Ajax – Page 8 – WindowsTechs.com

Google connects BigQuery to Google Drive and Sheets

Posted on May 6, 2016 by Frederic Lardinois

google data center Google today announced that it is bringing some of its Google Cloud Platform and Google Apps tools a little bit closer together. BigQuery, Google’s serverless analytics data warehousing service, will now be able to read files from Google Drive and access spreadsheets from Google Sheets. There has long been something of a firewall between Google’s cloud computing services and its… Read More Continue reading Google connects BigQuery to Google Drive and Sheets→

Can a website make an HTTP request to "localhost"? How does it get around the cross-domain policy?

Posted on June 19, 2015 by Daniel Magliola

I found this website which talks about fixing a Redis vulnerability by exploiting that same vulnerability.

The website in question has a “patch me” button, and if you have a password-less Redis server running on your machine, it will patc… Continue reading Can a website make an HTTP request to "localhost"? How does it get around the cross-domain policy?→

CSRF on GWT apps : bypassing the Same-Origin policy

Posted on March 27, 2015 by niilzon

At work we suspect a GWT app (that is not in production yet) we own to be vulnerable to CSRF. We have to look at it from a black-box point of view before a third-party security audit will be performed.

Due to the fact that a… Continue reading CSRF on GWT apps : bypassing the Same-Origin policy→

Hydra + Tamper http post form syntax of the failure login attempt [duplicate]

Posted on December 23, 2014 by ORP

I am doing a pentest of an internal site. I would like to check how secure is this when using Hydra as the password cracking tool.
I have used the Mozilla Tamper add-on to get the HEAD options (I think I do not have the correct ones)
What … Continue reading Hydra + Tamper http post form syntax of the failure login attempt [duplicate]→

How are Ajax requests vulnerable to CSRF attacks if the Same-origin policy is applied?

Posted on May 26, 2014 by Songo

What I know about CSRF is that a malicious website tricks a normal user into issuing a request to a trusted website using a form.

I understand that is possible because we can post forms to different domains. However, I see posts of Stacko… Continue reading How are Ajax requests vulnerable to CSRF attacks if the Same-origin policy is applied?→

Securing passwords for REST Authentication

Posted on April 14, 2014 by JamesENL

I’m developing a REST application using the Spring Framework, as as part of the requirements, we have to secure the different functions of the system to different user roles (pretty standard stuff). My current method of deter… Continue reading Securing passwords for REST Authentication→

Is one CSRF token per session is adequate with HTTPS?

Posted on January 3, 2013 by johnbabu koppolu

Ours is a Ajax heavy application with concurrent Ajax requests. Generating unique tokens with each request or expire and creation of new tokens after a certain interval could get tricky with multiple concurrent Ajax requests…. Continue reading Is one CSRF token per session is adequate with HTTPS?→

Security risks with JSONP?

Posted on October 31, 2012 by D.W.

What are the security risks with JSONP? Is using JSONP in a new web application reasonable, from a security perspective, or is it better to use a different method for cross-origin web mashups?

If using JSONP is reasonable, … Continue reading Security risks with JSONP?→

Ajax and CSRF protection

Posted on September 16, 2012 by Dave

Without going into too much details I have a site which is 100% Ajax. All requests to the site (both GET and POST) are done via Ajax. Now I have to implement CSRF protection, and all the solutions I came across boil down to sending a CSRF … Continue reading Ajax and CSRF protection→