Hackers of India

Hacking Ajax and Web Services – Next Generation Web Attacks on the Rise

By  Shreeraj Shah  on 06 Sep 2007 @ Hitb Sec Conf


Presentation Material

Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise from Shreeraj Shah

Abstract

WEB 2.0 technologies for the Web application layer are still evolving. This framework consists of Web services, AJAX and SOAP/XML and while still evolving has thrown up new attack vectors. To combat the attacks one needs to understand the new methodology, tools and strategies. This presentation reveals emerging security threats, some of which will be demonstrated.

Logical evolution of Web applications has reached a new level with the introduction of WEB 2.0. WEB 2.0 is the combination of new technologies like Web services, AJAX and SOAP. It is important to understand this framework and the fundamentals, before looking at security threats. Ajax is becoming integral part of these new applications and its serialization aspect opens up new ways of hacking browser side application which can lead to XSS and XSRF.

Comprehending XML-based attack vectors LDAP/SQL injections, SOAP messaging attacks, AJAX and Web profiling. These shall be covered along with demonstration examples. Web services are the backbone of WEB 2.0 and it is important to understand security threats.