Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

The Fine Art of Hari Kari (.JS), And Other Approaches For The Strange Reality Of Web Defense

web, web application
Dan Kaminsky
Source Conference Boston 2010
Indexed on
Mar 26, 2013
File name
File size
765.2 KB

The web is remarkably difficult to secure. Browsers are ornery, powerful creations, and we security people demand all sorts of things of developers to make them behave. By in large, the developers ignore us. Our asks, they say, are too expensive. Rather than just guilting them, could we make better asks -- of both web developers, and browser manufacturers? Possibly. In this talk, I explore a couple of interesting techniques for easily mitigating entire classes of Cross Site Scripting and Cross Site Request Forgery attacks. They aren't perfect, but they work, and more importantly they represent a new class of ask for browser manufacturers that might even be implementable past the genuinely more powerful forces of application compatibility, performance, and developer compliance. I will also discuss Treelocking, a generic mechanism for mitigating injections into protocols as diverse as SQL, LDAP, XML, and JSON.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !