Home » WordCampTV »WordCamp San Francisco 2011

Mike Adams: Developing Secure Widgets: Secure iFrame Communication in a Pre-postMessage World

Published

August 31, 2011

Event

WordCamp San Francisco 2011 46

Speakers

Mike Adams 1

Tags

development 111
featured 161
iframe 1
Plugins 89
widgets 5

Language

English 1221

Download
MP4: Low, Med, High
OGG: Low
Subtitles

Subtitle this video →

3 Responses to “Mike Adams: Developing Secure Widgets: Secure iFrame Communication in a Pre-postMessage World”

  1. mdawaffe
    September 7, 2011 at 10:15 pm | Reply

    Relevant links:

    In development (can you find the bugs?) postMessage library with secure fallback:
    github.com/mdawaffe/xPostMessage

    More details for those looking for inspiration on how to craft real attacks:
    Securing Frame Communication in Browsers:
    A. Barth, C. Jackson, J. C. Mitchell — Stanford Web Security Group
    Proc. of the 17th USENIX Security Symposium. (USENIX Security 2008)
    seclab.stanford.edu/websec/frames/post-message.pdf

  2. Mark Jaquith
    March 27, 2012 at 4:37 pm | Reply

    So people don’t have to watch the whole talk to recall the punchline: Needham—Schroeder Protocol.

  3. Daniel Bachhuber
    August 2, 2012 at 9:34 am | Reply

    Reblogged this on danielbachhuber.

Continue the discussion

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Related Videos

Follow

Get every new post delivered to your Inbox.

Join 5,055 other followers

%d bloggers like this: