, 89
C++ (programming language):
and ActiveX controls, 199
and buffer overflows, 17
buffer overflows in, 208
Cross Site Flashing (see under XSF)
Cross-domain actions:
and cross-domain attacks, 72??“81
in Flash, 224
iFrames, 72??“73, 82
images, 73
JavaScript sourcing, 73??“74
links, 72??“73
need for, 72??“81
object loading, 73
problem with, 74??“76
uses for, 72??“81
Cross-domain attacks, 72??“86
case study, 135??“142
and cross-domain actions, 72??“81
CSRF attacks, 77??“81
and JavaScript, 84??“85
protection against, 86
safe methods against, 81??“86
security boundaries, 138??“142
stock pumping, 135??“138
Cross-domain Flash applications, 73
Cross-domain protection (IE), 245
Cross-domain script tags, 73??“74
Cross-domain sourcing, 84??“85
crossDomainSessionSecurity, 181
Cross-site request forgery (CSRF), 77??“81
configuring, 78
in e-mail, 25??“26
and HTTP GET, 80??“81
parameters in, 78??“79
reflected, 78??“80
risk of, 77
in SAMY worm, 56
stored, 80
and Viewstate, 130
vulnerability for, 78
in Web 2.0, 83
Cross-Site Scripting (XSS), 22??“54, 126??“127
and ActiveX, 202
in AJAX, 50
and ASP.Net, 123??“128
automated testing for, 50??“52
in automatically generated SWFs, 236
with clickTAG, 231
in controller SWFs, 236
and cookies, stealing, 44
cookies vs.
Pages:
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434