January 2007 - Posts

• Web security is hard

  I've been reading Jeremiah Grossman's great accounts of some JSON related cross site request forgery (CSRF) holes here and here . The basic pattern is that an AJAX website uses XmlHttpRequest to request some personal data that's returned with JSON from Read More... Posted Thursday, January 04, 2007 9:43 PM by dancre | 0 Comments