The objective of this talk is to explain how insecure client side communications can be and the care one should take to securely integrate third party content.
Building secure web mashups involves several challenges like keeping same origin policy, navigation policies of browsers in mind, assuring confidentiality, authentication, reliability, script isolation etc. Also, when sufficient care is not taken, attackers can eavesdrop inter-party communication via framing attacks, deceive via UI-redress attacks etc. This talk tries to cover these challenges and explain secure coding practices for building web mashups.
Experience of building mashups will help understand the talk better.
I’m a web guy working at a reputed security research lab at Hyderabad. I blog on my little tech experiments, present regularly at Microsoft’s online & offline technical community events on web development.
I’m a Microsoft MVP for ASP.NET (2010) and Internet Explorer (2011). More info on my blog.