[talk] Browser Abuse.
Pete Wright
pete at nomadlogic.org
Wed Oct 12 11:59:34 EDT 2016
On 10/12/16 1:24 AM, Sujit K M wrote:
>> Is there a specific applied security case you are trying to handle?
>
> I was more interested with problems like SQL Injection for that matter
> even an XSS Hack with respect to Ajax.
>
while browsers are certainly a great attack vector - i still think a
majority of the issues that arise are due to poorly implemented server
and client-side code. That would certainly seem to be the case for
XSS/SQL Injection/Auth attacks.
It's not clear to me that a majority of the javascript and front-end
dev's out there fully understand the security implications of the code
they are writing. while it's easy to say "ah shitty javascript is
shitty" - i think there is more than enough blame for w3c standards and
how browsers and platforms are still pretty incompatible.
so i reckon security usually falls off the table when they have to burn
cycles still messing around with trying to get UI's consistent b/w
browsers and platforms.
-pete
--
Pete Wright
pete at nomadlogic.org
nomadlogicLA
More information about the talk
mailing list