Web Application Security

A few people asked for slides and links from the security talk from The Ajax Experience last week:

| View | Upload your own

General Links:

OWASP: Open Web App Security Project
Security Resources from the OpenAjax Alliance Wiki
Mozilla on Same-Origin Policy

XSS:

Introductions from: Wikipedia and Apache
Cheat Sheet: Long list of XSS vectors from RSnake
Explanation of DOM Based XSS
Explanation of Samy is my Hero worm
Fairly old FAQ at CGI Security
List of XSS holes in popular web applications

CSRF:

Introduction from: Wikipedia and here
Article by Chris Shiflett and CSRF Redirector test tool
CSRF FAQ at CGI Security
Array constructor overriding and setter overriding
A solution: SameRefererOnly
Protecting a JSON or JavaScript Service

Blogs:

Responses[22]

Posted by Joe Walker on 29 October 2007 11:00:51 GMT #

Re: Web Application Security

Comment from Marc on 29 October 2007 20:48:39 GMT #

Thank you Joe for your presentation - I am glad I didn't open up my website to HTML comments before understanding the security risks. I now know to whitelist instead of blacklist user input, thank you!

I also exposed the company I work for to DWR and at first pass they seem very intrigued. I am hoping it opens up the corporate door to Ajax.

Re: Web Application Security

Comment from Simon Gow on 30 October 2007 16:07:54 GMT #

I understand most of these concepts and have been building what I thought was the most secure login script I could. Thanks for opening up a few new things I hadn't thought about just yet :)

Re: Web Application Security

Comment from Andre on 30 October 2007 13:25:49 GMT #

Is there a video available for this presentation?

Re: Web Application Security

Comment from Anonymous on 30 October 2007 14:36:08 GMT #

Thanks for your good work. Getahead = quality, if that was not already obvious.

Re: Web Application Security

Comment from vmmello on 03 December 2007 16:14:59 GMT #

the best web security presentation I've seen.

Re: Web Application Security

Comment from Developer4lease on 06 November 2008 06:07:51 GMT #

Thank you for sharing useful information.Do exposed stack traces in a live web application present potential security flaws? Can anyone share their opinion in it. http://www.developer4lease.com/

Re: Web Application Security

Comment from Hannery on 02 August 2009 20:40:43 BST #

the best web security presentation I've seen, i was looking some cheap deals on business email hosting services but i got here and i see really interesting work on your page.

Re: Web Application Security

Comment from Chicago movers on 05 August 2010 14:15:00 BST #

Great presentation I had never seen.Thanks for such a great work.

Re: Web Application Security

Comment from leo on 05 August 2010 15:32:36 BST #

Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! FLTT

Re: Web Application Security

Comment from joey on 05 August 2010 15:34:33 BST #

We are a group of volunteers and starting a new initiative in a community. Your blog provided us valuable information to work on. You have done a marvellous job! Restaurant management

Re: Web Application Security

Comment from david on 05 August 2010 15:36:05 BST #

It helped me with ocean of knowledge so I really believe you will do much better in the future I appreciate everything you have added to my knowledge base .Admiring the time and effort you put into your blog and detailed information you offer! gift ideas

Re: Web Application Security

Comment from dachshund puppy training on 10 August 2010 09:40:17 BST #

It's one of the great web security presentation.

Re: Web Application Security

Comment from leo on 12 August 2010 19:17:10 BST #

I just read through the entire article of yours.I feel strongly about it and love learning more on this topic.Thanks for the share. WoW Accounts

Re: Web Application Security

Comment from ales on 12 August 2010 19:22:04 BST #

I have got some important tips in this post for my projects in college. Thanks for this post I would love to visit your blog regularly. home security systems

Re: Web Application Security

Comment from alex on 13 August 2010 19:29:46 BST #

Valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Joe Rocket Leathers

BayArch

Comment from BayArch on 16 August 2010 09:24:24 BST #

Thank you. Hope there will be more subject to be released in the team. They should work hard to catch it. architectural design services, interior design firms

Re: Web Application Security

Comment from randy on 19 August 2010 15:38:19 BST #

I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post.. business card printing

Re: Web Application Security

Comment from BayArch on 22 August 2010 15:51:47 BST #

Thanks for the posting. I wait for almost 2 weeks to hear the good news. floor plan drafting, rendering services

Re: DWR version 3.0 Release Candidate 1

Comment from supplynflshop on 24 August 2010 10:22:23 BST #

look our shop we sell cheap nfl jerseys

Re: Web Application Security

Comment from Anonymous on 25 August 2010 07:04:32 BST #

thank you for your informations , i like the website very much muscle building chest exercises

Re: Web Application Security

Comment from rabby on 25 August 2010 14:26:05 BST #

I found your website perfect for my needs. It contains wonderful and helpful posts. I have read most of them and got a lot from them. To me, you are doing the great work. Carry on this. work at home In the end, I would like to thank you for making such a nice website. Registry Fix

Re: Web Application Security

Comment from raby on 26 August 2010 11:38:58 BST #

I like this concept. I visited your blog for the first time and just been your fan. Keep posting as I am gonna come to read it everyday!! SEO

Add a comment Send a TrackBack

2010 September (0) August (0) July (0) June (0) May (0) April (0) March (0) February (1) January (0)	2009 December (0) November (0) October (0) September (0) August (1) July (0) June (0) May (1) April (1) March (0) February (3) January (0)
2008 December (2) November (1) October (0) September (0) August (0) July (2) June (0) May (2) April (1) March (5) February (2) January (1)	2007 December (4) November (3) October (2) September (0) August (3) July (2) June (1) May (2) April (8) March (11) February (4) January (7)
2006 December (4) November (2) October (4) September (3) August (7) July (3) June (3) May (10) April (3) March (4) February (5) January (3)	2005 December (1) November (7) October (8) September (10) August (5) July (7) June (11) May (6) April (2)

Re: Web Application Security Comment from Anonymous on 03 September 2010 04:07:42 BST #
Title
Body	HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

Username
Password
Remember me