SlideShare uma empresa Scribd logo

(In)Secure Ajax-Y Websites With PHP

C
chw
Tecnologia
1 de 27
(IN)SECURE AJAX-Y WEBSITES WITH PHP Christian Wenz
Some Statistics ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // The Problem ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // "Hall of Shame" ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // Explanations ,[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // Traditional Model Jun 5, 2009 | | Server Client
Why? // Ajax Model Jun 5, 2009 | | Server Client
XSS // Problem ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
XSS // New Dangers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
XSS // More Dangers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
CSRF // Problem ,[object Object],[object Object],Victim (client) Attacker (web site) Other web site (1) Requests page (2) Sends JavaScript (3) Requests page Jun 5, 2009 | |
CSRF // Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
SQL Injection // Problem ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
SQL Injection // Bad Ideas ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
SQL Injection // Fancy attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Ajax // JavaScript attacks ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Ajax // Countermeasures ,[object Object],[object Object],Jun 5, 2009 | |
Ajax // Further Concerns ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
XML // XML attacks ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Regular Expressions // RegEx attacks ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
Automation // Trackbacks ,[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Automation // Comments ,[object Object],[object Object],Jun 5, 2009 | |
Automation // CAPTCHAs ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
CAPTCHAs // Countermeasures ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
Because! // Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Christian's Conference Guide ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Thank You! ,[object Object],[object Object],[object Object],Jun 5, 2009 | |

Recomendados

Making ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptMaking ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptChristian Heilmann
 
Old and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteOld and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteChristian Heilmann
 
Making ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreMaking ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreChristian Heilmann
 
Fixing web and JS gaps
Fixing web and JS gapsFixing web and JS gaps
Fixing web and JS gapsChristian Heilmann
 
Front-end Performance 101
Front-end Performance 101Front-end Performance 101
Front-end Performance 101Sean O'Mahoney
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinIMMUNIO
 
Flask
FlaskFlask
FlaskGlen Zangirolami
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesIMMUNIO
 

Recomendados

Making ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptMaking ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptChristian Heilmann
 
Old and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteOld and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteChristian Heilmann
 
Making ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreMaking ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreChristian Heilmann
 
Fixing web and JS gaps
Fixing web and JS gapsFixing web and JS gaps
Fixing web and JS gapsChristian Heilmann
 
Front-end Performance 101
Front-end Performance 101Front-end Performance 101
Front-end Performance 101Sean O'Mahoney
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinIMMUNIO
 
Flask
FlaskFlask
FlaskGlen Zangirolami
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesIMMUNIO
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016IMMUNIO
 
Why I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailWhy I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailAlan Manifold
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisMagno Logan
 
“Automation in development processes: why, when and how
“Automation in development processes: why, when and how“Automation in development processes: why, when and how
“Automation in development processes: why, when and howGoMidjets GoMidjets
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cvenullowaspmumbai
 
Moore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatMoore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatChristian Heilmann
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0Michael Gough
 
jQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCjQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCTroy Miles
 
Hour 4
Hour 4Hour 4
Hour 4dpd
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaOverboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaChristian Heilmann
 
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Christian Heilmann
 
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015CODE BLUE
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Christian Heilmann
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09shlominar
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Suggestions for Building Websites
Suggestions for Building WebsitesSuggestions for Building Websites
Suggestions for Building WebsitesYenwen Feng
 
Asp.net exception reporter
Asp.net exception reporterAsp.net exception reporter
Asp.net exception reporterOrbit One - We create coherence
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 

Mais conteúdo relacionado

Mais procurados

State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016IMMUNIO
 
Why I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailWhy I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailAlan Manifold
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisMagno Logan
 
“Automation in development processes: why, when and how
“Automation in development processes: why, when and how“Automation in development processes: why, when and how
“Automation in development processes: why, when and howGoMidjets GoMidjets
 
Moore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatMoore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatChristian Heilmann
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0Michael Gough
 
jQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCjQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCTroy Miles
 
Hour 4
Hour 4Hour 4
Hour 4dpd
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaOverboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaChristian Heilmann
 
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Christian Heilmann
 

Mais procurados (12)

State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
 
Why I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailWhy I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to Fail
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for Beginners
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck Willis
 
“Automation in development processes: why, when and how
“Automation in development processes: why, when and how“Automation in development processes: why, when and how
“Automation in development processes: why, when and how
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Moore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatMoore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix that
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0
 
jQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCjQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVC
 
Hour 4
Hour 4Hour 4
Hour 4
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaOverboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasia
 
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
 

Semelhante a (In)Secure Ajax-Y Websites With PHP

Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015CODE BLUE
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Christian Heilmann
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09shlominar
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Suggestions for Building Websites
Suggestions for Building WebsitesSuggestions for Building Websites
Suggestions for Building WebsitesYenwen Feng
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Inception: A reverse-engineer horror History
Inception: A reverse-engineer horror HistoryInception: A reverse-engineer horror History
Inception: A reverse-engineer horror HistoryNelson Brito
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScriptd0nn9n
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityJason Leveille
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 

Semelhante a (In)Secure Ajax-Y Websites With PHP (20)

Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
 
Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Suggestions for Building Websites
Suggestions for Building WebsitesSuggestions for Building Websites
Suggestions for Building Websites
 
Asp.net exception reporter
Asp.net exception reporterAsp.net exception reporter
Asp.net exception reporter
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Inception: A reverse-engineer horror History
Inception: A reverse-engineer horror HistoryInception: A reverse-engineer horror History
Inception: A reverse-engineer horror History
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScript
 
Web security
Web securityWeb security
Web security
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability Testing
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript Developers
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

(In)Secure Ajax-Y Websites With PHP

  • 1. (IN)SECURE AJAX-Y WEBSITES WITH PHP Christian Wenz
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Why? // Traditional Model Jun 5, 2009 | | Server Client
  • 7. Why? // Ajax Model Jun 5, 2009 | | Server Client
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.