Most of us assume while surfing the Web that we are protected by firewalls and isolated through private NAT'ed IP addresses. We assume the soft security of intranet websites and that the Web-based interfaces of routers, firewalls, printers, IP phones, payroll systems, etc. even if left unpatched, remain safe inside the protected zone. We believe nothing is capable of directly connecting in from the outside world. Right? Well, not quite.
During this presentation we'll demonstrate a wide variety of cutting-edge web application security attack techniques and describe bestpractices for securing websites and users against these threats.
Blind web server fingerprinting using unique URLs
Discovery NAT'ed IP addresses with Java Applets
Stealing web browser history with Cascading Style Sheets
Best-practice defense measures for securing websites
Essential habits for safe web surfing