Web2.0 Expo Session: Web 2.0 Vulnerabilities

Just got out of Alex's session on Web 2.0 vulnerabilities . He talked a lot about the XSS vulernabilities introduced by evil uses of AJAX, but also mentioned a new vulnerability that not many people (of the couple hundred) in the room had heard of: CSRF, also known as XSRF.

The Web2.0 Expo presentor's slides will be posted as they become available, but in the meantime, you can check out Jesse Burns' paper on CSRF for more info.

Alex did a good job of making the use of AJAX sound spooky. Guess he gets to keep his "Security Guy" membership card. ;-)

The official blogosphere tags for the expo are as follows (for ease of perusing other conent): WEB2EXPO07 or WEB2EXPO
Comments:

Post a Comment:
Comments are closed for this entry.
About

Sr. Community Engineering Program Manager/Acting Director for Sun's external social networking sites (blogs, forums, wikis, etc.). Skrocki's personal blog, LinkedIn.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today