Category Archives: Security

Securing Single Page Apps and REST Services

The move towards Single Page Apps and RESTful services open the doors to a much better way of securing web applications. Traditional web applications use browser cookies to identify a user when a request is made to the server. This approach is fundamentally flawed and causes many applications to be vulnerable to Cross-Site Request Forgery [...]

Also posted in Play Framework, REST | 61 Responses

How Bad Crossdomain Policies Expose Protected Data to Malicious Applications

The web’s success has been partially due to the sandbox it provides users. Users do not generally have to entirely trust every website they visit because malicious web sites should be sandboxed from doing the user harm. One way that web sites are sandboxed is through a same-origin policy. By default any code that runs [...]

Also posted in Flash Player, Flex | 13 Responses

Mutual Authentication: Prevents Phishing Attacks?

One of my credit card companies just implemented Mutual Authentication for their web site. I think this is a fantastic idea since it can help to protect users from phishing attacks. The hard part will be training users to not enter their credentials unless they see the tokens they selected. Continue reading to see how [...]

Posted in Security | 6 Responses


  • View James Ward's profile on LinkedIn