Web Security Mistakes
Giving the Client Your Trust
http://grutztopia.jingojango.net
SyScan - May 29, 2008
1
Giving The Client Your Trust -- Don't.
Agenda
Who Am I Three Examples of Awesome Badness Rich Internet Apps (RIA) are not immune Internal Apps need review, too Q&A
http://grutztopia.jingojango.net
SyScan - May 29, 2008
2
Giving The Client Your Trust -- Don't.
Who Am I
http://grutztopia.jingojango.net
SyScan - May 29, 2008
3
Giving The Client Your Trust -- Don't.
Who Am I
Professional Corporate Penetration Tester (with a CISSP for business purposes) for nearly a decade Managed internal PT team for Federal Reserve Bank, now working at Pacic Gas & Electric Community contributor to Metasploit Developer of NTLM attack toolkit (coming soon)
http://grutztopia.jingojango.net
SyScan - May 29, 2008
3
Giving The Client Your Trust -- Don't.
What is Client-Side Security
Specically, what do I mean by it
Using client-side technology such as JavaScript, Java, Flash, etc to validate data before it is transmitted to the server. Not a new threat but one I regularly see "forgotten" about when performing penetration tests. "Hiding" data and performing functions within the client that should logically be performed on the server as well. Not the W3 Client-Side Security document by Lincoln Stein (http:// www.w3.org/Security/Faq/wwwsf2.html) Still a good history on what we used to fear before the days of XSS - ActiveX, Java, IE 4.01, etc. Not talking about DOM security, same-origin policy, VM sandboxes, etc. Only concerned with values the end user can modify.
http://grutztopia.jingojango.net
SyScan - May 29, 2008
4
Giving The Client Your Trust -- Don't.
http://grutztopia.jingojango.net
SyScan - May 29, 2008
5
Giving The Client Your Trust -- Don't.
http://grutztopia.jingojango.net
- javascriptforeach > http://grutztopiajingojangonet
-
http://grutztopiajingojangonet
下载该文档 文档格式:PDF 更新时间:2009-07-01 下载次数:0 点击次数:1文档基本属性 文档语言: Simplified Chinese 文档格式: pdf 文档作者: jwch 关键词: 主题: 备注: 点击这里显示更多文档属性 经理: 单位: thtfpc 分类: 创建时间: 上次保存者: 修订次数: 编辑时间: 文档创建者: 修订: 加密标识: 幻灯片: 段落数: 字节数: 备注: 演示格式: 上次保存时间:
- 下载地址 (推荐使用迅雷下载地址,速度快,支持断点续传)
- PDF格式下载
- 更多文档...
-
上一篇:生物技术行业简报
下一篇:javascript开发工具:JavaScript库
点击查看更多关于javascriptforeach的相关文档
- 您可能感兴趣的
- foreach phpforeach javaforeach jsforeach smartyforeach mybatisforeach perlforeach jqueryforeach boostforeach jstlforeach
- 大家在找
-
- · ciscovpn
- · 2012款三菱欧蓝德
- · 鞍山师范学院新合
- · 复变函数王忠仁
- · 沙尘之锁合成
- · 中国同学录相册
- · 大功率可调稳压电源
- · 高级驾驶员试题
- · autocad2012安装失败
- · excel2007表格教程
- · 扫雷游戏怎么玩
- · 冲压与塑料成型设备试卷
- · docstogo下载
- · 丹阳市的镇
- · 学法网题库
- · 食品安全法考试题
- · 冷却油泵工作原理
- · 自考经济法概论
- · 苏宁易购怎么样
- · 步步高学习机h3下载
- · s45c热处理硬度多少好
- · 青岛木工精密锯
- · 笑袪袚袗袇袦校褝袉芯孝屑
- · 过电压保护器工作原理
- · cad乱码怎么办
- · 三星gts5830手机qq
- · 帅哥的小鸡的照片
- · 不抱怨的世界pdf
- · 电工基础课件周绍敏
- · 2011式保安员服装
- 赞助商链接