[Security] Who do you trust? - JSONP demo

November 29, 2009 - 17:31 CET In my previous posts JSONp - What's the risk? and Web2.0 - Who do you trust? I talked about the potential security problems that can occur when adding script tags and/or using jsonp. In this post I will show a couple of demos.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1637 time(s).

[CSS/HTML/Js] CSSHttpRequest - The new kid on the block

October 5, 2009 - 17:36 CEST I just read about CSSHttpRequest (or AJACSS as it's also know) - a new way to do cross domain request like JSONp, but without using dynamic javascript tags.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1058 time(s).

[Security] JSONp - What's the risk?

October 5, 2009 - 17:36 CEST Using JSONp imposes some risk on your system, whether you are a providing data or using data published as JSONp.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1368 time(s).

[1 - 3]

About Erlend

I'm a senior consultant at Bekk Consulting AS. This blog is about software development, with a special focus on security.

Follow me on twitter

31.08	[Security] Rails 3.0 and XSS-protection
6.07	[Security] Avoiding NoSQL-injection with MongoDB
27.06	[Security] NOSQL-injection
7.06	[.NET] Microsoft Pex - exploratory testing
18.05	[Security] Security podcasts