In case you are having issues watching this video, please follow these simple steps to help us investigate the issue:
1. Right click on the video player and select Copy log
2. Paste the copied information in an email to video-issue@infoq.com (clicking this link will fill in the default details in most email clients).
Note: in case your email client hasn't automatically picked up the email subject, please include in your email the URL of the video too.
3. Done.
We will investigate the issue and get back to you as soon as possible. Thanks for helping us improve our site!

Summary
In this presentation filmed during QCon SF 2007, Jeff Williams addressed two major security holes threatening the world of Web 2.0 applications: Cross Site Request Forgery (CSRF) and Advanced Cross Site Scripting ((XSS). After explaining the threats and how they work, Jeff presented the countermeasures to be taken in order to avoid them.

Bio
Jeff Williams is the founder and CEO of Aspect Security and serves as the volunteer Chair of the Open Web Application Security Project, a free and open source organization dedicated to finding and fighting the causes of insecure software. Jeff has been writing code for 25 years, speaks frequently on application security, and has published numerous papers on practical risk and assurance techniques.

About the conference
QCon is a conference that is organized by the community, for the community.The result is a high quality conference experience where a tremendous amount of attention and investment has gone into having the best content on the most important topics presented by the leaders in our community. QCon is designed with the technical depth and enterprise focus of interest to technical team leads, architects, and project managers.