Quantcast
Channel: Insomnia and the Hole in the Universe
Browsing latest articles
Browse All 10 View Live

[Security] OWASP Top 10 for JavaScript - A2: Cross Site Scripting - XSS

In this post I'll describe how OWASP Top 10: A2-Cross Site Scripting applies to javascript based applications. Cross site Scripting - or XSS - is probably one of the most common and one of the most...

View Article



[Security] OWASP Top 10 for JavaScript - A3: Broken Authentication and...

In this post I'll describe how OWASP Top 10: A3 - Broken Authentication and Session Management applies to javascript based applications. Problems around broken authentication and session management can...

View Article

Image may be NSFW.
Clik here to view.

[Security] OWASP Top 10 for JavaScript - A4: Insecure Direct Object References

How do A4 - Insecure Direct Object References apply to Javascript? Well, it all depends on how the system was formed, but this is very likely to become a problem in pure JavaScript apps. Read on for an...

View Article

[Security] OWASP Top 10 for JavaScript - A5: Cross Site Request Forgery (CSRF)

The vulnerability known as A5 - Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It's a blind attack in the sense that the attacker is not directly...

View Article

[Security] OWASP Top 10 for JavaScript - A6: Security Misconfiguration

This post describes how OWASP Top 10 - A6: Security Miconfiguration affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...

View Article


[Security] OWASP Top 10 for JavaScript - A7: Insecure Cryptographic Storage

This post describes how OWASP Top 10 - A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...

View Article

[Security] OWASP Top 10 for JavaScript - A8: Failure to Restrict URI Access

View Article

[Security] RESTful Security

RESTful security from JavaZone on Vimeo.My talk from JavaZone 2012 on RESTful security has now been published as a video on Vimeo. To test the slides and demo yourself, you should run the test server...

View Article


[Security] OWASP Top 10 for JavaScript - A9: Insufficient Transport Layer...

The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.This is the risk rating from OWASP: Threat Agents Attack...

View Article


[Security] OWASP Top 10 for JavaScript - A10: Unvalidated Redirects and Forwards

View Article
Browsing latest articles
Browse All 10 View Live




Latest Images