No Time for REST: Web Services Security
This talk discusses the numerous security holes commonly found in web service calls, particularly in RESTful calls. Potential exploits will be discussed and demo'd but, most importantly, defenses and countermeasures will be offered along with sample code. The purpose of this talk is to heighten awareness in this area with architects and programmers commonly tasked with building SOAP and REST service calls whether they are A2A, B2B or B2C.
core programming language for both client and server-side development.
unauthorized server-side DOM access. This talk will discuss these attack vectors and
some possible solutions companies should employ in order to address such threats.
I also recommend tips for penetration testing HTML5 applications.