comments (not for humans)

This post describes how OWASP Top 10 - A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I'll try to focus on the aspects that often occur in applications that rely heavily on JavaScript.


[...]
There has been a lot of fuzz about padding oracle attacks lately. ASP.NET was vulnerable and Apache MyFaces too (and other JSF implementations?).
[...]