The Dark Side of Ajax
Track: Development
Tags Intermediate, Development
Presented by Jacob West (Fortify Software). We will look at popular Ajax programming frameworks and how they can make or break the security of an application.
Comments
I only caught the last 15 minutes of this presentation after leaving the Facebook one, but what I did hear was pretty informative and provided me with several links to learn more about JavaScript Hijacking. Jacob was a good speaker too. Wish I'd seen the whole thing :(
Jacob is a good speaker, and the topic was well delivered. Even if people are aware of these issues, they need to be reminded. Good analysis, Jacob - thanks.
This was informative for me. Security is always a big topic when it comes to Ajax and this really highlighted some things to be watchful of.
excellent session, covered the topic very well in the allocated time, great analysis and pointers
thanks.
I'm not a javascript developer so take this with a pinch of salt. I think the problem Jacob discussed is a big issue. But it looked as if some of the issues he brought up (which he asked API vendors to fix) were issues where the victim was social engineered into going to a unsafe site. These issues will never go away no matter how much work these vendors do to fix the libraries.
:) But that being said, the talk was very very informative, and helped me form an opinion on what libraries I should be paying more attention to.