Mike Adams: Developing Secure Widgets: Secure iFrame Communication in a Pre-postMessage World

3 responses on “Mike Adams: Developing Secure Widgets: Secure iFrame Communication in a Pre-postMessage World

  1. mdawaffe

    Relevant links:

    In development (can you find the bugs?) postMessage library with secure fallback:
    github.com/mdawaffe/xPostMessage

    More details for those looking for inspiration on how to craft real attacks:
    Securing Frame Communication in Browsers:
    A. Barth, C. Jackson, J. C. Mitchell — Stanford Web Security Group
    Proc. of the 17th USENIX Security Symposium. (USENIX Security 2008)
    seclab.stanford.edu/websec/frames/post-message.pdf

    Like

  2. Mark Jaquith

    So people don’t have to watch the whole talk to recall the punchline: Needham—Schroeder Protocol.

    Like

  3. Daniel Bachhuber

    Reblogged this on danielbachhuber.

    Like

Continue the discussion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 11,981 other followers

%d bloggers like this: