Security 2.0, Chris Shiflett
Primary Issues:
- Cross-Site Scripting
- Cross-Site Request Forgeries
- Attack Mashups
These have come about because we are giving the users more power, which means there are access points for the user to f'up the system. It's creating new attacks, but also providing ways for old attacks to rear their heads in new, ugly ways.
XSS:
- Communicated through your site by some mechanism; manipulated url, hacked form, injection into feed.
- You accept this data and imbed it into your web pages.
