Abstract: One or more techniques and/or systems are disclosed for rendering online ads on a webpage. A first inter-frame communication channel is created, which comprises a first communication channel between a first cross-domain frame and a host page, such as the webpage. The first cross-domain frame comprises content from a domain that is different than that of the host page domain. A second inter-frame communication channel is created comprising a second communication channel between the first cross-domain frame and a second cross-domain frame in the host page.

Abstract: Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.

Abstract: A system that facilitates detecting security flaws in a web site that receives and transmits untrusted content is described herein. The system includes a receiver component that receives test content that corresponds to a field on a web page that, when the web site is online, is configured to receive user-generated content, wherein the test content includes non-malicious data. An encoder component encodes each character of the test content regardless of form or content of the test content to generate encoded content. A display component displays encoded content and non-encoded content of the web page to a tester on a computer screen, wherein the display component causes the encoded content to be displayed in a visually distinct manner from the non-encoded content.

Abstract: Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.

Abstract: One or more techniques and/or systems are disclosed for rendering online ads on a webpage. A first inter-frame communication channel is created, which comprises a first communication channel between a first cross-domain frame and a host page, such as the webpage. The first cross-domain frame comprises content from a domain that is different than that of the host page domain. A second inter-frame communication channel is created comprising a second communication channel between the first cross-domain frame and a second cross-domain frame in the host page.

Abstract: A system that facilitates detecting security flaws in a web site that receives and transmits untrusted content is described herein. The system includes a receiver component that receives test content that corresponds to a field on a web page that, when the web site is online, is configured to receive user-generated content, wherein the test content includes non-malicious data. An encoder component encodes each character of the test content regardless of form or content of the test content to generate encoded content. A display component displays encoded content and non-encoded content of the web page to a tester on a computer screen, wherein the display component causes the encoded content to be displayed in a visually distinct manner from the non-encoded content.

Abstract: Techniques and tools for implementing a source code annotation language are described. In one aspect, keywords are added to a function interface to define a contract for the function independent of function call context. In another aspect, annotations are inserted at global variables, formal parameters, return values, or user-defined types. The annotations include, for example, properties and qualifiers. A property can indicate, for example, a characteristic of a buffer. In another aspect, an annotation indicates that a value has usability properties sufficient to allow a function to rely on the value, where the usability properties depend on value type.