Ajax and Web applications in general present some unique and difficult challenges in security. Keeping data and code protected from intrusion and theft remains one of the most important aspects of Web application design and implementation. This track presents best practices for securing applications based on coding techniques for handling security holes and other opportunities for compromise and theft.
- Advanced Web Application Security with Joe Walker
- Beyond IFrames: Web Sandboxes with Scott Isaacs
- Secure Mashups: Getting to Safe Web Plugins (Panel) led by Douglas Crockford
More Related Sessions:
- How to Simplify and Automate Testing Ajax Applications with Ted Husted
Joe Walker, Creator, Direct Web Remoting (DWR); Director, Support & Development, SitePen
Attend and gain a firm understanding of:
- Security challenges particular to a Web 2.0 world;
- How to protect yourself, from both the point of view of site owners and users.
Scott Isaacs, Author, DHTML specification; Web Sandbox project
Today web gadgets, mashup components, advertisements, and other third party content on websites either run with full trust alongside your content or are isolated inside of IFrames. As a result, many modern web applications are intrinsically insecure, often with unpredictable service quality. Being aware of security issues and possible solutions to avoid compromising security are of prime importance to help make the web a more secure place.
Find out the key challenges in Web Security and learn about the Microsoft Web Sandbox open source framework that runs on all modern browsers and builds on the ongoing ECMA TC-39 security working group efforts.
Attend this session to learn:
- Key challenges in Web security;
- How a website can expand its client experience with third-party scripts without compromising user trust or site stability;
- How a site can control the policies that define the integration;
- How the Microsoft Web Sandbox is addressing these challenges by virtualizing both script execution and the DOM;
- And more.
- Mike Samuel from Google who will discuss Google's Caja project, which has similar goals but uses a pure-whitelisting approach, addresses the defensive and offensive code problems, and uses code analysis to improve performance.
- Scott Issacs, inventor of DHTML, who will discuss WebSandbox from Microsoft's LiveLabs which focuses more broadly - instead of focusing solely on security it also tackles "quality of service issues" providing, amongst other things, a pause button for web applications.
Attend and dive deep into emerging security threats seen on social networks which include third-party gadgets with executable code. These pieces of third-party code violate the assumptions made by the same-origin model, that script on a web page is authored by the same person or group that authored the containing page. Participants discuss where the same-origin model breaks down, how new security models repair these problems, and the new opportunities available with the new models.
You'll learn about growing security threats not addressed by existing iframe jailing practices and new ways of dealing with these threats and other security threats posed by dynamic third-party content. You'll also learn how these schemes can smooth over cross-browser incompatibilities and how the security analysis done by these schemes can help with testing and debugging of complex web applications.