A security podcast I listened to during today’s commute caused part of my anatomy to retract in between a few chuckles. In Technometria: Ajax Security, Phil Windley, past CTO of the state of Utah, interviews Billy Hoffman, co-author of Ajax Security, on the subject of Web 2.0 security. In a presentation that avoided the usual doom, gloom, and “buy my services” approach, Billy detailed several exploits, both white- and black-hat; some funny, and a few that weren’t. Among the “how could developers be so stupid” exploits (hint: don’t write your own encryption algorithms) were a few that now have me double-checking code that I was fairly convinced was secure.
If you’re deploying Web-2.0ish stuff, even if it’s only using Flash on the client side, this one may be worth a listen.