Sponsors
  • Etelos
  • IBM
  • Microsoft
  • Adobe Systems, Inc.
  • Cynergy
  • Nokia
  • Openmaru Studio
  • WebEx
  • AOL
  • Citrix Systems
  • Coghead
  • Confident Technologies
  • Disney
  • Disney
  • EffectiveUI
  • F5 Networks
  • HCL Technologies
  • Intuit Quickbase
  • Oracle
  • S60
  • Salesforce.com
  • Spinscape
  • Sun Microsystems
  • Symphoniq Corporation
  • TeleAtlas
  • Yahoo! Inc.
  • Amazon Web Services
  • Atlassian Software Systems
  • awareness
  • BroadSoft
  • Curl
  • Denodo
  • Dixero
  • Force10 Networks
  • Humanix Inc.
  • Intel
  • JackBe
  • Jaduka
  • Jive Software
  • Juniper Networks
  • Kapow Technologies
  • Keynote Systems
  • Leverage Software
  • LiquidApps
  • LithiumTechnologies
  • LongJump
  • Morfik
  • Mzinga
  • NeuStar
  • Octopz
  • ONEsite
  • OpSource
  • Panther Express
  • Profy
  • Real Time Content
  • Rearden
  • Rearden Commerce
  • Remy
  • Reply
  • spigit
  • StreamVerse, Inc.
  • StrikeIron
  • XBOSoft
  • Znak
  • O'Reilly Alpha Tech Ventures
  • Panorama Capital
  • ACM Queue
  • Berlin Partner
  • BlogHer
  • Business Marketing Association
  • Dr. Dobbs
  • Fast Company
  • GigaOM
  • Juniper Research
  • Mashable
  • MSDN Magazine
  • NewTeeVee
  • Revenue Magazine
  • TechNet
  • Technorati
  • Topix
  • Webware
  • Wired
  • WOW

Sponsor & Exhibitor Opportunities

Vicki Sanders
415-947-6107
vsanders@techweb.com

Media Sponsor Opportunities

Liliana Arancibia
415-947-6179
larancibia@cmp.com

Press/Media Inquiries

confpr@oreilly.com

or

Natalia Wodecki
415-947-6762
NWodecki@cmp.com

Contact Us

View a complete list of Web 2.0 Expo contacts.

The Dark Side of Ajax

Development
Location: 2003 Level: Intermediate

The Ajax revolution is written in JavaScript. After the introduction of Google Maps, the Web is sprouting new Ajax-enabled applications every day. This talk considers the security implications of Ajax and the pitfalls and alternatives involved in creating rich web applications.

Highlights include:

  • The range of technology and coding styles that come under the name Ajax
  • Exploiting old bugs in new ways: Ajax for malware
  • The ways Ajax changes the conventional web security landscape
  • The ways Ajax doesn’t change the conventional web security landscape
  • JavaScript Hijacking: an Ajax-specific security problem
  • The future of Ajax security

We will look at popular Ajax programming frameworks and how they can make or break the security of an application. What happens when you point out the same vulnerability in 12 frameworks on the same day? Come find out!

Photo of Jacob West

Jacob West

Fortify Software

Jacob West manages Fortify Software’s Security Research Group, which is responsible for building security knowledge into Fortify’s products. Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, “Secure Programming with Static Analysis,” which was published in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.