Advertisement
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

Check these out next

HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
Broken access controls
Broken access controls
Akansha Kesharwani
Sql injection attack
Sql injection attack
RajKumar Rampelli
Dom based xss
Dom based xss
Lê Giáp
The Cross Site Scripting Guide
The Cross Site Scripting Guide
Daisuke_Dan
Xss attack
Xss attack
Manjushree Mashal
1 of 42

Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

Nov. 27, 2007
Technology
Shreeraj Shah
Founder & Partner, Security Professional, Author, Faculty & Speaker at Blueinfy
Advertisement
Advertisement
Advertisement

Recommended

Cross Site ScriptingCross Site Scripting
Cross Site ScriptingAli Mattash2.1K views23 slides
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape3.7K views23 slides
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan2.4K views20 slides
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community2.8K views15 slides
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs4.6K views17 slides
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran17.5K views45 slides

More Related Content

Slideshows for you(20)

HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacks
DefconRussia18.6K views
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple38.8K views
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa26.3K views
Broken access controlsBroken access controls
Broken access controls
Akansha Kesharwani1.6K views
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli6K views
Dom based xssDom based xss
Dom based xss
Lê Giáp3K views
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting Guide
Daisuke_Dan2.2K views
Xss attackXss attack
Xss attack
Manjushree Mashal1.4K views
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi26.3K views
Cross site scriptingCross site scripting
Cross site scripting
kinish kumar30K views
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon3.3K views
Sessions and cookiesSessions and cookies
Sessions and cookies
www.netgains.org8.1K views
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda11.2K views
Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmap
Miroslav Stampar8.3K views
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
Blueinfy Solutions3.9K views
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology4.1K views
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi991 views
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar1.2K views
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
Filip Šebesta350 views
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community516 views

Similar to Web 2.0 Application Kung-Fu - Securing Ajax & Web Services(20)

AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah5.9K views
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Shreeraj Shah33.8K views
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
ClubHack658 views
04. xss and encoding04. xss and encoding
04. xss and encoding
Eoin Keary1.9K views
Ajax SecurityAjax Security
Ajax Security
Roberto Suggi Liverani2K views
Secure java script-for-developersSecure java script-for-developers
Secure java script-for-developers
n|u - The Open Security Community9.3K views
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
abhijitapatil9.6K views
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
ClubHack2.4K views
Web 2.0 HackingWeb 2.0 Hacking
Web 2.0 Hacking
blake101531 views
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
Cenzic1.3K views
gofortutiongofortution
gofortution
gofortution516 views
Application Security Workshop Application Security Workshop
Application Security Workshop
Priyanka Aash2.4K views
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
guest66dc5f51.5K views
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Shreeraj Shah5.5K views
Locking the Throne Room - How ES5+ might change views on XSS and Client Side ...Locking the Throne Room - How ES5+ might change views on XSS and Client Side ...
Locking the Throne Room - How ES5+ might change views on XSS and Client Side ...
Mario Heiderich3.2K views
Dojo - from web page to web appsDojo - from web page to web apps
Dojo - from web page to web apps
yoavrubin1.4K views
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Barrel Software1.7K views
Understanding dom based xssUnderstanding dom based xss
Understanding dom based xss
Potato563 views
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan6.6K views
Web HackingWeb Hacking
Web Hacking
Information Technology13K views
Advertisement

More from Shreeraj Shah(17)

Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectors
Shreeraj Shah7.4K views
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah45K views
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERYFIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah15K views
Top 10 HTML5 Threats - WhitepaperTop 10 HTML5 Threats - Whitepaper
Top 10 HTML5 Threats - Whitepaper
Shreeraj Shah4.4K views
HTML5 Top 10 Threats - Silent Attacks and Stealth ExploitsHTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah17.8K views
Blackhat11 shreeraj reverse_engineering_browserBlackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah1.8K views
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah8.9K views
Dom Hackking & Security - BlackHat PresoDom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
Shreeraj Shah604 views
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
Shreeraj Shah5.8K views
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
Shreeraj Shah6.5K views
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
Shreeraj Shah5.6K views
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah2.7K views
Hacking and Securing .NET Apps (Infosecworld)Hacking and Securing .NET Apps (Infosecworld)
Hacking and Securing .NET Apps (Infosecworld)
Shreeraj Shah128.2K views
Web Application Kung-Fu, Art of Defense (Bellua/HITB)Web Application Kung-Fu, Art of Defense (Bellua/HITB)
Web Application Kung-Fu, Art of Defense (Bellua/HITB)
Shreeraj Shah63.1K views
Web Services Security Chess (RSA)Web Services Security Chess (RSA)
Web Services Security Chess (RSA)
Shreeraj Shah4.2K views
Advanced Web Hacking (EUSecWest 06)Advanced Web Hacking (EUSecWest 06)
Advanced Web Hacking (EUSecWest 06)
Shreeraj Shah112.3K views
Advanced Web Services Hacking (AusCERT 06)Advanced Web Services Hacking (AusCERT 06)
Advanced Web Services Hacking (AusCERT 06)
Shreeraj Shah23.6K views

Recently uploaded(20)

【本科生、研究生】美国迈阿密大学牛津分校毕业证文凭购买指南【本科生、研究生】美国迈阿密大学牛津分校毕业证文凭购买指南
【本科生、研究生】美国迈阿密大学牛津分校毕业证文凭购买指南
akuufux2 views
jenkins.pptxjenkins.pptx
jenkins.pptx
Orco15 views
【本科生、研究生】英国克兰菲尔德大学毕业证文凭购买指南【本科生、研究生】英国克兰菲尔德大学毕业证文凭购买指南
【本科生、研究生】英国克兰菲尔德大学毕业证文凭购买指南
akuufux3 views
NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...
NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...
ssuser4b1f484 views
【本科生、研究生】英国卡迪夫大学毕业证文凭购买指南【本科生、研究生】英国卡迪夫大学毕业证文凭购买指南
【本科生、研究生】英国卡迪夫大学毕业证文凭购买指南
sutseu5 views
Scan 26 Apr 23 11·57·23.pdfScan 26 Apr 23 11·57·23.pdf
Scan 26 Apr 23 11·57·23.pdf
SmrDDhrk0 views
stock.pptstock.ppt
stock.ppt
ruber7311 view
presentation.pdfpresentation.pdf
presentation.pdf
Mahdi_Fahmideh4 views
Top 10 Must.pdfTop 10 Must.pdf
Top 10 Must.pdf
Roberberry0 views
Spring_Boot_Microservices-5_Day_Session.pptxSpring_Boot_Microservices-5_Day_Session.pptx
Spring_Boot_Microservices-5_Day_Session.pptx
Prabhakaran Ravichandran5 views
Structure.pptxStructure.pptx
Structure.pptx
MohammedOmer4015790 views
Pill Camera.pptxPill Camera.pptx
Pill Camera.pptx
Md Refatul Amin Refat4 views
【本科生、研究生】英国约克大学毕业证文凭购买指南【本科生、研究生】英国约克大学毕业证文凭购买指南
【本科生、研究生】英国约克大学毕业证文凭购买指南
foxupud0 views
【本科生、研究生】美国南达科他大学毕业证文凭购买指南【本科生、研究生】美国南达科他大学毕业证文凭购买指南
【本科生、研究生】美国南达科他大学毕业证文凭购买指南
sutseu3 views
NS-CUK Joint Jouarl Club: JHLee, Review on "GraphMAE: Self-Supervised Masked... NS-CUK Joint Jouarl Club: JHLee, Review on "GraphMAE: Self-Supervised Masked...
NS-CUK Joint Jouarl Club: JHLee, Review on "GraphMAE: Self-Supervised Masked...
ssuser4b1f484 views
Hackolade Tutorial - part 1 - What is a data modelHackolade Tutorial - part 1 - What is a data model
Hackolade Tutorial - part 1 - What is a data model
PascalDesmarets10 views
OODBMSvsORDBMSppt.pptxOODBMSvsORDBMSppt.pptx
OODBMSvsORDBMSppt.pptx
MEHMOODNadeem0 views
Office 365 licensesOffice 365 licenses
Office 365 licenses
Princy Nadar6 views
【本科生、研究生】英国埃克塞特大学毕业证文凭购买指南【本科生、研究生】英国埃克塞特大学毕业证文凭购买指南
【本科生、研究生】英国埃克塞特大学毕业证文凭购买指南
akuufux0 views
iotSportsgroupFINAL.pptxiotSportsgroupFINAL.pptx
iotSportsgroupFINAL.pptx
DeeJeeV3 views
Advertisement

Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

  1. Web 2.0 Application Kung-Fu Securing Ajax & Web Services Shreeraj Shah DeepSec 2007– Vienna,2007
  5. Web 2.0 – Ajax & Web Services HTML / JS / DOM RIA (Flash) Ajax Browser Internet Blog Local Application Database Authentication Internet Weather News Documents Emails Bank/Trade RSS feeds Web Services
  6. Widget DOM HTML/CSS JavaScript SOAP XML-RPC JSON XML Open APIs SaaS Services REST Browser Protocols Web 2.0 Layers Ajax Flash / RIA JSON-RPC Structures Server-Side HTTP(S)
  7. Technologies Web Server Static pages HTML,HTM etc.. Web Client Scripted Web Engine Dynamic pages ASP DHTML, PHP,CGI Etc.. DB X ASP.NET with .Net J2EE App Server Web Services Etc.. Application Servers And Integrated Framework Internet DMZ Trusted Internal/Corporate W E B S E R V I C E S Ajax RIA Client SOAP, REST, XML-RPC, JSON etc.
  26. Methodology Footprinting & Discovery Enumeration & Profiling Vulnerability Detection Code / Config Scanning Web Services Firewall Secure Coding Insecure Web Services Secure Web Services Blackbox Whitebox Defense & Countermeasure
  40. HTTP Stack for .Net HttpRuntime HttpApplicationFactory HttpApplication HttpHandlerFactory IHttpModule Handler Web Application Firewall & IDS 148
Advertisement