Saturday, October 22, 2005

Assessing Web App Security with Mozilla (Oreilly)



Web application assessment is a challenging task for security analysts. Several products and tools are available, each claiming to perform automated analysis on entire applications. Their capabilities include obtaining data, corroborating it, and printing aesthetically appealing reports--all without user intervention.

The nature of web applications is very different from that of standard applications. Many times, these tools miss key vulnerabilities in the application. The best way to perform web application assessment is by using the unassailable combination of automated tools and human intellect. This article examines the LiveHTTPHeaders project, which fits seamlessly into Mozilla browser components to facilitate very effective web application assessment.

Read Here

Thursday, October 06, 2005

RSA Europe 2005





Title: WEB SERVICES SECURITY CHESS:STRATEGIES FOR COMBAT AND SHIELDS FOR DEFENSE

Abstract:

Attack is the best way to know your defense. Knowledge of attack methodology, tools and defense strategies are most critical before creating shield for your ultimate defense. This presentation encompasses all three dimensions (Methodology, Tools and Strategies) with innovative researched approach and live demonstrations. UDDI, SOAP and WSDL are pawn, knight and queen of this new chess board.

Objectives:

1.Imparting web services assessment methodology and demonstrate approach with live application. 2.Leveraging tools and creating your own tool on the fly while performing your work on web services. 3.Build ultimate defense for your web services by leveraging content filtering and secure coding for web services.