Mike Andrews, a software security expert, was invited at Googleplex to talk about web applications security. The video [ 1 hr 26 min 38 sec] is a part of Google Techtalks.
He talks about common security bugs: spoofing, tampering, repudiation, information disclosure, denial of service, escalation of privilege (STRIDE). He also shows how he bought -3 books from an online software and got money on his credit card, instead of paying. Another interesting subject is how to protect against session ID guessing or stealing and page defacement.
Mike gave examples of fixed security bugs from Google applications, including the Gmail cross-site scripting (XSS) bug.
First seen on Geeking with Greg (sorry, Mr. Linden and thank you for Findory).
Ionut, did you discover this talk from the post on my blog?
ReplyDeletehttp://glinden.blogspot.com/2006/05/talk-on-web-security.html
Not a huge deal but, if you did, a hat tip or via link or something in your post would be a nice gesture.
Hello, Mr. Linden.
ReplyDeleteI actually don't remember where I saw the link, but it must be your site.