https://wiki.owasp.org/index.php?action=history&feed=atom&title=OWASP_Papers%2FJeopardy_in_Web_2_0OWASP Papers/Jeopardy in Web 2 0 - Revision history2026-04-21T20:20:46ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63489&oldid=prevMediaWiki spam cleanup: Reverting to last version not containing links to s1.shard.jp2009-06-03T12:50:12Z<p>Reverting to last version not containing links to s1.shard.jp</p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63489&oldid=63253">Show changes</a>MediaWiki spam cleanuphttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63253&oldid=prevDeleted user at 02:12, 31 May 20092009-05-31T02:12:11Z<p></p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63253&oldid=63165">Show changes</a>Deleted userhttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63165&oldid=prevMediaWiki spam cleanup: Reverting to last version not containing links to s1.shard.jp2009-05-29T18:01:03Z<p>Reverting to last version not containing links to s1.shard.jp</p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63165&oldid=63001">Show changes</a>MediaWiki spam cleanuphttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63001&oldid=prevDeleted user at 16:29, 29 May 20092009-05-29T16:29:49Z<p></p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=63001&oldid=62616">Show changes</a>Deleted userhttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=62616&oldid=prevMediaWiki spam cleanup: Reverting to last version not containing links to www.textbasliouda.com2009-05-27T18:28:52Z<p>Reverting to last version not containing links to www.textbasliouda.com</p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=62616&oldid=62310">Show changes</a>MediaWiki spam cleanuphttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=62310&oldid=prevMediaWiki spam cleanup: Reverting to last version not containing links to s1.shard.jp2009-05-27T15:59:45Z<p>Reverting to last version not containing links to s1.shard.jp</p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=62310&oldid=62175">Show changes</a>MediaWiki spam cleanuphttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=62175&oldid=prevDeleted user at 08:54, 27 May 20092009-05-27T08:54:43Z<p></p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=62175&oldid=61810">Show changes</a>Deleted userhttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=61810&oldid=prevDeleted user at 12:04, 26 May 20092009-05-26T12:04:16Z<p></p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=61810&oldid=61317">Show changes</a>Deleted userhttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=61317&oldid=prevDeleted user at 15:31, 22 May 20092009-05-22T15:31:23Z<p></p>
<a href="https://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=61317&oldid=40440">Show changes</a>Deleted userhttps://wiki.owasp.org/index.php?title=OWASP_Papers/Jeopardy_in_Web_2_0&diff=40440&oldid=prevKirstenS: /* Top Attacks against Web 2.0 */2008-09-18T13:06:51Z<p><span dir="auto"><span class="autocomment">Top Attacks against Web 2.0</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:06, 18 September 2008</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l44" >Line 44:</td>
<td colspan="2" class="diff-lineno">Line 44:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>In Web 2.0 applications AJAX talks with backend Web services over XML-RPC, SOAP, etc. It is possible to invoke them over GET and POST. In other words, it is also possible to make cross-site calls to these Web services. Doing so would end up compromising a victim’s profile interfaced with Web services. CSRF is an interesting attack vector and is getting a new dimension in this newly defined endpoints scenario. These endpoints may be for AJAX or Web services but can be invoked by cross-domain requests.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>In Web 2.0 applications AJAX talks with backend Web services over XML-RPC, SOAP, etc. It is possible to invoke them over GET and POST. In other words, it is also possible to make cross-site calls to these Web services. Doing so would end up compromising a victim’s profile interfaced with Web services. CSRF is an interesting attack vector and is getting a new dimension in this newly defined endpoints scenario. These endpoints may be for AJAX or Web services but can be invoked by cross-domain requests.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>There is a myth that [[CSRF]] is a special case of [[Cross-site <del class="diffchange diffchange-inline">scripting</del>|XSS]]. But the fact is [[CSRF]] is a distinct vulnerability, with a different solution. XSS mitigation will not remediate [[CSRF]] attacks. Although this type of attack has similarities to XSS, cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts. Compared to XSS, CSRF attacks are not well understood by many web developers and few defense resources are available.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>There is a myth that [[CSRF]] is a special case of [[Cross-site <ins class="diffchange diffchange-inline">Scripting (XSS)</ins>|XSS]]. But the fact is [[CSRF]] is a distinct vulnerability, with a different solution. XSS mitigation will not remediate [[CSRF]] attacks. Although this type of attack has similarities to XSS, cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts. Compared to XSS, CSRF attacks are not well understood by many web developers and few defense resources are available.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''2. XML Poisoning :  </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''2. XML Poisoning :  </div></td></tr>
</table>KirstenS