Web2.0 Expo Session: Web 2.0 Vulnerabilities
Just got out of Alex's session on Web 2.0 vulnerabilities . He talked a lot about the XSS vulernabilities introduced by evil uses of AJAX, but also mentioned a new vulnerability that not many people (of the couple hundred) in the room had heard of: CSRF, also known as XSRF.
The Web2.0 Expo presentor's slides will be posted as they become available, but in the meantime, you can check out Jesse Burns' paper on CSRF for more info.
Alex did a good job of making the use of AJAX sound spooky. Guess he gets to keep his "Security Guy" membership card.
The official blogosphere tags for the expo are as follows (for ease of perusing other conent): WEB2EXPO07 or WEB2EXPO
The Web2.0 Expo presentor's slides will be posted as they become available, but in the meantime, you can check out Jesse Burns' paper on CSRF for more info.
Alex did a good job of making the use of AJAX sound spooky. Guess he gets to keep his "Security Guy" membership card.
The official blogosphere tags for the expo are as follows (for ease of perusing other conent): WEB2EXPO07 or WEB2EXPO
Posted by 192.18.43.225 on April 16, 2007 at 05:05 PM MDT #
Posted by skrocki on April 17, 2007 at 08:45 AM MDT #