Web Application Security
A few people asked for slides and links from the security talk from The Ajax Experience last week:
General Links:
- OWASP: Open Web App Security Project
- Security Resources from the OpenAjax Alliance Wiki
- Mozilla on Same-Origin Policy
XSS:
- Introductions from: Wikipedia and Apache
- Cheat Sheet: Long list of XSS vectors from RSnake
- Explanation of DOM Based XSS
- Explanation of Samy is my Hero worm
- Fairly old FAQ at CGI Security
- List of XSS holes in popular web applications
CSRF:
- Introduction from: Wikipedia and here
- Article by Chris Shiflett and CSRF Redirector test tool
- CSRF FAQ at CGI Security
- Array constructor overriding and setter overriding
- A solution: SameRefererOnly
- Protecting a JSON or JavaScript Service
Blogs:
Re: Web Application Security
Thank you Joe for your presentation - I am glad I didn't open up my website to HTML comments before understanding the security risks. I now know to whitelist instead of blacklist user input, thank you!
I also exposed the company I work for to DWR and at first pass they seem very intrigued. I am hoping it opens up the corporate door to Ajax.
Re: Web Application Security
the best web security presentation I've seen, i was looking some cheap deals on business email hosting services but i got here and i see really interesting work on your page.
Re: Web Application Security
We are a group of volunteers and starting a new initiative in a community. Your blog provided us valuable information to work on. You have done a marvellous job! Restaurant management
Re: Web Application Security
It helped me with ocean of knowledge so I really believe you will do much better in the future I appreciate everything you have added to my knowledge base .Admiring the time and effort you put into your blog and detailed information you offer! gift ideas
Re: Web Application Security
I just read through the entire article of yours.I feel strongly about it and love learning more on this topic.Thanks for the share. WoW Accounts
Re: Web Application Security
I have got some important tips in this post for my projects in college. Thanks for this post I would love to visit your blog regularly. home security systems
Re: Web Application Security
Valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Joe Rocket Leathers
BayArch
Thank you. Hope there will be more subject to be released in the team. They should work hard to catch it. architectural design services, interior design firms
Re: Web Application Security
I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post.. business card printing
Re: Web Application Security
Thanks for the posting. I wait for almost 2 weeks to hear the good news. floor plan drafting, rendering services
Re: Web Application Security
thank you for your informations , i like the website very much muscle building chest exercises
Re: Web Application Security
I found your website perfect for my needs. It contains wonderful and helpful posts. I have read most of them and got a lot from them. To me, you are doing the great work. Carry on this. work at home In the end, I would like to thank you for making such a nice website. Registry Fix
