Enviar pesquisa
Carregar
Web App Security: XSS and CSRF
•
Transferir como KEY, PDF
•
1 gostou
•
6,549 visualizações
Dave Ross
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 23
Baixar agora
Recomendados
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
Tony Perez
Web hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
Tony Perez
WordCamp Miami 2016 SiteLock Presentation
WordCamp Miami 2016 SiteLock Presentation
SiteLock
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser security
Tony Perez
Understanding CSRF
Understanding CSRF
Potato
Content Management System Security
Content Management System Security
Samvel Gevorgyan
Esoteric xss payloads
Esoteric xss payloads
Riyaz Walikar
Recomendados
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
Tony Perez
Web hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
Tony Perez
WordCamp Miami 2016 SiteLock Presentation
WordCamp Miami 2016 SiteLock Presentation
SiteLock
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser security
Tony Perez
Understanding CSRF
Understanding CSRF
Potato
Content Management System Security
Content Management System Security
Samvel Gevorgyan
Esoteric xss payloads
Esoteric xss payloads
Riyaz Walikar
Bug Bounty - Hackers Job
Bug Bounty - Hackers Job
Arbin Godar
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Surya Subhash
Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012
Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012
Nir Goldshlager
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Samvel Gevorgyan
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Capgemini
The most Common Website Security Threats
The most Common Website Security Threats
HTS Hosting
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
Casey Ellis
1
1
lowieBertrand
Attacking Web Proxies
Attacking Web Proxies
InMobi Technology
Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016
bugcrowd
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?
Yassine Aboukir
Xss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEA
Thuy_Dang
Cross site request forgery(csrf)
Cross site request forgery(csrf)
Ai Sha
Xss (cross site scripting)
Xss (cross site scripting)
vinayh.vaghamshi _
HoneySpam 2.0 Profiling Web Spambot Behaviour
HoneySpam 2.0 Profiling Web Spambot Behaviour
Pedram Hayati
Cross Site Scripting
Cross Site Scripting
Ali Mattash
Steps to Keep Your Site Clean
Steps to Keep Your Site Clean
Sucuri
Security testing for web developers
Security testing for web developers
matthewhughes
WordPress Security Begins With Good Posture
WordPress Security Begins With Good Posture
Tony Perez
Advanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRF
johnwilander
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
Suvash Shah
Mais conteúdo relacionado
Mais procurados
Bug Bounty - Hackers Job
Bug Bounty - Hackers Job
Arbin Godar
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Surya Subhash
Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012
Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012
Nir Goldshlager
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Samvel Gevorgyan
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Capgemini
The most Common Website Security Threats
The most Common Website Security Threats
HTS Hosting
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
Casey Ellis
1
1
lowieBertrand
Attacking Web Proxies
Attacking Web Proxies
InMobi Technology
Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016
bugcrowd
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?
Yassine Aboukir
Xss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEA
Thuy_Dang
Cross site request forgery(csrf)
Cross site request forgery(csrf)
Ai Sha
Xss (cross site scripting)
Xss (cross site scripting)
vinayh.vaghamshi _
HoneySpam 2.0 Profiling Web Spambot Behaviour
HoneySpam 2.0 Profiling Web Spambot Behaviour
Pedram Hayati
Cross Site Scripting
Cross Site Scripting
Ali Mattash
Steps to Keep Your Site Clean
Steps to Keep Your Site Clean
Sucuri
Security testing for web developers
Security testing for web developers
matthewhughes
WordPress Security Begins With Good Posture
WordPress Security Begins With Good Posture
Tony Perez
Mais procurados
(20)
Bug Bounty - Hackers Job
Bug Bounty - Hackers Job
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012
Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
The most Common Website Security Threats
The most Common Website Security Threats
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
1
1
Attacking Web Proxies
Attacking Web Proxies
Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?
Xss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEA
Cross site request forgery(csrf)
Cross site request forgery(csrf)
Xss (cross site scripting)
Xss (cross site scripting)
HoneySpam 2.0 Profiling Web Spambot Behaviour
HoneySpam 2.0 Profiling Web Spambot Behaviour
Cross Site Scripting
Cross Site Scripting
Steps to Keep Your Site Clean
Steps to Keep Your Site Clean
Security testing for web developers
Security testing for web developers
WordPress Security Begins With Good Posture
WordPress Security Begins With Good Posture
Destaque
Advanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRF
johnwilander
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
Suvash Shah
Oh no, was that CSRF #Ouch
Oh no, was that CSRF #Ouch
Abhinav Sejpal
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossman
guestdb261a
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Nilesh Sapariya
CSRF
CSRF
Dilan Warnakulasooriya
Protect you site from CSRF
Protect you site from CSRF
Acquia
Stateless Anti-Csrf
Stateless Anti-Csrf
johnwilander
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
Drupal Security for Coders and Themers - XSS and CSRF
Drupal Security for Coders and Themers - XSS and CSRF
knaddison
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Mark Stanton
Csrf final
Csrf final
•sreejith •sree
CSRF Basics
CSRF Basics
n|u - The Open Security Community
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
Paul Mooney
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
Browser Security 101
Browser Security 101
Stormpath
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
Destaque
(19)
Advanced CSRF and Stateless Anti-CSRF
Advanced CSRF and Stateless Anti-CSRF
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
Oh no, was that CSRF #Ouch
Oh no, was that CSRF #Ouch
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossman
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
CSRF
CSRF
Protect you site from CSRF
Protect you site from CSRF
Stateless Anti-Csrf
Stateless Anti-Csrf
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Drupal Security for Coders and Themers - XSS and CSRF
Drupal Security for Coders and Themers - XSS and CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Csrf final
Csrf final
CSRF Basics
CSRF Basics
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Browser Security 101
Browser Security 101
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Semelhante a Web App Security: XSS and CSRF
Evolution Of Web Security
Evolution Of Web Security
Chris Shiflett
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning Center
Michael Coates
Securing Your BBC Identity
Securing Your BBC Identity
Marc Littlemore
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
Michael Coates
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
A4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A J
bhardwajakshay
security.pptx
security.pptx
HusseinNassrullah
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
Brad Hill
Million Browser Botnet
Million Browser Botnet
Source Conference
Cross Site Request Forgery
Cross Site Request Forgery
Tony Bibbs
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
abhijitapatil
Owasp web application security trends
Owasp web application security trends
beched
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
OWASP Russia
RSA Conference 2010 San Francisco
RSA Conference 2010 San Francisco
Aditya K Sood
Web Security: A Primer for Developers
Web Security: A Primer for Developers
Mike North
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
Francois Marier
Securing your AngularJS Application
Securing your AngularJS Application
Philippe De Ryck
Web Security Overview and Demo
Web Security Overview and Demo
Tony Bibbs
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BSides Delhi
Semelhante a Web App Security: XSS and CSRF
(20)
Evolution Of Web Security
Evolution Of Web Security
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning Center
Securing Your BBC Identity
Securing Your BBC Identity
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
Intro to Web Application Security
Intro to Web Application Security
A4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A J
security.pptx
security.pptx
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
Million Browser Botnet
Million Browser Botnet
Cross Site Request Forgery
Cross Site Request Forgery
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp web application security trends
Owasp web application security trends
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
RSA Conference 2010 San Francisco
RSA Conference 2010 San Francisco
Web Security: A Primer for Developers
Web Security: A Primer for Developers
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
Securing your AngularJS Application
Securing your AngularJS Application
Web Security Overview and Demo
Web Security Overview and Demo
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security Playground
Mais de Dave Ross
Stylesheets of the future with Sass and Compass
Stylesheets of the future with Sass and Compass
Dave Ross
HTML5 History & Features
HTML5 History & Features
Dave Ross
A geek's guide to getting hired
A geek's guide to getting hired
Dave Ross
NoSQL & MongoDB
NoSQL & MongoDB
Dave Ross
Date and Time programming in PHP & Javascript
Date and Time programming in PHP & Javascript
Dave Ross
Simulated Eye Tracking with Attention Wizard
Simulated Eye Tracking with Attention Wizard
Dave Ross
What's new in HTML5?
What's new in HTML5?
Dave Ross
The Canvas Tag
The Canvas Tag
Dave Ross
Wordpress
Wordpress
Dave Ross
Lamp Stack Optimization
Lamp Stack Optimization
Dave Ross
The FPDF Library
The FPDF Library
Dave Ross
FirePHP
FirePHP
Dave Ross
Bayesian Inference using b8
Bayesian Inference using b8
Dave Ross
SQL Injection in PHP
SQL Injection in PHP
Dave Ross
The Mobile Web: A developer's perspective
The Mobile Web: A developer's perspective
Dave Ross
Balsamiq Mockups
Balsamiq Mockups
Dave Ross
LAMP Optimization
LAMP Optimization
Dave Ross
Lint - PHP & Javascript Code Checking
Lint - PHP & Javascript Code Checking
Dave Ross
Cufon - Javascript Font Replacement
Cufon - Javascript Font Replacement
Dave Ross
PHP Output Buffering
PHP Output Buffering
Dave Ross
Mais de Dave Ross
(20)
Stylesheets of the future with Sass and Compass
Stylesheets of the future with Sass and Compass
HTML5 History & Features
HTML5 History & Features
A geek's guide to getting hired
A geek's guide to getting hired
NoSQL & MongoDB
NoSQL & MongoDB
Date and Time programming in PHP & Javascript
Date and Time programming in PHP & Javascript
Simulated Eye Tracking with Attention Wizard
Simulated Eye Tracking with Attention Wizard
What's new in HTML5?
What's new in HTML5?
The Canvas Tag
The Canvas Tag
Wordpress
Wordpress
Lamp Stack Optimization
Lamp Stack Optimization
The FPDF Library
The FPDF Library
FirePHP
FirePHP
Bayesian Inference using b8
Bayesian Inference using b8
SQL Injection in PHP
SQL Injection in PHP
The Mobile Web: A developer's perspective
The Mobile Web: A developer's perspective
Balsamiq Mockups
Balsamiq Mockups
LAMP Optimization
LAMP Optimization
Lint - PHP & Javascript Code Checking
Lint - PHP & Javascript Code Checking
Cufon - Javascript Font Replacement
Cufon - Javascript Font Replacement
PHP Output Buffering
PHP Output Buffering
Último
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Último
(20)
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Web App Security: XSS and CSRF
1.
PREVENTING XSS &
CSRF Dave Ross • Suburban Chicago PHP & Web Development Meetup
2.
2½ years ago http://www.slideshare.net/csixty4/intro-to-php-security
3.
REALITY CHECK
4.
“More than half
of identity theft cases are inside jobs” Judith Collins, Associate Criminal Justice Professor @ Michigan State University “who recently completed a study of 1,037 such cases”
5.
THE WEB IS
STILL A NASTY PLACE
6.
BROWSER SECURITY IS
BETTER
7.
PHP IS BETTER
8.
REGISTER_GLOBALS IS DEPRECATED IN
5.3.0
9.
THREATS:
10.
XSS - CROSS
SITE SCRIPTING
11.
NON-PERSISTENT XSS
12.
PARAMETERS ECHOED BACK
TO THE USER
13.
<IMG SRC=”HTTP://SEARCH.AMAZON.COM?S=
<SCRIPT>ALERT(‘TEST’);</SCRIPT>” />
14.
PERSISTENT XSS
15.
INJECT <IFRAME> & <SCRIPT>
INTO CONTENT
16.
BLOG COMMENTS,
FORUM POSTS
17.
STRIP OUT TAGS
18.
I RECOMMEND REMOVING TAGS
ON DISPLAY, NOT SAVE
19.
CSRF - CROSS-SITE
REQUEST FORGERY
20.
<IMG SRC=”HTTP://TWITTER.COM/POST?TEXT=I’M A
BIG FAT DORK” />
21.
USE A NONCE.
22.
HTTP://HA.CKERS.ORG/XSS.HTML
23.
HTTP://WWW.CGISECURITY.COM/CSRF-FAQ.HTML
Baixar agora