The HP Security laboratory
August 2007 - Posts
Ajax Security Acceptance
30 August 07 12:45 PM
|
Billy
|
3 Comments
Its time again for AjaxWorld , the largest Ajax conference in the US. Bryan and I are thrilled. AjaxWorld offered us back -to- back sessions so we can do a 90+ minute workshop on how to break into Ajax applications. We will not only hit the major themes
Read More...
The real reason for (JavaScript|JSON) Hijacking
27 August 07 01:59 PM
|
Billy
|
1 Comments
When JSON hijacking was first discussed and demonstrated in 2006 and 2007 by Whitehat, Fortify and others, all of the proof of concepts used Mozilla specific JavaScript extensions like setter or __defineSetter__ . This led many people to believe that
Read More...
Search
Go
This Blog
Home
Email
Tags
Ajax
Ajax Security Book
AJAXWorld
ASP.NET
book
Bookmark
conferences
Firefox
hacked
IE
information disclosure
input validation
iPhone
JavaScript
Jikto
JSON
malware
Mozilla Rhino
Password Security
phishing
Privacy
product comparison
Safari
security
Shmoocon
testing methodology
webcast
worm
XSS
XSS Ajax
Navigation
Home
Blogs
Forums
Photos
Downloads
Archives
January 2008 (1)
December 2007 (2)
November 2007 (5)
October 2007 (1)
August 2007 (2)
July 2007 (2)
April 2007 (1)
March 2007 (1)
January 2007 (2)
December 2006 (1)
November 2006 (1)
October 2006 (2)
July 2006 (4)
June 2006 (5)
May 2006 (1)
April 2006 (2)
Syndication
RSS 2.0
Atom 1.0