Just got out of Alex’s session on Web 2.0 vulnerabilities . He talked a lot about the XSS vulernabilities introduced by evil uses of AJAX, but also mentioned a new vulnerability that not many people (of the couple hundred) in the room had heard of: CSRF, also known as XSRF.
Alex did a good job of making the use of AJAX sound spooky. Guess he gets to keep his “Security Guy” membership card. 😉
The official blogosphere tags for the expo are as follows (for ease of perusing other conent): WEB2EXPO07 or WEB2EXPO