In this presentation filmed during QCon SF 2007, Jeff Williams addressed two major security holes threatening the world of Web 2.0 applications: Cross Site Request Forgery (CSRF) and Advanced Cross Site Scripting ((XSS). After explaining the threats and how they work, Jeff presented the countermeasures to be taken in order to avoid them.
Jeff Williams is the founder and CEO of Aspect Security and serves as the volunteer Chair of the Open Web Application Security Project, a free and open source organization dedicated to finding and fighting the causes of insecure software. Jeff has been writing code for 25 years, speaks frequently on application security, and has published numerous papers on practical risk and assurance techniques.
QCon is a conference that is organized by the community, for the community.The result is a high quality conference experience where a tremendous amount of attention and investment has gone into having the best content on the most important topics presented by the leaders in our community. QCon is designed with the technical depth and enterprise focus of interest to technical team leads, architects, and project managers.