Abstract

Web 2.0/RIA applications are using advanced web technologies like Ajax, Flash/Flex and Silverlight. These technologies form the presentation layer of next generation applications. One of the ways to assess security of these applications is by performing reverse engineering techniques across all these components. Understanding of decompiling methodologies for Flash/Flex and Silverlight can help in discovering potential vulnerabilities residing across application base.

At the same time effective use of Javascript debugger can help in performing reverse engineering Ajax driven applications. During this talk we will define methodologies and approaches for performing reverse engineering to detect client side XSS, logical layer vulnerabilities, authorization bypasses, weak JSON calls, XML stream poisoning points, abusing Javascript, DOM hacking etc. We will go over some interesting tools and scripts which you can use at your work to secure your Web 2.0 applications.