1. Open APIs: Security for Mobile and the Cloud
Caleb Sima
EIR, Andreessen Horowitz
February 27, 2012
2. My Perspective
Entrepreneur in Residence, Andreessen Horowitz
CEO Armorize Technologies
CTO Application Security HP
CTO & Co-Founder of SPI Dynamics
Internet Security Systems
8. Normal WebApp: One Request - One API
Post to Register.aspx with the the
following data:
Email=csima%40a16z.com&User
Name=csima&Password=reallyha
rdpassword&ConfirmPassword=re
allyhardpassword&Captcha=hatm
als
9. With Ajax multiple requests = Multiple Inputs = Bigger
Attack Surface
CheckUsername(csima)
ValidateEmail(csima@a16z.com)
CheckCaptcha(hatmals)
*Demo Search
Final Submission of all data to server