Web2.0 Expo Session: Web 2.0 Vulnerabilities

Just got out of Alex’s session on Web 2.0 vulnerabilities . He talked a lot about the XSS vulernabilities introduced by evil uses of AJAX, but also mentioned a new vulnerability that not many people (of the couple hundred) in the room had heard of: CSRF, also known as XSRF.

The Web2.0 Expo presentor’s slides will be posted as they become available, but in the meantime, you can check out Jesse Burns’ paper on CSRF for more info.

Alex did a good job of making the use of AJAX sound spooky. Guess he gets to keep his “Security Guy” membership card. 😉

The official blogosphere tags for the expo are as follows (for ease of perusing other conent): WEB2EXPO07 or WEB2EXPO

  1. #1 by Anonymous on April 16, 2007 - 4:05 pm

    Linda, FYI the link to the CSRF paper seems to be broken…

  2. #2 by skrocki on April 17, 2007 - 7:45 am

    Thanks! It’s fixed now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: