Presenter Tom Shannon
7 deadly sins.
1, happened UN website, 2 days to notice. basically insert commands in username/password input boxes
.net most prone to this, but php an other happen. You need to watch that data processing and pass around by the application is secure and not intercepted.
2. e.g. myspace worm , ajax code to attract new users took down wholesite.
3. store data on server better than cookie
4. spammer include cc in email box to send out virus.
dont put user email in headers, tip
5. uploads, set proactively the stuff you want.
6 cross domain form submission
risk e.g. one click buying access. or risk for emali apps within socialnetworks, e.g. flickr mail, use token with form to stop.
7 Cross domain api
www.ts0.com blog url for Tom