DeepSec 2007: Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

[Nytro]

[h=1]DeepSec 2007: Web 2.0 Application Kung-Fu - Securing Ajax & Web Services[/h]Thanks to the DeepSec organisation for making these videos available and let me share the videos on YouTube.

Speaker: Shreeraj Shah, Net Square Solutions Pvt. Ltd.

With Web 2.0 applications being adopted by businesses at a very quick pace, security concerns around these technologies too have grown. Ajax and Web Services are key components in the Web 2.0 framework. Understanding new technology key components vis-à-vis attack vectors is imperative if the security concerns are to be adequately addressed. Financial services companies such as Wells Fargo and E*Trade are adopting Web 2.0 technologies by building next generation Enterprise 2.0 solutions. Ajax fingerprinting, crawling and scanning are key aspects for Web 2.0 threat profiling. It is possible to identify XSS and XSRF vulnerabilities and likely weak entry points on the basis of proper threat profiles. As ethical hackers, scanning and fuzzing must be accomplished before attackers have the chance to exploit vulnerable Web Services running on XML-RPC, SOAP and REST. This presentation is going to reveal methodologies, techniques and tricks to hack Web 2.0 applications and defense strategies to secure them. The presentation includes a number of demonstrations and real-life cases encompassing next generation attacks and defense. The speaker has already authored several tools -- wsChess (Web Services hacking toolkit), Ajaxfinger, ScanAjax and MSNPawn -- that will be demonstrated in detail.

For more information visit: Speakers - DeepSec IDSC 2007 Europe - Vienna, November 20-23, 2007

To download the video visit: DeepSec 2007 on Vimeo