Items tagged javascript, security in 2011
Filters: Year: 2011 × javascript × security × Sorted by date
The code injected to steal passwords in Tunisia. Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP. # 24th January 2011, 6:45 pm
Why would someone browse the web with JavaScript disabled?
Security conscious users (who understand the implications of XSS and CSRF attacks) sometimes disable JavaScript completely, or use a tool like the NoScript extension to disable it for all sites and only re-enable it on a small whitelist of sites that they trust.
[... 67 words]What are the JSON security concerns in web development?
Be very careful when implementing JSON-P for authenticated actions—evil third party sites could assemble URLs to your user’s private data and steal it. This attack has worked against Gmail in the past.
[... 203 words]