I recently had a chance to talk to the good folks at SpiDynamic about their DevInspect product which includes some great support for ASP.NET AJAX… In the process we started talking about AJAX security in general is and they sent me these links… looks like good information I wanted to pass on!
- Billy Hoffman, SpiDynamic's lead researcher in our SPI Labs group, has an on-demand web cast "Ajax (in)security" at <https://download.spidynamics.com/registration/AJAX_webcast.asp>; that's a variant of the very popular talk he gave at BlackHat.
- Caleb Sima, SpiDynamic's CTO, you might remember from "The Code Room: Breaking Into Vegas" <http://msdn.microsoft.com/msdntv/episode.aspx?xml=episodes/en/20060223CodeRoom3/manifest.xml>.
- Dennis Hurst, hosted a highly-rated MSDN series, "Web Development: Increase the Security of Your Applications", <http://www.microsoft.com/events/series/securitywebappdev.mspx>.
What other good sources of AJAX security info have you found?