An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com .

May 19, 2006

How To Break Web Software

Mike Andrews, a software security expert, was invited at Googleplex to talk about web applications security. The video [ 1 hr 26 min 38 sec] is a part of Google Techtalks.

He talks about common security bugs: spoofing, tampering, repudiation, information disclosure, denial of service, escalation of privilege (STRIDE). He also shows how he bought -3 books from an online software and got money on his credit card, instead of paying. Another interesting subject is how to protect against session ID guessing or stealing and page defacement.

Mike gave examples of fixed security bugs from Google applications, including the Gmail cross-site scripting (XSS) bug.

First seen on Geeking with Greg (sorry, Mr. Linden and thank you for Findory).

This blog is not affiliated with Google.