We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Web Application Security: Lessons Learned

00:00

Formal Metadata

Title
Web Application Security: Lessons Learned
Title of Series
Number of Parts
96
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
No week passes without another successful high-profile attack against a well-known website. The reason is not only that old vulnerabilities still exist, but also that bad guys came up with new approaches to mess with a web site. We will have a look at some recent events that made the news, and dissect what went wrong, and what we can do about it for our applications. You will see old attacks with a new twist, and modern ways to mess with a site. This includes a (fixed) vulnerability in ASP.NET MVC, a successful historical attack against a social network, and many more.
World Wide Web ConsortiumInformation securityMyspaceFacebookInformation securityOpen sourceCartesian coordinate systemServer (computing)Variety (linguistics)Web applicationRegular graphPhysical systemInternet der DingeCodeComputer hardwareData managementIncidence algebraVideoconferencingSoftware developerMultiplication signProgramming languageContent (media)Vulnerability (computing)Different (Kate Ryan album)Set (mathematics)Profil (magazine)Revision controlFlow separationMetropolitan area networkCategory of beingSoftware testingRight angleReplication (computing)Musical ensembleSummierbarkeitDatabaseComputer animation
PasswordLocal GroupHacker (term)EmailInjektivitätSingle-precision floating-point formatComputer networkComputer-generated imageryAngleEntropie <Informationstheorie>DatabaseoutputFlow separationSoftware testingMultiplication signNumberMechanism designStatement (computer science)PlastikkarteParameter (computer programming)Food energyData structureElectronic mailing listBoss CorporationMathematicsTransport Layer SecurityLeakGroup actionState of matterOpen sourceInjektivitätArithmetic meanArmCodeCombinational logicLibrary (computing)DatabaseShared memoryBitDatabase transactionFacebookInsertion lossLevel (video gaming)WebsitePoint (geometry)Content (media)Incidence algebraPointer (computer programming)Right angleInformation securityMetropolitan area networkDisk read-and-write headFree variables and bound variablesEvent horizonScaling (geometry)WeightPasswordInstance (computer science)Forcing (mathematics)Projective planeCASE <Informatik>Object (grammar)Software frameworkEscape characterContext awareness1 (number)Software developerUniform resource locatorStack (abstract data type)Hacker (term)Web 2.0Goodness of fitComputer animation
Information securityCore dumpSuite (music)Drill commandsInstallation artInjektivitätAbstractionDatabaseQuery languageCodeBackdoor (computing)Escape characterLatent heatFunction (mathematics)Statement (computer science)Open sourceProjective planeInjektivitätType theory19 (number)DatabaseMusical ensembleSoftware testingMereologyConnectivity (graph theory)Statement (computer science)String (computer science)Extension (kinesiology)Logic gateRegulärer Ausdruck <Textverarbeitung>ResultantRight angleGroup actionCodeObject (grammar)Library (computing)Sound effectArithmetic meanBitLevel (video gaming)Different (Kate Ryan album)Service (economics)NumberCASE <Informatik>Table (information)Hash functionFormal languageDrop (liquid)BlogLine (geometry)Instance (computer science)Mechanism designElectronic mailing listLatent heatAbstractionBackupScaling (geometry)Parameter (computer programming)Sign (mathematics)Subject indexingDependent and independent variablesInformation securityFunctional (mathematics)PlanningBit rateGame controllerSet (mathematics)AuthenticationTrailKey (cryptography)Greatest elementSystem callQuicksortPressureWebsiteElectronic program guideFree variables and bound variablesMultiplication signSelectivity (electronic)Slide ruleBlock (periodic table)Suite (music)Vulnerability (computing)Software developerStaff (military)Perfect groupComputer animation
Context awarenessInternet service providerInformation securityHTTP cookieMessage passingWeb browserSoftware developerRight angleAsynchronous Transfer ModeRoutingInstance (computer science)Different (Kate Ryan album)WebsiteComputer animation
Software developerConvex hullMaxima and minimaMenu (computing)Dependent and independent variablesCodeScripting languageInformation securityWeb pageContext awarenessWebsiteFunction (mathematics)FlagHTTP cookieCross-site scriptingCodeVulnerability (computing)Information securityContext awarenessSoftware developerApplication service providerEscape characterAngleInjektivitätServer (computing)BitHTTP cookieAttribute grammarInformationPasswordWeb pageDomain nameService (economics)CASE <Informatik>Mechanism designException handlingWebsiteGroup actionRevision controlType theoryExtension (kinesiology)LoginSpywareDomain nameFunction (mathematics)WindowModal logicNumberSoftwareAreaProcess (computing)EmailFunctional (mathematics)Quantum stateMaxima and minimaRight angleSpacetimeWeb 2.0Poisson-KlammerScripting languageJava appletInheritance (object-oriented programming)MeasurementFile archiverWordDressing (medical)Drop (liquid)GodEndliche ModelltheorieLie groupCatastrophismSound effectFlagDialectForm (programming)Configuration spaceComputer animation
Coma BerenicesMyspaceScripting languageJava appletHypermediaWeb pageWeb browserFacebookCanonical ensembleMyspaceInheritance (object-oriented programming)SpacetimeLatent heatWeb 2.0Content (media)Web pageBitAnalytic continuationWeb browserPower (physics)Arithmetic meanComputer animation
Java appletScripting languageCodeMyspaceComputer networkUser profileDigital filterElement (mathematics)Attribute grammarWebsiteRandomizationAttribute grammarMyspaceProfil (magazine)Uniform resource locatorInterior (topology)HTTP cookieEvent horizonCodeParameter (computer programming)LengthComputer wormSystem callCategory of beingFilter <Stochastik>AdditionWeb browserVulnerability (computing)Cross-site scriptingWeb pageServer (computing)Object (grammar)Representational state transferVirtual machineElectronic mailing listDifferenz <Mathematik>MereologyTouch typingMedical imagingFirmwareRouter (computing)Phase transitionArithmetic meanMathematicsBitKey (cryptography)Information securityOnline helpAuthenticationState of matterProcess (computing)SpeciesSpacetimeLevel (video gaming)Right angleCASE <Informatik>Gastropod shellView (database)Instance (computer science)ChainMetropolitan area networkScripting languageTheory of relativityTouchscreenExpressionGroup actionCausalityCartesian coordinate systemException handlingDialectOpen sourceContent (media)Prime idealBlock (periodic table)Evelyn PinchingAddress spaceWritingTap (transformer)Zoom lensComputer animation
Function (mathematics)Escape characterToken ringStandard deviationEmailWeb browserPhysical systemWeb pageFormal languageClique-widthMeta elementScripting languageView (database)Dependent and independent variablesContent (media)Information securityDefault (computer science)String (computer science)Web browserCodeDefault (computer science)Multiplication signCross-site scriptingWebsiteNumberRevision controlLimit (category theory)Software frameworkVulnerability (computing)Goodness of fitAuthorizationOrder (biology)ResultantWeb 2.0Graph coloringConfiguration spaceSystem callPrime idealSet (mathematics)1 (number)Performance appraisalApplication service providerEmailDigital rights managementStandard deviationFunction (mathematics)Web pageDynamical systemCASE <Informatik>Open setAd servingLink (knot theory)Local ringMathematicsGraphic designBitWindowComputer fileAdditionClosed setServer (computing)Connected spaceDomain nameRule of inferenceStructural loadString (computer science)Computer fontProcess (computing)Parameter (computer programming)Line (geometry)Java appletTesselationScripting languageExecution unitVector spaceFunctional (mathematics)Attribute grammarPhysical lawForm (programming)Address spaceNetwork topologyReal numberLevel (video gaming)Information securityOnline helpRight angleGastropod shellElektronisches MarketingInstance (computer science)Phase transitionRegulator geneHand fanCausalityQuicksortMetropolitan area networkService (economics)TheorySampling (statistics)Graphical user interfaceFacebookComputer animation
Web pageEmailFacebookStaff (military)Scripting languageFrame problemUniform resource locatorModal logicSpywareWeb pageContent (media)Direction (geometry)Escape characterWebsiteWeightServer (computing)Combinational logicBitElectronic mailing listPhysical systemService (economics)MereologyStructural loadInstance (computer science)Hand fan19 (number)Computer configurationXMLJSONComputer animation
Keyboard shortcutData modelMassView (database)Information securityDependent and independent variablesDefault (computer science)String (computer science)Vulnerability (computing)Software bugWeightArmGame controllerTrailEndliche ModelltheorieElectronic mailing listView (database)BlogOcean currentIdentity managementTime travelMachine visionoutputRight angleBitTesselationKeyboard shortcutConstructor (object-oriented programming)Category of beingProtein foldingApplication service providerComplete metric spaceVisualization (computer graphics)Field (computer science)Different (Kate Ryan album)Template (C++)Computer animation
BlogString (computer science)InformationParameter (computer programming)Endliche ModelltheorieField (computer science)CASE <Informatik>BlogKeyboard shortcutCodeGoodness of fitGroup actionType theoryCategory of beingInstance (computer science)Electronic mailing listOrder (biology)Arithmetic meanTesselationDefault (computer science)Computer animationProgram flowchart
BlogString (computer science)Software testingArchitectureGroup actionVisualization (computer graphics)Template (C++)Web browserMereologyField (computer science)Order (biology)Vulnerability (computing)Server (computing)Right angleMachine visionAttribute grammarElectronic mailing listComputer animation
Data modelKeyboard shortcutMassVideo gameEndliche ModelltheorieKeyboard shortcutDirection (geometry)Vulnerability (computing)Web 2.0outputValidity (statistics)XMLJSON
Complex (psychology)Uniform resource locatorAddress spaceNumberSource codeLipschitz-StetigkeitDefault (computer science)Data typeBlock (periodic table)Regulärer Ausdruck <Textverarbeitung>Multiplication signComplex (psychology)Address spaceWeb browserValidity (statistics)Scripting languageSource codeBookmark (World Wide Web)Software testingoutputRegular graphBitEmailRight angleComputer fontCodeServer (computing)Application service providerField (computer science)Reading (process)Arithmetic mean2 (number)Arithmetic progressionVirtual machineOvalOpen setTouchscreenRing (mathematics)Type theoryData typeFeedbackFocus (optics)Interior (topology)Web pageClient (computing)Computer animation
InformationInformation securityCybersexDatabaseRankingCore dumpSample (statistics)EncryptionPasswordLeakCoefficient of determinationWeb pageService (economics)LeakPasswordKey (cryptography)Virtual machineMalwareString (computer science)Multiplication signInformation securityEmailWindowStatement (computer science)Web browserSoftware developerDependent and independent variablesNormal (geometry)DatabaseTwitterGroup actionWebsiteInternet service providerZuckerberg, MarkObservational studyCASE <Informatik>Hecke operatorRight angleMessage passingReal numberHash functionReading (process)JSONComputer animationSource code
Transcript: English(auto-generated)