Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Web Security Horror Stories: The Director's Cut. Slides from the talk on web application security I gave this morning at <head>, the worldwide online conference. I just about managed to resist the temptation to present in my boxers. Topics include XSS, CSRF, Login CSRF and Clickjacking.

Posted 26th October 2008 at 12:15 pm

Tagged , , , ,

1 comment

  1. I forgot to ask in the Q&A...

    Services like tinyurl.com should implement some sort of filter (just like the one you mentioned from IE8, checking querystring against page content) to avoid reflected attacks, no?

    (I didn't catch the first slides, so maybe you mentioned that. if so, sorry)

    André Luís - 27th October 2008 13:14 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site