[Security] OWASP Top 10 for JavaScript - A2: Cross Site Scripting - XSS
In this post I'll describe how OWASP Top 10: A2-Cross Site Scripting applies to javascript based applications. Cross site Scripting - or XSS - is probably one of the most common and one of the most...
View Article[Security] OWASP Top 10 for JavaScript - A3: Broken Authentication and...
In this post I'll describe how OWASP Top 10: A3 - Broken Authentication and Session Management applies to javascript based applications. Problems around broken authentication and session management can...
View Article[Security] OWASP Top 10 for JavaScript - A4: Insecure Direct Object References
How do A4 - Insecure Direct Object References apply to Javascript? Well, it all depends on how the system was formed, but this is very likely to become a problem in pure JavaScript apps. Read on for an...
View Article[Security] OWASP Top 10 for JavaScript - A5: Cross Site Request Forgery (CSRF)
The vulnerability known as A5 - Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It's a blind attack in the sense that the attacker is not directly...
View Article[Security] OWASP Top 10 for JavaScript - A6: Security Misconfiguration
This post describes how OWASP Top 10 - A6: Security Miconfiguration affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...
View Article[Security] OWASP Top 10 for JavaScript - A7: Insecure Cryptographic Storage
This post describes how OWASP Top 10 - A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the...
View Article[Security] RESTful Security
RESTful security from JavaZone on Vimeo.My talk from JavaZone 2012 on RESTful security has now been published as a video on Vimeo. To test the slides and demo yourself, you should run the test server...
View Article[Security] OWASP Top 10 for JavaScript - A9: Insufficient Transport Layer...
The 9th item on the OWASP Top 10 is A9 - Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.This is the risk rating from OWASP: Threat Agents Attack...
View Article
More Pages to Explore .....