WHAT'S HOT
PARTS:
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 432 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

, 155
Same Origin Policy (same domain policy), 22??“26, 72
broken, 25??“26
and browser plug-ins, 52
and cookie security model, 28
and e-mail attacks, 25??“26
exceptions to, 23??“25
and HTML injection attacks, 24
and iFrames, 73
and JavaScript, 24
and SAMY worm, 56
Samy, 55
SAMY worm, 55??“67, 107??“110
and AJAX, 103
attack code for, 56??“66
code snippets of, 56??“61
and CSRF, 56
functions of, 61??“66
and IE, 50
injection of, 55??“57
original worm, 66??“67
and Same Origin Policy, 56
supporting variables and functions of, 61??“66
variables of, 61??“66
San Security Wire, 231
Sasser (worm), 103
Script (see specific types, e.g.: JavaScript)
script (JavaScript), 84??“85, 97
Script tags, 37
cross-domain, 73??“74
XSS using, 101
SDK (Software Development Kit), 114
secure (cookie), 26
Secure flag, 173
Secure Sockets Layer (SSL), 140
and ActiveX, 202
and cookies, 28
logos, 140??“141
SecureCookies tool, 174??“176
SecureIE.ActiveX, 221??“222
Security control:
browser plug-ins for, 52
cookies as, 26??“27
Security policy stored attacks, 226??“227
Security zones (IE), 245
SecurityQA Toolbar, 18
for ActiveX controls, 213??“214
for character transformations, 99??“101
for injection attacks, 18??“19, 50??“52
testing AJAX with, 106??“107
SELECT (SQL), 5??“6
SensitiveMethod, 182
Serialization security:
Dojo Toolkit for, 187
jQuery for, 187??“188
Server frameworks, 178
Servers, unavailable, 117??“118
servlet, 180
Session authentication, 79
Session identification, 166
Session Riding, 76 (See also Cross-site request
forgery)
Session timeout, 76
SFI (see Safe for initialization)
SFS (see Safe for shopping)
Shell code, 17
Shmoocon, 90
Shopping carts, e-commerce, 159
Simple Object Access Protocol (SOAP):
and AJAX, 151??“152
on-the-fly generation in, 146??“147
upstream traffic, 151??“152
SiteLock, 202??“203
Site-specific items, 174
Slammer (worm), 103
SOAP (see Simple Object Access Protocol)
Social engineering, 45
Social networking sites, 50, 104
Socket (Flash), 30, 43, 224, 240
Software Development Kit (SDK), 114
SPI Dynamics, 97
Spyware, 243
SQL (Structured Query Language), 5??“6
and ASP.


Pages:
420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437
After the Rain : how the West lost the East (page 148) A History of Indian Philosophy, Volume 1 (page 271) The Adventures of Tom Sawyer, Part 3. (page 23)
news news news news news