Abstract
McKinsey’s recent global survey suggested that 80% of companies are investing in Web 2.0 technologies. Web 2.0 technologies are no longer restricted to social networking site but forming backend to enterprise level applications. This evolution is giving rise to next generation application hacking and attack vectors. It is imperative to understand these new attacks and scanning methods to detect vulnerabilities. This presentation is going to cover following important aspects of next generation application security.
- Footprinting, Scanning and Crawling of Web 2.0 applications.
- Ajax and Flash based XSS for Web 2.0 application.
- One-Way and Two-Way Cross Site Request Forgery for XML and JSON streams.
- Threat Model 2.0 for Web 2.0 applications.
- Hacking and Securing Service Oriented Architecture (SOAP, XML-RPC and REST based applications)
- Strategic security controls by leveraging Source code scanning and application layer filtering.
This presentation will be full of real life cases, live demonstrations, new tools and techniques along in-depth coverage on the latest concepts and methodologies.