Monday, October 19, 2009

CSRF

CSRF (Cross-site request forgery) vulnerability is pretty straightforward way how attacker can cheat your web application.

First of all you should protect your application against the XSS attacks. On top of that, good practice is to secure session cookie (and other important cookies not needed by your javascript) by HttpOnly technique which will hide such cookie from javascript access and then also before potential abuse.

Sunday, October 18, 2009

How to Write X/HTML Scripts

In the past we were used to write content of HTML page script tags like:

<script>
    <!--
    ...
    //-->
</script>