PARTS:
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
WHAT'S HOT
Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
A classic
banner ad may look something like this:
Other types of content, such as Adobe Flash objects, can be sourced across domains:
JavaScript Sourcing
Executable script served from a domain separate from that of the web page is allowed to
be included in a web page. Like the requests in the preceding examples, script tags that
74 Hacking Exposed Web 2.0
point at other domains automatically send whatever cookies the user has for the target
domain. Cross-domain script sourcing has replaced iFrames and banner images as the
basic technology underlying the Internet??™s major advertising systems. A script tag
sourcing an advertisement from another domain may look like this:
So What??™s the Problem?
We??™ve discussed the many important ways in which legitimate web applications utilize
cross-domain communication methods, so you may be wondering how this relates to the
insecurity of modern web applications.
Pages:
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
banner ad may look something like this:
Other types of content, such as Adobe Flash objects, can be sourced across domains:
JavaScript Sourcing
Executable script served from a domain separate from that of the web page is allowed to
be included in a web page. Like the requests in the preceding examples, script tags that
74 Hacking Exposed Web 2.0
point at other domains automatically send whatever cookies the user has for the target
domain. Cross-domain script sourcing has replaced iFrames and banner images as the
basic technology underlying the Internet??™s major advertising systems. A script tag
sourcing an advertisement from another domain may look like this:
So What??™s the Problem?
We??™ve discussed the many important ways in which legitimate web applications utilize
cross-domain communication methods, so you may be wondering how this relates to the
insecurity of modern web applications.
Pages:
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163