The uncontrollable web platform and Browser security 25 December 2012 newuser09876 (0) On the web, every other day we see a new JavaScript library, a new framework, a browser hack or an innovative way of using/bypassing some feature for building something good. Most of us are so deeply involved in learning, constructing new things that we almost forgot, failed to care or understand th... [More]
NULL Hyderabad Meet-November 2012 10 November 2012 newuser09876 (0) It has been a nice honor to organize NULL Hyderabad Chapter's monthly meet for November 2012 (EventBrite site). The event had good turnaround (imagine ~50 tickets being sold online in about 1.5 hours) and had good speakers. The first speaker Bipin Upadhyay gave a fantastic overview of HTTP protocol... [More]
Securing the web with declarative HTTP security policies 31 October 2012 newuser09876 (0) Whether you have noticed or not, over the past couple of years, there has been a new security drive happening on the web – the rise of declarative security policies. i.e., declaring security policies via HTTP response headers. With respect to configuration, this is the simplest method of enhancing s... [More]
What you know about AJAX, is not the same in HTML5 CORS 29 September 2012 newuser09876 (0) “AJAX is for asynchronous calls within same origin whereas HTML5 CORS is for asynchronous calls across origins”. This is a popular comparison of AJAX vs CORS which many web developers do, but there is a lot beyond this! Improving website performance by replacing full page postbacks with... [More]
Presentation on HTML5 Security, Part-2 - OWASP Hyd 12 August 2012 novogeek (0) In continuation my previous talk on HTML5 Security at OWASP Hyd, I have covered few more interesting concepts at OWASP Hyd August meet. Slides are more or less the same as my previous session but it was more demo driven where I've shown known security problems and secure coding practi... [More]
A note on JSONP & misconceptions of Cross Origin AJAX 18 July 2012 novogeek (0) Web developers who have worked on accessing APIs using JavaScript would be very much familiar with the term “JSONP”. Many web devs whom I have met offline or in online discussion forums seem to have some misconceptions about JSONP. Below are some of the basic & common definitions whi... [More]
Browser Internals: Content Isolation with Same Origin Policy-Microsoft UG Dev Day 30 June 2012 novogeek (0) Microsoft User Group Hyderabad (MUGH) has organized Developer Day at Broadridge Financial Solutions, Hyderabad this weekend. It was a half day event with very good line up of sessions and I had the opportunity to present on a very exciting topic-"Content Isolation with Same Origin Pol... [More]
HTML5 Sandbox and some notes 25 June 2012 novogeek (0) While building mashups, one of the primary goals is to securely isolate content coming from different origins. Generally, client side mashups are built in one of the two ways-(1) Embedding third party scripts in a web page (2) Loading remote content via iframes. Embedding scripts provides more inter... [More]
Presentation on HTML5 Security-OWASP Hyderabad 22 May 2012 novogeek (0) Happy to say that I had the opportunity to present at OWASP Hyderabad chapter on "HTML5 Security" on 19th May, 2012. The event had awesome audience from diverse backgrounds in security domain-security researchers, penetration testers, security consultants, few developers etc. The talk went for about... [More]
Microsoft MVP Award and my two cents 01 April 2012 novogeek (0) First of all, I’m really happy and proud to say that I’ve received Microsoft Most Valuable Professional (MVP) award for the third consecutive year. YaY!! I’ve received my first MVP award in 2010 under “ASP.NET” category and in 2011, 2012 under “Internet Explorer&r... [More]