Friday, May 11, 2007

CSI Article, something for everyone

Sarah Peters (editor for Computer Security Institute) published a great article entitled "AJAX and Hijacks - Web 2.0 is growing up. And we’re not ready". Sarah discusses the major issues within web application security in clear and concise way (very hard) - including JavaScript Hi-Jacking, AJAX (in)-security, CSRF, XSS, statistics, intranet hacking, and the ethical/legal debate surrounding vulnerability discovery and disclosure. The technical details are deep enough to understand the finer points without going overboard and losing the reader. Excellent stuff to send around to industry peers looking to get up to speed. Normally this is paid for content only available with a CSI membership, but I asked them to open it up to a wider audience. With their permission they allowed us to host the content for a free! Thanks CSI!


Anonymous said...

really nice article, worth reading, thanks!

Jeremiah Grossman said...

Your welcome!