Tuesday 23rd April, 2013
4:25pm to 4:50pm
Although people have been hacking messaging systems on top of HTTP for years, it's only since the arrival of WebSockets and EventSource that the idea has become mainstream. As ever, new web technology means new attack vectors that developers must be aware of.
By adding realtime messaging to a web app, you are opening your site up to a host of potential security problems, including CSRF and XSS. While working on the pub/sub framework Faye, I've tried to make it easy to keep your application secure but you still need some knowledge to apply the available tools correctly.
In this talk, I'll discuss the security problems with socket-based applications and explain what you can do to avoid these pitfalls, whatever socket library you're using.
Sign in to add slides, notes or videos to this session