SlideShare a Scribd company logo

Dzhengis 93098 ajax - security

Download as PPTX, PDF
D
dzhengo44

AJAX is a web development technique that allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes, without interfering with the display and behavior of the existing page. While AJAX can improve interactivity, it also introduces some security risks similar to regular web applications, such as cross-site request forgery and malware being introduced through malicious JavaScript code. Developers need to implement authentication, authorization, and data protection to secure AJAX applications and users can help defend themselves using tools like NoScript to block untrusted scripts.

Education
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Asynchronous JavaScript And XML
Cyber Attacks are increasing !!! Why?! Fortunately modern browsers are getting better and better by using AJAX
• AJAX, is a web development technique for creating interactive web applications.
Classic web app vs. Ajax web app
If you know JavaScript, HTML, CSS, and XML, then you need to spend just one hour to start with AJAX ?
AJAX cannot work independently. It is used in combination with other technologies to create interactive web pages.
AJAX Security •AJAX-based Web applications use the same server-side security schemes of regular Web applications. •You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic). •AJAX-based Web applications are subject to the same security threats as regular Web applications.
AJAX Security CSRF –> Cross – Site Request Forgery ATTACKS • See what he/she searched for • Read emails • Steal credit card details through PayPal DEFENSE • Use authentication tokens
AJAX Security • Hacker can use JavaScript code for inferring server-side weaknesses. • JavaScript code is downloaded from the server and executed at the client and can compromise the client by mal-intended code.
AJAX Security USEFUL TOOLS Defense •NoScript – Accept scripts only from sites you trust •AltCookies – Accept cookies only from sites you trust •Firebug – Dig deeply into HTML/JAVASCRIPT/CSS AND HTTP
Mr. Drazhev, Thanks for your time.

More Related Content

PPT
Ajax Security
Roberto Suggi Liverani
 
PDF
AJAX: How to Divert Threats
Cenzic
 
PDF
AJAX Security - LAC2016
Julia Logan a.k.a. IrishWonder
 
PDF
Ajax Security Dangers
drkimsky
 
PPTX
Web Hacking Intro
Aditya Kamat
 
PPTX
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
 
PDF
Become a Security Ninja
Paul Gilzow
 
PPTX
RSA Europe 2013 OWASP Training
Jim Manico
 
Ajax Security
Roberto Suggi Liverani
 
AJAX: How to Divert Threats
Cenzic
 
AJAX Security - LAC2016
Julia Logan a.k.a. IrishWonder
 
Ajax Security Dangers
drkimsky
 
Web Hacking Intro
Aditya Kamat
 
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
 
Become a Security Ninja
Paul Gilzow
 
RSA Europe 2013 OWASP Training
Jim Manico
 

What's hot (20)

PPTX
Browser Security 101
Stormpath
 
PDF
2013 OWASP Top 10
bilcorry
 
PPTX
Security asp.net application
ZAIYAUL HAQUE
 
PPTX
Dom based xss
Lê Giáp
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
PPTX
Build A Killer Client For Your REST+JSON API
Stormpath
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PDF
Securing Web Applications with Token Authentication
Stormpath
 
PDF
Owasp top 10 2013
Edouard de Lansalut
 
PPTX
Web application attacks
hruth
 
PPTX
Web application security: Threats & Countermeasures
Aung Thu Rha Hein
 
PPTX
Web application attack Presentation
Khoa Nguyen
 
PPTX
Spring Security
Boy Tech
 
PPTX
Token Authentication for Java Applications
Stormpath
 
PDF
Common Web Application Attacks
Ahmed Sherif
 
PDF
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
PPTX
Access Control Pitfalls v2
Jim Manico
 
PDF
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BSides Delhi
 
PPTX
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Nilesh Sapariya
 
PDF
Html5 localstorage attack vectors
Shreeraj Shah
 
Browser Security 101
Stormpath
 
2013 OWASP Top 10
bilcorry
 
Security asp.net application
ZAIYAUL HAQUE
 
Dom based xss
Lê Giáp
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Build A Killer Client For Your REST+JSON API
Stormpath
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Securing Web Applications with Token Authentication
Stormpath
 
Owasp top 10 2013
Edouard de Lansalut
 
Web application attacks
hruth
 
Web application security: Threats & Countermeasures
Aung Thu Rha Hein
 
Web application attack Presentation
Khoa Nguyen
 
Spring Security
Boy Tech
 
Token Authentication for Java Applications
Stormpath
 
Common Web Application Attacks
Ahmed Sherif
 
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
Access Control Pitfalls v2
Jim Manico
 
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BSides Delhi
 
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Nilesh Sapariya
 
Html5 localstorage attack vectors
Shreeraj Shah
 
Ad

Viewers also liked (9)

PPT
(In)Secure Ajax-Y Websites With PHP
chw
 
PPS
Con El Corazon
Rosana Rivas
 
PDF
W Razie Problemow2!
AMP
 
PPT
Pecha Kucha Koen Vermeijs Han Solo College IC1Z2
guestbd5ff6
 
PDF
Siguse 2009 Symposium Program
siguse_history
 
PDF
Budget and economic outlook 2014 to 2024
Luis Taveras EMBA, MS
 
PDF
OurPDX preso for WordCampPortland
betsywhim
 
PDF
Eprimer ecom
jhayem28
 
DOCX
Aprende ecxel
Yorleidis Meza Mendez
 
(In)Secure Ajax-Y Websites With PHP
chw
 
Con El Corazon
Rosana Rivas
 
W Razie Problemow2!
AMP
 
Pecha Kucha Koen Vermeijs Han Solo College IC1Z2
guestbd5ff6
 
Siguse 2009 Symposium Program
siguse_history
 
Budget and economic outlook 2014 to 2024
Luis Taveras EMBA, MS
 
OurPDX preso for WordCampPortland
betsywhim
 
Eprimer ecom
jhayem28
 
Aprende ecxel
Yorleidis Meza Mendez
 
Ad

Similar to Dzhengis 93098 ajax - security (20)

PPTX
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Cyber Security Alliance
 
PPT
Ajax Presentation
jrdoane
 
PDF
www.webre24h.com - Ajax security
webre24h
 
PDF
AOEconf17: Application Security - Bastian Ike
AOE
 
PDF
AOEconf17: Application Security
AOE
 
PPTX
Ajax assignment help
john mayer
 
PPTX
Cross Site Scripting (XSS)
OWASP Khartoum
 
PDF
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
PDF
Appsec XSS Case Study
Mohamed Ridha CHEBBI, CISSP
 
PDF
Shreeraj - Hacking Web 2 0 - ClubHack2007
ClubHack
 
PDF
React security vulnerabilities
AngelinaJasper
 
PPT
Django (Web Applications that are Secure by Default)
Kishor Kumar
 
PPTX
Hackers versus Developers and Secure Web Programming
Akash Mahajan
 
PPTX
Web hacking refers to exploitation of applications via HTTP which can be done
ssuserf8636d
 
PPTX
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
 
PPTX
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 
PDF
React commonest security flaws and remedial measures!
Shelly Megan
 
PPTX
Scott Isaacs Presentationajaxexperience (Final)
Ajax Experience 2009
 
PPTX
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Divyanshu
 
PPTX
Javascript & Jquery
Gurpreet singh
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Cyber Security Alliance
 
Ajax Presentation
jrdoane
 
www.webre24h.com - Ajax security
webre24h
 
AOEconf17: Application Security - Bastian Ike
AOE
 
AOEconf17: Application Security
AOE
 
Ajax assignment help
john mayer
 
Cross Site Scripting (XSS)
OWASP Khartoum
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
Appsec XSS Case Study
Mohamed Ridha CHEBBI, CISSP
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
ClubHack
 
React security vulnerabilities
AngelinaJasper
 
Django (Web Applications that are Secure by Default)
Kishor Kumar
 
Hackers versus Developers and Secure Web Programming
Akash Mahajan
 
Web hacking refers to exploitation of applications via HTTP which can be done
ssuserf8636d
 
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 
React commonest security flaws and remedial measures!
Shelly Megan
 
Scott Isaacs Presentationajaxexperience (Final)
Ajax Experience 2009
 
Browser Hacking For Fun and Profit | Null Bangalore Meetup 2019 | Divyanshu S...
Divyanshu
 
Javascript & Jquery
Gurpreet singh
 

Recently uploaded (20)

PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PPTX
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
PDF
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PDF
1_English_Language_Set_2.pdf probationary
emailjagmeetsingh9
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PDF
Indian roads congress 037 - 2012 Flexible pavement
offersjackpot
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
1_English_Language_Set_2.pdf probationary
emailjagmeetsingh9
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
Indian roads congress 037 - 2012 Flexible pavement
offersjackpot
 

Dzhengis 93098 ajax - security

  • 2. Cyber Attacks are increasing !!! Why?! Fortunately modern browsers are getting better and better by using AJAX
  • 3. • AJAX, is a web development technique for creating interactive web applications.
  • 4. Classic web app vs. Ajax web app
  • 5. If you know JavaScript, HTML, CSS, and XML, then you need to spend just one hour to start with AJAX ?
  • 6. AJAX cannot work independently. It is used in combination with other technologies to create interactive web pages.
  • 7. AJAX Security •AJAX-based Web applications use the same server-side security schemes of regular Web applications. •You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic). •AJAX-based Web applications are subject to the same security threats as regular Web applications.
  • 8. AJAX Security CSRF –> Cross – Site Request Forgery ATTACKS • See what he/she searched for • Read emails • Steal credit card details through PayPal DEFENSE • Use authentication tokens
  • 9. AJAX Security • Hacker can use JavaScript code for inferring server-side weaknesses. • JavaScript code is downloaded from the server and executed at the client and can compromise the client by mal-intended code.
  • 10. AJAX Security USEFUL TOOLS Defense •NoScript – Accept scripts only from sites you trust •AltCookies – Accept cookies only from sites you trust •Firebug – Dig deeply into HTML/JAVASCRIPT/CSS AND HTTP