Browse by Tags - HP Application Security Center Community
United States-English
Home - Tab - Selected
» Blogs - Tab
» Forums - Tab

Browse by Tags


HP Application Security Center Community » All Tags » AJAX (RSS)

» Ajax Security Book is published with strong buzz and reviews

Our Ajax Security book from Addison Wesley has been published! By now I'm sure everyone is tried of me talking about the book and its merits, so let's see what some of experts in the web security space are saying about it: Andrew van der Stock The Executive Director of OWASP reviewed a draft...
Posted to The HP Security Laboratory (Weblog) by Billy on 12-20-2007

» Ajax Security more than Increased Attack Surface

I got an email from Christ1an the other day asking me what Ajax Security was all about. I was just going to send him the table of contents to the book, but I thought it might be educational to see how the components of Ajax security relate, and where they come from. In Jeremiah's fascinating Web...
Posted to The HP Security Laboratory (Weblog) by Billy on 11-07-2007

» Ajax Security Acceptance

Its time again for AjaxWorld , the largest Ajax conference in the US. Bryan and I are thrilled. AjaxWorld offered us back -to- back sessions so we can do a 90+ minute workshop on how to break into Ajax applications. We will not only hit the major themes like increased attack surface, code transparency...
Posted to The HP Security Laboratory (Weblog) by Billy on 08-30-2007

» The real reason for (JavaScript|JSON) Hijacking

When JSON hijacking was first discussed and demonstrated in 2006 and 2007 by Whitehat, Fortify and others, all of the proof of concepts used Mozilla specific JavaScript extensions like setter or __defineSetter__ . This led many people to believe that these vulnerabilities only existed in Mozilla-derived...
Posted to The HP Security Laboratory (Weblog) by Billy on 08-27-2007

» Speaking at Shmoo

I’m really excited to be speaking at Shmoocon again and especially excited about my presentation this Saturday at 1pm. Javascript Malware for a Gray Goo Tomorrow focuses on the increased scope of damage caused by Cross-Site Scripting (XSS) vulnerabilities in the last year. The Web 2.0 revolution...
Posted to The HP Security Laboratory (Weblog) by Billy on 03-22-2007

» What is Web 2.0?

Web 2.0 may be the most ill defined technology term to date. Everyone uses the term but I have yet to hear a decent definition of it. O'Reilly Media is credited with coining the phrase and Tim O'Reilly defines Web 2.0 as: " Web 2.0 is the business revolution in the computer industry caused...
Posted to Michael Sutton's Blog (Weblog) by erik.peterson on 02-15-2007

» Re: Ajax Testing Question

EW, One of our engineers, Bryan Sullivan, recently wrote an article about teaching your QA department about how to test Ajax applications properly for security defects. It's a good read: http://www.devcity.net/Articles/273/1/article.aspx Enjoy! Billy Hoffman -- Lead Researcher, SPI Labs SPI Dynamics...
Posted to What's on your mind? (Forum) by Billy on 11-13-2006

» Re: Determining if a browser or a script is calling your Ajax functions

Mark, Thats an interesting plan, but I see a few sticky points. While you don't explicitly say it, you need to make sure the browser only adds that header to requests that are not made by JavaScript. The reason Ajax requests look like regular requests is because the browser actually makes both of...
Posted to What's on your mind? (Forum) by Billy on 11-13-2006

» Ajax Testing Question

I have read and heard a lot of information about the new dangers related to Ajax enabled sites. I am really interested in methods being used by the "pros" to test ajax heavy sites. Request modifications must happen the same way as traditional web app testing ocurrs. Catch the request in a proxy...
Posted to What's on your mind? (Forum) by edw on 10-18-2006

» Ajax Webcast Questions

Please post any questions/comments/discussions you have with our Ajax (in)security webcast here and I'll do my best to answer them here. For those who haven't seen the WebCast yet, you can get there by going here: https://download.spidynamics.com/registration/AJAX_webcast.asp
Posted to The HP Security Laboratory (Weblog) by Billy on 10-13-2006
Page 1 of 1 (10 items)
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.