SlideShare ist ein Scribd-Unternehmen logo

Building Secure Twitter Apps

D
Damon Cortesi

Presentation given at #140tc in Los Angeles on security issues when building web and Twitter applications.

Technologie
1 von 30
Web App Security and Twitter and Twitter ,[object Object],[object Object],[object Object]
@dacort
Common Issues ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection ,[object Object],[object Object],[object Object],[object Object]
...in action http://xkcd.com/327/
Cross-Site Scripting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Real-World Dangers ,[object Object]
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
CSRF ,[object Object],[object Object],[object Object]
CSRF++ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CSRF GET ,[object Object],[object Object],[object Object],[object Object],[object Object]
CSRF POST ,[object Object],<form name=”csrf” action=” http://x.com/delete.php ” method=”POST”> <input type=”hidden” name=”id” value=”123”> </form> <script>document.csrf.submit()</script>
CSRF Example
Information Disclosure ,[object Object],[object Object]
Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
Courtesy of @harper
Protected Users ,[object Object],[object Object],[object Object]
Let’s have some fun... ,[object Object]
Mitigation ,[object Object],[object Object],[object Object]
Sanitization/Encoding ,[object Object],[object Object],[object Object],[object Object],[object Object]
Also Watch out for...
 
 
Help your users
 
Some other things... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
One last thing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Oh, Shorteners...
Third Parties ,[object Object],[object Object],[object Object],[object Object]
Sorry Twitter

Empfohlen

Page Caching Resurrected
Page Caching ResurrectedPage Caching Resurrected
Page Caching ResurrectedBen Scofield
 
YQL talk at OHD Jakarta
YQL talk at OHD JakartaYQL talk at OHD Jakarta
YQL talk at OHD JakartaMichael Smith Jr.
 
Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Mark Jaquith
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG PresentationDamon Cortesi
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!Greg Bell
 
Front End on Rails
Front End on RailsFront End on Rails
Front End on RailsJustin Halsall
 
Make Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingMake Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingViget Labs
 
Flickr Open Api Mashup
Flickr Open Api MashupFlickr Open Api Mashup
Flickr Open Api MashupJinho Jung
 

Empfohlen

Page Caching Resurrected
Page Caching ResurrectedPage Caching Resurrected
Page Caching ResurrectedBen Scofield
 
YQL talk at OHD Jakarta
YQL talk at OHD JakartaYQL talk at OHD Jakarta
YQL talk at OHD JakartaMichael Smith Jr.
 
Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Mark Jaquith
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG PresentationDamon Cortesi
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!Greg Bell
 
Front End on Rails
Front End on RailsFront End on Rails
Front End on RailsJustin Halsall
 
Make Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingMake Everyone a Tester: Natural Language Acceptance Testing
Make Everyone a Tester: Natural Language Acceptance TestingViget Labs
 
Flickr Open Api Mashup
Flickr Open Api MashupFlickr Open Api Mashup
Flickr Open Api MashupJinho Jung
 
ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingGilbert Guerrero
 
WordPress Development Confoo 2010
WordPress Development Confoo 2010WordPress Development Confoo 2010
WordPress Development Confoo 2010Brendan Sera-Shriar
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesSugree Phatanapherom
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?brynary
 
Zend Form Tutorial
Zend Form TutorialZend Form Tutorial
Zend Form TutorialMichelangelo van Dam
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare InstantSaket Choudhary
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare InstantSaket Choudhary
 
Php 3 1
Php 3 1Php 3 1
Php 3 1Digital Insights - Digital Marketing Agency
 
Integrating WordPress With Web APIs
Integrating WordPress With Web APIsIntegrating WordPress With Web APIs
Integrating WordPress With Web APIsrandyhoyt
 
Changing Template Engine
Changing Template EngineChanging Template Engine
Changing Template EngineTakatsugu Shigeta
 
Evolution of API With Blogging
Evolution of API With BloggingEvolution of API With Blogging
Evolution of API With BloggingTakatsugu Shigeta
 
Advanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsAdvanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsandrewnacin
 
Advanced SEO for Web Developers
Advanced SEO for Web DevelopersAdvanced SEO for Web Developers
Advanced SEO for Web DevelopersNathan Buggia
 
Lecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPLecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPyucefmerhi
 
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenWeb Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenMark Wubben
 
Findability Bliss Through Web Standards
Findability Bliss Through Web StandardsFindability Bliss Through Web Standards
Findability Bliss Through Web StandardsAarron Walter
 
Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007John Allsopp
 
Ajax On S2 Odp
Ajax On S2 OdpAjax On S2 Odp
Ajax On S2 Odpghessler
 
IBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileIBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileChris Toohey
 
Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Mark Wubben
 
Building Lanyrd
Building LanyrdBuilding Lanyrd
Building LanyrdSimon Willison
 
MongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationMongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationCameron Sim
 

Weitere ähnliche Inhalte

Was ist angesagt?

ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingGilbert Guerrero
 
WordPress Development Confoo 2010
WordPress Development Confoo 2010WordPress Development Confoo 2010
WordPress Development Confoo 2010Brendan Sera-Shriar
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesSugree Phatanapherom
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?brynary
 
Integrating WordPress With Web APIs
Integrating WordPress With Web APIsIntegrating WordPress With Web APIs
Integrating WordPress With Web APIsrandyhoyt
 
Evolution of API With Blogging
Evolution of API With BloggingEvolution of API With Blogging
Evolution of API With BloggingTakatsugu Shigeta
 
Advanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsAdvanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsandrewnacin
 
Advanced SEO for Web Developers
Advanced SEO for Web DevelopersAdvanced SEO for Web Developers
Advanced SEO for Web DevelopersNathan Buggia
 
Lecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPLecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPyucefmerhi
 
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenWeb Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenMark Wubben
 
Findability Bliss Through Web Standards
Findability Bliss Through Web StandardsFindability Bliss Through Web Standards
Findability Bliss Through Web StandardsAarron Walter
 
Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007John Allsopp
 
Ajax On S2 Odp
Ajax On S2 OdpAjax On S2 Odp
Ajax On S2 Odpghessler
 
IBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileIBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileChris Toohey
 
Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Mark Wubben
 

Was ist angesagt? (20)

ARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: PublishingARTDM 170, Week 16: Publishing
ARTDM 170, Week 16: Publishing
 
WordPress Development Confoo 2010
WordPress Development Confoo 2010WordPress Development Confoo 2010
WordPress Development Confoo 2010
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile Devices
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
 
Zend Form Tutorial
Zend Form TutorialZend Form Tutorial
Zend Form Tutorial
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
SlideShare Instant
SlideShare InstantSlideShare Instant
SlideShare Instant
 
Php 3 1
Php 3 1Php 3 1
Php 3 1
 
Integrating WordPress With Web APIs
Integrating WordPress With Web APIsIntegrating WordPress With Web APIs
Integrating WordPress With Web APIs
 
Changing Template Engine
Changing Template EngineChanging Template Engine
Changing Template Engine
 
Evolution of API With Blogging
Evolution of API With BloggingEvolution of API With Blogging
Evolution of API With Blogging
 
Advanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIsAdvanced and Hidden WordPress APIs
Advanced and Hidden WordPress APIs
 
Advanced SEO for Web Developers
Advanced SEO for Web DevelopersAdvanced SEO for Web Developers
Advanced SEO for Web Developers
 
Lecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITPLecture 6 - Comm Lab: Web @ ITP
Lecture 6 - Comm Lab: Web @ ITP
 
Web Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp CopenhagenWeb Typography with sIFR 3 at Drupalcamp Copenhagen
Web Typography with sIFR 3 at Drupalcamp Copenhagen
 
Findability Bliss Through Web Standards
Findability Bliss Through Web StandardsFindability Bliss Through Web Standards
Findability Bliss Through Web Standards
 
Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007Microformats at Web 2.0 Expo April 2007
Microformats at Web 2.0 Expo April 2007
 
Ajax On S2 Odp
Ajax On S2 OdpAjax On S2 Odp
Ajax On S2 Odp
 
IBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for MobileIBM Lotus Notes Domino XPages and XPages for Mobile
IBM Lotus Notes Domino XPages and XPages for Mobile
 
Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>Bringing Typography to the Web with sIFR 3 at <head>
Bringing Typography to the Web with sIFR 3 at <head>
 

Andere mochten auch

MongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationMongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationCameron Sim
 
Ognjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-PoslovanjeOgnjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-PoslovanjeOgnjen Divljak
 
Survey Results - Welfare Benefits
Survey Results - Welfare BenefitsSurvey Results - Welfare Benefits
Survey Results - Welfare BenefitsMark
 
The Frog Frenzy
The Frog FrenzyThe Frog Frenzy
The Frog Frenzylfenn
 
Marks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge PresentationMarks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge Presentationguest3413db
 
Microapps Story
Microapps StoryMicroapps Story
Microapps Storychikee7808
 
Demografi MovieZine
Demografi MovieZineDemografi MovieZine
Demografi MovieZineDaniel Feldt
 
Oreo Project
Oreo ProjectOreo Project
Oreo Projectlfenn
 
Julia Newton Presentation
Julia Newton PresentationJulia Newton Presentation
Julia Newton PresentationMark
 
Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014Ruud Kluivers
 
Figaronron Lego Jango Fett
Figaronron Lego Jango FettFigaronron Lego Jango Fett
Figaronron Lego Jango Fettshameleon
 
Drustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen DivljakDrustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen DivljakOgnjen Divljak
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CVamitjain
 
Social Media in the Job Search
Social Media in the Job SearchSocial Media in the Job Search
Social Media in the Job SearchMichael Severy
 

Andere mochten auch (20)

Building Lanyrd
Building LanyrdBuilding Lanyrd
Building Lanyrd
 
MongoDB ClickStream and Visualization
MongoDB ClickStream and VisualizationMongoDB ClickStream and Visualization
MongoDB ClickStream and Visualization
 
Evoking & Creating wisdom
Evoking & Creating wisdomEvoking & Creating wisdom
Evoking & Creating wisdom
 
Ognjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-PoslovanjeOgnjen Divljak Web Portali i E-Poslovanje
Ognjen Divljak Web Portali i E-Poslovanje
 
朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013
 
Survey Results - Welfare Benefits
Survey Results - Welfare BenefitsSurvey Results - Welfare Benefits
Survey Results - Welfare Benefits
 
The Frog Frenzy
The Frog FrenzyThe Frog Frenzy
The Frog Frenzy
 
Marks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge PresentationMarks Trip To Ground Zero And Valley Forge Presentation
Marks Trip To Ground Zero And Valley Forge Presentation
 
Microapps Story
Microapps StoryMicroapps Story
Microapps Story
 
Group project photos @ Beijing Institute of Technology
Group project photos @ Beijing Institute of TechnologyGroup project photos @ Beijing Institute of Technology
Group project photos @ Beijing Institute of Technology
 
Mexico
MexicoMexico
Mexico
 
Demografi MovieZine
Demografi MovieZineDemografi MovieZine
Demografi MovieZine
 
Oreo Project
Oreo ProjectOreo Project
Oreo Project
 
Dialogic Change Workshop Handbook (11/4/2011) - bilingual
Dialogic Change Workshop Handbook (11/4/2011) - bilingualDialogic Change Workshop Handbook (11/4/2011) - bilingual
Dialogic Change Workshop Handbook (11/4/2011) - bilingual
 
Julia Newton Presentation
Julia Newton PresentationJulia Newton Presentation
Julia Newton Presentation
 
Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014Liferay cloud services lnlug-6-march-2014
Liferay cloud services lnlug-6-march-2014
 
Figaronron Lego Jango Fett
Figaronron Lego Jango FettFigaronron Lego Jango Fett
Figaronron Lego Jango Fett
 
Drustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen DivljakDrustvene Mreze Su Raj Za Marketing - Ognjen Divljak
Drustvene Mreze Su Raj Za Marketing - Ognjen Divljak
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CV
 
Social Media in the Job Search
Social Media in the Job SearchSocial Media in the Job Search
Social Media in the Job Search
 

Ähnlich wie Building Secure Twitter Apps

2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101brian_dailey
 
Developing and testing ajax components
Developing and testing ajax componentsDeveloping and testing ajax components
Developing and testing ajax componentsIgnacio Coloma
 
Plone Interactivity
Plone InteractivityPlone Interactivity
Plone InteractivityEric Steele
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal
 
REST, the internet as a database?
REST, the internet as a database?REST, the internet as a database?
REST, the internet as a database?Andrej Koelewijn
 
From "Username and Password" to InfoCard
From "Username and Password" to InfoCardFrom "Username and Password" to InfoCard
From "Username and Password" to InfoCardgoodfriday
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
 
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]Chris Toohey
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onMatt Raible
 
Rails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity PresentationRails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity Presentationrailsconf
 
What I brought back from Austin
What I brought back from AustinWhat I brought back from Austin
What I brought back from AustinLisa Adkins
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggetsguestbd1cdca
 
Grddl In A Nutshell V1
Grddl In A Nutshell V1Grddl In A Nutshell V1
Grddl In A Nutshell V1Fabien Gandon
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Clientgrutz
 

Ähnlich wie Building Secure Twitter Apps (20)

2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
 
Developing and testing ajax components
Developing and testing ajax componentsDeveloping and testing ajax components
Developing and testing ajax components
 
Plone Interactivity
Plone InteractivityPlone Interactivity
Plone Interactivity
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
 
REST, the internet as a database?
REST, the internet as a database?REST, the internet as a database?
REST, the internet as a database?
 
From "Username and Password" to InfoCard
From "Username and Password" to InfoCardFrom "Username and Password" to InfoCard
From "Username and Password" to InfoCard
 
Seam Glassfish Slidecast
Seam Glassfish SlidecastSeam Glassfish Slidecast
Seam Glassfish Slidecast
 
A rel
A relA rel
A rel
 
Ajax ons2
Ajax ons2Ajax ons2
Ajax ons2
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
 
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
10 Things You're Not Doing [IBM Lotus Notes Domino Application Development]
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-on
 
Rails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity PresentationRails 3 And The Real Secret To High Productivity Presentation
Rails 3 And The Real Secret To High Productivity Presentation
 
What I brought back from Austin
What I brought back from AustinWhat I brought back from Austin
What I brought back from Austin
 
Lecture1 B Frames&Forms
Lecture1 B Frames&FormsLecture1 B Frames&Forms
Lecture1 B Frames&Forms
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggets
 
Htm
HtmHtm
Htm
 
WordPress APIs
WordPress APIsWordPress APIs
WordPress APIs
 
Grddl In A Nutshell V1
Grddl In A Nutshell V1Grddl In A Nutshell V1
Grddl In A Nutshell V1
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
 

Kürzlich hochgeladen

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Kürzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Building Secure Twitter Apps

  • 1.
  • 3.
  • 4.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 14.
  • 15. Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. Also Watch out for...
  • 22.  
  • 23.  
  • 25.  
  • 26.
  • 27.
  • 29.