Web Application Security

A few people asked for slides and links from the security talk from The Ajax Experience last week:

| View | Upload your own

General Links:

OWASP: Open Web App Security Project
Security Resources from the OpenAjax Alliance Wiki
Mozilla on Same-Origin Policy

XSS:

Introductions from: Wikipedia and Apache
Cheat Sheet: Long list of XSS vectors from RSnake
Explanation of DOM Based XSS
Explanation of Samy is my Hero worm
Fairly old FAQ at CGI Security
List of XSS holes in popular web applications

CSRF:

Introduction from: Wikipedia and here
Article by Chris Shiflett and CSRF Redirector test tool
CSRF FAQ at CGI Security
Array constructor overriding and setter overriding
A solution: SameRefererOnly
Protecting a JSON or JavaScript Service

Blogs:

Responses[14]

Posted by Joe Walker on 29 October 2007 11:00:51 GMT #

Re: Web Application Security

Comment from Marc on 29 October 2007 20:48:39 GMT #

Thank you Joe for your presentation - I am glad I didn't open up my website to HTML comments before understanding the security risks. I now know to whitelist instead of blacklist user input, thank you!

I also exposed the company I work for to DWR and at first pass they seem very intrigued. I am hoping it opens up the corporate door to Ajax.

Re: Web Application Security

Comment from Simon Gow on 30 October 2007 16:07:54 GMT #

I understand most of these concepts and have been building what I thought was the most secure login script I could. Thanks for opening up a few new things I hadn't thought about just yet :)

Re: Web Application Security

Comment from Gilinna on 13 January 2010 09:39:43 GMT #

If you take Tadalafil 20mg every day and you miss a dose, take the missed dose as soon as you remember

.....

Comment from Anonymous on 20 January 2010 10:41:32 GMT #

Cool.. I have this too in progress. have been working on it for months, lol.. free advertising |jobs|tempurpedic mattress

Re: Web Application Security

Comment from Andre on 30 October 2007 13:25:49 GMT #

Is there a video available for this presentation?

Re: Web Application Security

Comment from Anonymous on 30 October 2007 14:36:08 GMT #

Thanks for your good work. Getahead = quality, if that was not already obvious.

Re: Web Application Security

Comment from vmmello on 03 December 2007 16:14:59 GMT #

the best web security presentation I've seen.

Re: Web Application Security

Comment from Developer4lease on 06 November 2008 06:07:51 GMT #

Thank you for sharing useful information.Do exposed stack traces in a live web application present potential security flaws? Can anyone share their opinion in it. http://www.developer4lease.com/

Re: Web Application Security

Comment from Gilinna on 13 January 2010 09:43:42 GMT #

he Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.Generic Zoloft

Re: Web Application Security

Comment from Hannery on 02 August 2009 20:40:43 BST #

the best web security presentation I've seen, i was looking some cheap deals on business email hosting services but i got here and i see really interesting work on your page.

Re: Web Application Security

Comment from Ben Hurtisson on 19 January 2010 12:58:50 GMT #

Thanks for great materials and tips! Web design development services

Thank you

Comment from Jenny Syms on 02 February 2010 05:50:26 GMT #

Great slides thank you can they be downloaded? Campervan Hire Australia

Re: Web Application Security

Comment from James Taylor on 08 February 2010 10:14:00 GMT #

Charity Logo | Mortgage Logo | Internet Logos

Re: Web Application Security

Comment from James Taylor on 08 February 2010 10:14:29 GMT #

Fitness Logos | Computers Logo

Add a comment Send a TrackBack

2010 February (1) January (0)	2009 December (0) November (0) October (0) September (0) August (1) July (0) June (0) May (1) April (1) March (0) February (3) January (0)
2008 December (2) November (1) October (0) September (0) August (0) July (2) June (0) May (2) April (1) March (5) February (2) January (1)	2007 December (4) November (3) October (2) September (0) August (3) July (2) June (1) May (2) April (8) March (11) February (4) January (7)
2006 December (4) November (2) October (4) September (3) August (7) July (3) June (3) May (10) April (3) March (4) February (5) January (3)	2005 December (1) November (7) October (8) September (10) August (5) July (7) June (11) May (6) April (2)

Re: Web Application Security Comment from Anonymous on 09 February 2010 14:10:30 GMT #
Title
Body	HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

Username
Password
Remember me