprise Adoption

Leisa Reichelt: Ambient Intimacy

Rashmi Sinha: Making Your App Social

Matt Biddulph: Coding on the Shoulders of Giants

Simon Wardley: Short on cycles, long on storage

Heidi Pollock: Taking Your Application Mobile