GNUCITIZEN Pdp Owasp Usa 2007

Slide 1: For my next trick... hacking Web2.0 (lite) Petko D. Petkov (pdp) GNUCITIZEN http://www.gnucitizen.org OWASP USA November 2007 Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ The OWASP Foundation http://www.owasp.org/

Slide 2: powered BY http://www.gnucitizen.org OWASP USA – November 2007

Slide 3: ...before we START Feel free to ask questions! Do ask questions! Have fun! OWASP USA – November 2007

Slide 4: what is WEB2.0? OWASP USA – November 2007

Slide 5: ... Marketing buzzword Invented by O'Reilly Media in 2003 Wikis, Blogs, AJAX, Social Networks, Collaboration APIs, SOA (Service Oriented Architecture) Data in the Cloud Applications on Demand OWASP USA – November 2007

Slide 6: why web2.0 HACKING? OWASP USA – November 2007

Slide 7: ... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous Agents Distribution Attack Infrastructures OWASP USA – November 2007

Slide 8: the PAPER 5 fictional stories with technology that is real Learn by example KISS (Keep it Simple Stupid) Problems with no solutions I was told that I need to come up with some solutions, otherwise I cannot present at OWASP. OWASP USA – November 2007

Slide 9: the STORIES MPack2.0 Attack Infrastructures Wormoholic Autonomous Agents Bookmarks Rider Distribution RSS Kingpin Information Spamming Revealing the hidden Web Service Abuse OWASP USA – November 2007

Slide 10: know your ROOTS OWASP USA – November 2007

Slide 11: ... what's MPACK? OWASP USA – November 2007

Slide 12: ... what would it be in the web2.0 WORLD? hint: Google Mashup Editor OWASP USA – November 2007

Slide 13: ... who is SAMY? OWASP USA – November 2007

Slide 14: ... what's a covert CHANNEL? OWASP USA – November 2007

Slide 15: ... ...but in the web2.0 WORLD? OWASP USA – November 2007

Slide 16: ... who's the mechanical TURK? OWASP USA – November 2007

Slide 17: ... ...to MALWARE? hint: Social Bookmarking OWASP USA – November 2007

Slide 18: ... can web2.0 malware BROADCAST ? OWASP USA – November 2007

Slide 19: ... ...MD5(DOMA IN + TIME) OWASP USA – November 2007

Slide 20: ... where are my SCHEDULER S? OWASP USA – November 2007

Slide 21: ... where are my ACTUATORS ? OWASP USA – November 2007

Slide 22: ... ...data in the CLOUD... (the malicious one) OWASP USA – November 2007

Slide 23: ... ...applications on DEMAND... (the malicious ones) OWASP USA – November 2007

Slide 24: ... what's state and what's PERSISTENC E? OWASP USA – November 2007

Slide 25: ... riding social bookmarks is FUN! OWASP USA – November 2007

Slide 26: ... ...maybe make some money TOO! OWASP USA – November 2007

Slide 27: ... to splog or not to splog. This is the QUESTION! OWASP USA – November 2007

Slide 28: ... call me the rss KINGPIN! OWASP USA – November 2007

Slide 29: ... service abuse and the hidden WEB OWASP USA – November 2007

Slide 30: know your ROOTS OWASP USA – November 2007

Slide 31: ...more Profiling targets by watching their Web activities Snoop onto targets GEO Position Mobile phones GEO Position individuals More service abuse More vulnerabilities More Insecurities OWASP USA – November 2007

Slide 32: ... solutions and recommendati ons? OWASP USA – November 2007

Slide 33: thank YOU http://www.gnucitizen.org OWASP USA – November 2007

Slideshare.net (beta)