[talk] Browser Abuse.

Pete Wright pete at nomadlogic.org
Wed Oct 12 11:59:34 EDT 2016



On 10/12/16 1:24 AM, Sujit K M wrote:
>> Is there a specific applied security case you are trying to handle?
>
> I was more interested with problems like SQL Injection for that matter
> even an XSS Hack with respect to Ajax.
>

while browsers are certainly a great attack vector - i still think a 
majority of the issues that arise are due to poorly implemented server 
and client-side code.  That would certainly seem to be the case for 
XSS/SQL Injection/Auth attacks.

It's not clear to me that a majority of the javascript and front-end 
dev's out there fully understand the security implications of the code 
they are writing.  while it's easy to say "ah shitty javascript is 
shitty" - i think there is more than enough blame for w3c standards and 
how browsers and platforms are still pretty incompatible.

so i reckon security usually falls off the table when they have to burn 
cycles still messing around with trying to get UI's consistent b/w 
browsers and platforms.

-pete


-- 
Pete Wright
pete at nomadlogic.org
nomadlogicLA




More information about the talk mailing list