Presentation Title Top 10 Web 2.0 Attacks and Exploits
Presentation Abstract
We are in the era of Web 2.0 and new technologies like Ajax, Flex, Silverlight and SOA are reshaping the Internet landscape. We are witnessing new exploits and hacking methodologies in this new era. Following Web 2.0 exploits and hacking techniques will be discussed with demonstrations and cases
1.Blind SQL injection with JSON
2.Cross Widget exploits
3.One way CSRF attacks with XML
4.Asynchronous SQL poisoning
5.Ajax exploits for browser hijacking
6.DOM based Exploits with JavaScripts
7.SOAP attacks with XPATH
8.Hacking RSS feeds with payloads
9.Authorization bypass with Web 2.0
10.Cross Domain hacks and exploits
During this talk new tools, methodologies and countermeasures will be covered for securing Web 2.0 applications. Web 2.0 exploits can lead to complete application control, logical application hijacking and remote access to end user’s browser.
About Shreeraj
Shreeraj Shah, B.E., MSCS, MBA, CSSLP is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space.
He is also the author of popular books Web 2.0 Security, like Hacking Web Services (Thomson 06) and Web Hacking:Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), OWASP, HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology, SC Magazine etc. as an expert.