SlideShare uma empresa Scribd logo

(In)Secure Ajax-Y Websites With PHP

C
chw
Tecnologia
1 de 27
(IN)SECURE AJAX-Y WEBSITES WITH PHP Christian Wenz
Some Statistics ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // The Problem ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // "Hall of Shame" ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // Explanations ,[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Why? // Traditional Model Jun 5, 2009 | | Server Client
Why? // Ajax Model Jun 5, 2009 | | Server Client
XSS // Problem ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
XSS // New Dangers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
XSS // More Dangers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
CSRF // Problem ,[object Object],[object Object],Victim (client) Attacker (web site) Other web site (1) Requests page (2) Sends JavaScript (3) Requests page Jun 5, 2009 | |
CSRF // Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
SQL Injection // Problem ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
SQL Injection // Bad Ideas ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
SQL Injection // Fancy attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Ajax // JavaScript attacks ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Ajax // Countermeasures ,[object Object],[object Object],Jun 5, 2009 | |
Ajax // Further Concerns ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
XML // XML attacks ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Regular Expressions // RegEx attacks ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
Automation // Trackbacks ,[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Automation // Comments ,[object Object],[object Object],Jun 5, 2009 | |
Automation // CAPTCHAs ,[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
CAPTCHAs // Countermeasures ,[object Object],[object Object],[object Object],Jun 5, 2009 | |
Because! // Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Christian's Conference Guide ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jun 5, 2009 | |
Thank You! ,[object Object],[object Object],[object Object],Jun 5, 2009 | |

Recomendados

Making ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptMaking ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptChristian Heilmann
 
Old and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteOld and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteChristian Heilmann
 
Making ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreMaking ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreChristian Heilmann
 
Fixing web and JS gaps
Fixing web and JS gapsFixing web and JS gaps
Fixing web and JS gapsChristian Heilmann
 
Front-end Performance 101
Front-end Performance 101Front-end Performance 101
Front-end Performance 101Sean O'Mahoney
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinIMMUNIO
 
Flask
FlaskFlask
FlaskGlen Zangirolami
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesIMMUNIO
 

Recomendados

Making ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptMaking ES6 available to all with ChakraCore and Typescript
Making ES6 available to all with ChakraCore and TypescriptChristian Heilmann
 
Old and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteOld and new perils of open source - Great Wide Open keynote
Old and new perils of open source - Great Wide Open keynoteChristian Heilmann
 
Making ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreMaking ES6 available to all with ChakraCore
Making ES6 available to all with ChakraCoreChristian Heilmann
 
Fixing web and JS gaps
Fixing web and JS gapsFixing web and JS gaps
Fixing web and JS gapsChristian Heilmann
 
Front-end Performance 101
Front-end Performance 101Front-end Performance 101
Front-end Performance 101Sean O'Mahoney
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinIMMUNIO
 
Flask
FlaskFlask
FlaskGlen Zangirolami
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesIMMUNIO
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016IMMUNIO
 
Why I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailWhy I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailAlan Manifold
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisMagno Logan
 
“Automation in development processes: why, when and how
“Automation in development processes: why, when and how“Automation in development processes: why, when and how
“Automation in development processes: why, when and howGoMidjets GoMidjets
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cvenullowaspmumbai
 
Moore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatMoore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatChristian Heilmann
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0Michael Gough
 
jQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCjQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCTroy Miles
 
Hour 4
Hour 4Hour 4
Hour 4dpd
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaOverboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaChristian Heilmann
 
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Christian Heilmann
 
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015CODE BLUE
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Christian Heilmann
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09shlominar
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Suggestions for Building Websites
Suggestions for Building WebsitesSuggestions for Building Websites
Suggestions for Building WebsitesYenwen Feng
 
Asp.net exception reporter
Asp.net exception reporterAsp.net exception reporter
Asp.net exception reporterOrbit One - We create coherence
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 

Mais conteúdo relacionado

Mais procurados

State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016IMMUNIO
 
Why I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailWhy I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailAlan Manifold
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisMagno Logan
 
“Automation in development processes: why, when and how
“Automation in development processes: why, when and how“Automation in development processes: why, when and how
“Automation in development processes: why, when and howGoMidjets GoMidjets
 
Moore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatMoore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatChristian Heilmann
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0Michael Gough
 
jQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCjQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCTroy Miles
 
Hour 4
Hour 4Hour 4
Hour 4dpd
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaOverboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaChristian Heilmann
 
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Christian Heilmann
 

Mais procurados (12)

State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
 
Why I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to FailWhy I Hope ENCompass Continues to Fail
Why I Hope ENCompass Continues to Fail
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for Beginners
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck Willis
 
“Automation in development processes: why, when and how
“Automation in development processes: why, when and how“Automation in development processes: why, when and how
“Automation in development processes: why, when and how
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Moore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix thatMoore vs. May - everything is faster and better: we can fix that
Moore vs. May - everything is faster and better: we can fix that
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0
 
jQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVCjQuery Mobile, Backbone.js, and ASP.NET MVC
jQuery Mobile, Backbone.js, and ASP.NET MVC
 
Hour 4
Hour 4Hour 4
Hour 4
 
Overboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasiaOverboard.js - where are we going with with jsconfasia / devfestasia
Overboard.js - where are we going with with jsconfasia / devfestasia
 
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105 Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
Can we make es6 the baseline of the “modern web”? - BrazilJS 2105
 

Semelhante a (In)Secure Ajax-Y Websites With PHP

Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015CODE BLUE
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Christian Heilmann
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09shlominar
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Suggestions for Building Websites
Suggestions for Building WebsitesSuggestions for Building Websites
Suggestions for Building WebsitesYenwen Feng
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Inception: A reverse-engineer horror History
Inception: A reverse-engineer horror HistoryInception: A reverse-engineer horror History
Inception: A reverse-engineer horror HistoryNelson Brito
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScriptd0nn9n
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingAmit Shirolkar
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityJason Leveille
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 

Semelhante a (In)Secure Ajax-Y Websites With PHP (20)

Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
Defeating firefox by Muneaki Nishimunea - CODE BLUE 2015
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
 
Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010Understanding progressive enhancement - yuiconf2010
Understanding progressive enhancement - yuiconf2010
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Suggestions for Building Websites
Suggestions for Building WebsitesSuggestions for Building Websites
Suggestions for Building Websites
 
Asp.net exception reporter
Asp.net exception reporterAsp.net exception reporter
Asp.net exception reporter
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Inception: A reverse-engineer horror History
Inception: A reverse-engineer horror HistoryInception: A reverse-engineer horror History
Inception: A reverse-engineer horror History
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScript
 
Web security
Web securityWeb security
Web security
 
Be Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability TestingBe Storm - Automated Application/Software Vulnerability Testing
Be Storm - Automated Application/Software Vulnerability Testing
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript Developers
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

(In)Secure Ajax-Y Websites With PHP

  • 1. (IN)SECURE AJAX-Y WEBSITES WITH PHP Christian Wenz
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Why? // Traditional Model Jun 5, 2009 | | Server Client
  • 7. Why? // Ajax Model Jun 5, 2009 | | Server Client
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.