An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

May 19, 2006

How To Break Web Software

Mike Andrews, a software security expert, was invited at Googleplex to talk about web applications security. The video [ 1 hr 26 min 38 sec] is a part of Google Techtalks.

He talks about common security bugs: spoofing, tampering, repudiation, information disclosure, denial of service, escalation of privilege (STRIDE). He also shows how he bought -3 books from an online software and got money on his credit card, instead of paying. Another interesting subject is how to protect against session ID guessing or stealing and page defacement.

Mike gave examples of fixed security bugs from Google applications, including the Gmail cross-site scripting (XSS) bug.

First seen on Geeking with Greg (sorry, Mr. Linden and thank you for Findory).

2 comments:

  1. Ionut, did you discover this talk from the post on my blog?

    http://glinden.blogspot.com/2006/05/talk-on-web-security.html

    Not a huge deal but, if you did, a hat tip or via link or something in your post would be a nice gesture.

    ReplyDelete
  2. Hello, Mr. Linden.

    I actually don't remember where I saw the link, but it must be your site.

    ReplyDelete