Cross Site Integration “mashups” cross site scripting.

Slides:

Advertisements

Similar presentations

Vaibhav Rastogi and Yi Yang.  Web 2.0 – rich applications  A website hosts content it may not be responsible for  Third party gadgets  Third party.

Advertisements

IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

WHAT IS AJAX? Zack Sheppard [zts2101] WHIM April 19, 2011.

More APIs: Web Services CMPT 281. Announcements Project milestone Lab: – Web services examples.

A closer look Dynamic Webpages Jessica Meyerson March 1, 2011.

Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

Web Design Basic Concepts.

Prof. James A. Landay University of Washington Spring 2008 Web Interface Design, Prototyping, and Implementation Rich Internet Applications: AJAX, Server.

PLUG INS flash, quicktime, java applets, etc. Browser Plug-ins Netscape wanted a method to extend features of the browser became an unofficial standard.

Lightning Talk Fred Rodriguez Nguyen Do CPSC 473 May 6, 2012.

AJAX Chat Analysis and Design Rui Zhao CS SPG UCCS.

JavaScript & jQuery the missing manual Chapter 11

Databases.  Multi-table queries  Join ▪ An SQL JOIN clause is used to combine rows from two or more tables, based on a common field between them. 

ASP.NET + Ajax Jesper Tørresø ITNET2 F08. Ajax Ajax (Asynchronous JavaScript and XML) A group of interrelated web development techniques used for creating.

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

CSCI 6962: Server-side Design and Programming Web Services.

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

1 In the good old days... Years ago… the WWW was made up of (mostly) static documents. –Each URL corresponded to a single file stored on some hard disk.

1 Accelerated Web Development Course JavaScript and Client side programming Day 2 Rich Roth On The Net

10/13/2015 ©2006 Scott Miller, University of Victoria 1 Content Serving Static vs. Dynamic Content Web Servers Server Flow Control Rev. 2.0.

JavaScript – Quiz #9 Lecture Code:

Sponsors Gold Silver Bronze Custom REST services and jQuery AJAX Building your own custom REST services and consuming them with jQuery AJAX.

Web Applications BIS4430 – unit 8. Learning Objectives Explain the uses of web application frameworks Relate the client-side, server-side architecture.

Session: 1. © Aptech Ltd. 2Introduction to the Web / Session 1  Explain the evolution of HTML  Explain the page structure used by HTML  List the drawbacks.

JSON and A Comparison of Scripts. JSON: JavaScript Object Notation Based on a subset of the JavaScript Programming Language provides a standardized data.

PLUG INS flash, quicktime, java applets, etc. Browser Plug-ins Netscape wanted a method to extend features of the browser became an unofficial standard.

Asynchronous Javascript And XML AJAX : an introduction UFCEUS-20-2 : Web Programming.

PERFORMANCE ENHANCEMENT IN ASP.NET By Hassan Tariq Session #1.

Web Application with AJAX CS 526 advanced interned and Web system Presenters Faris Kateb Mohammed AbdulAziz Omar Alzahrani.

Unleash the Power of jQuery Learning & Development Team Telerik Software Academy.

Ajax for Dynamic Web Development Gregory McChesney.

Scripting Languages Client Side and Server Side. Examples of client side/server side Examples of client-side side include: JavaScript Jquery (uses a JavaScript.

Understanding Web Applications Lesson 4. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding Web Page Development Understand Web.

ICM – API Server & Forms Gary Ratcliffe.

ICM – API Server Gary Ratcliffe. 2 Agenda Webinar Programme API Server Overview JSON-RPC iCM API Service API Server and Forms New services under.

1 What is JQuery. jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax* interactions.

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

AJAX. Ajax  $.get  $.post  $.getJSON  $.ajax  json and xml  Looping over data results, success and error callbacks.

CHAPTER 8 AJAX & JSON WHAT IS AJAX? Ajax lets you…

Website Design Best Practices. Topics  Navigation  Readability  Portability  Frameworks for Web Design  Model View Architecture MVC  SEO  Performance.

AJAX and REST. Slide 2 What is AJAX? It’s an acronym for Asynchronous JavaScript and XML Although requests need not be asynchronous It’s not really a.

 Before you continue you should have a basic understanding of the following:  HTML  CSS  JavaScript.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

1/7/2016www.infocampus.co.in1. 1/7/2016www.infocampus.co.in2 Web Development training gives you and all-round training in both the design and the development.

Web Services Essentials. What is a web service? web service: software functionality that can be invoked through the internet using common protocols like.

NCCUCS 軟體工程概論 Lecture 5: Ajax, Mashups April 29, 2014.

Web Page Design The Basics. The Web Page A document (file) created using the HTML scripting language. A document (file) created using the HTML scripting.

Web Technologies Computing Science Thompson Rivers University

JavaScript and Ajax (Ajax Tutorial)

The Client-Server Model

Web Concepts Lesson 2 ITBS2203 E-Commerce for IT.

Personal Website Final Project

World Wide Web policy.

Application with Cross-Platform GUI

Pentaho JavaScript API

Asynchronous Java script And XML Technology

PHP / MySQL Introduction

Session V HTML5 APIs - AJAX & JSON

IS 360 Course Introduction

Web Browser server client 3-Tier Architecture Apache web server PHP

HTML Level II (CyberAdvantage)

HTML5 AJAX & JSON APIs

Web Technologies Computing Science Thompson Rivers University

Ajax and JSON Jeremy Shafer Department of MIS Fox School of Business

Web Application Development Using PHP

Presentation transcript:

Cross Site Integration “mashups” cross site scripting

Server Side Server code fetches data or services Has little to do with this course Can involve XML or SQL to remote servers Data may include HTML Data may include javascript Man-in-the-middle attacks?

3 rd Party Do you trust them? When they update will it break you? When they go broke will it break you? Do they send any javascript code or URLs used in links? javascript can do ANYTHING to you URLs can send people to fake sites

AJAX protocol is XML (SOAP) data is often XML Based upon hack of invisible frames HTML pages read by javascript Most often used in a framework which just lifts HTML fragments from the data

AJAX Security limitations are similar to javascripting frames Same website policy! can’t load external data server-side data relays Easy access to XML data sources XML is powerful…

Examples? Libraries are always used: jQuery, etc Requires server side program Requires some XML data this could be a minimal wrapper

Issues DO NOT OVER DO IT! High server load / High bandwidth slow XML over slow HTTP Server relay needs bandwidth Utilizing XML may be work XML processing is cpu intensive

3 rd Party Do you trust them? When they update will it break you? When they go broke will it break you? Do they send any javascript code or URLs used in links? javascript can do ANYTHING to you URLs can send people to fake sites

Javascript Almost no security limitations exec() of code can be limited to making objects JSON (JavaScript Object Notation) easier, smaller, faster than XML Code is more powerful / flexible

JSON For speed and size most use JSON code can be written in JSON most code libraries are in JSON APIs not uniform! Heavily depend on browser garbage collection - once script is loaded you can’t unload it

Variable Method var o = {json &could include code}; var x = “stringified code”; var loaded=1; loading function looks for loaded==1 o: loop object & copy or exec x: exec() runs the string

Wrapped javascript code sent as string data wrap in HTML (invisible frame or part of a visible frame) wrap in AJAX This delays running the SCRIPT so you can “securely” exec it or parse it

Library Style Provides a set of functions to do what needs to be done often handle loading of JSON (or AJAX) Function parameters used for customization CSS of the generated HTML

Examples Online comments, no javascript API CSS to format, just a SCRIPT file d=open Google gadgets js scripts Some have API

API/Globals/Query API- their javascript interface (trust?) You call their functions with settings Globals- you define objects with the settings before running their code Query - you send settings in the Query part of requesting the data

3 rd Party Do you trust them? When they update will it break you? When they go broke will it break you? Do they send any javascript code or URLs used in links? javascript can do ANYTHING to you URLs can send people to fake sites

Google Maps 1 st to popularize rich javascript applications Has a Javascript API - add your own points on the map Was early to popularize “mashups” combining datasets with location data ion/javascript/

Plug-ins Flash, Silverlight, A/V, ActiveX Browser plugs have little security Plug-ins may have javascript APIs Plug-ins may have their OWN scripting (flash uses javascript)

Examples Youtube embedded Paste-in HTML code Basically its a flash plug-in embed External video / audio content Quicktime,, etc “super” cookies - use plug-ins to circumvent privacy