Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
1. Web 2.0 Application Kung-Fu Securing Ajax & Web Services Shreeraj Shah DeepSec 2007– Vienna,2007
2.
3.
4.
5. Web 2.0 – Ajax & Web Services HTML / JS / DOM RIA (Flash) Ajax Browser Internet Blog Local Application Database Authentication Internet Weather News Documents Emails Bank/Trade RSS feeds Web Services
6. Widget DOM HTML/CSS JavaScript SOAP XML-RPC JSON XML Open APIs SaaS Services REST Browser Protocols Web 2.0 Layers Ajax Flash / RIA JSON-RPC Structures Server-Side HTTP(S)
7. Technologies Web Server Static pages HTML,HTM etc.. Web Client Scripted Web Engine Dynamic pages ASP DHTML, PHP,CGI Etc.. DB X ASP.NET with .Net J2EE App Server Web Services Etc.. Application Servers And Integrated Framework Internet DMZ Trusted Internal/Corporate W E B S E R V I C E S Ajax RIA Client SOAP, REST, XML-RPC, JSON etc.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26. Methodology Footprinting & Discovery Enumeration & Profiling Vulnerability Detection Code / Config Scanning Web Services Firewall Secure Coding Insecure Web Services Secure Web Services Blackbox Whitebox Defense & Countermeasure
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40. HTTP Stack for .Net HttpRuntime HttpApplicationFactory HttpApplication HttpHandlerFactory IHttpModule Handler Web Application Firewall & IDS 148