This blog is created to keep track of my activities and place holder for sharing. Enjoy!
Tuesday, November 28, 2006
Vulnerability Scanning Web 2.0 Client-Side Components
Web 2.0 applications are a combination of several technologies such as Asynchronous JavaScript and XML (AJAX), Flash, JavaScript Object Notation (JSON), Simple Object Access Protocol (SOAP), Representational State Transfer (REST). All these technologies, along with cross-domain information access, contribute to the complexity of the application. We are seeing a shift towards empowerment of an end-user's browser by loading libraries.
All these changes mean new scanning challenges for tools and professionals. The key learning objectives of this article are to understand the following concepts and techniques:
* Scanning complexity and challenges in new generation Web applications
* Web 2.0 client-side scanning objectives and methodology
* Web 2.0 vulnerability detection (XSS in RSS feeds)
* Cross-domain injection with JSON
* Countermeasures and defense through browser-side filtering
Read
Monday, November 27, 2006
Web 2.0 defense with Ajax fingerprinting & filtering
(IN)SECURE magazine contains my article on Ajax fingerprinting and filtering technique. It can help in defending Web 2.0 applications.
Friday, November 10, 2006
Top 10 Ajax Security Holes and Driving Factors
One of the central ingredients of Web 2.0 applications is Ajax encompassed by JavaScripts. This phase of evolution has transformed the Web into a superplatform. Not surprisingly, this transformation has also given rise to a new breed of worms and viruses such as Yamanner, Samy and Spaceflash. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the last few months. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation.
Read
Thursday, November 02, 2006
[O'reilly Net] Detecting Web Application Security Vulnerabilities
Your web application is only as secure as the data coming in, and how you treat user input determines how secure you are. A little bit of thought and Python programming can help you analyze potential vulnerabilities in your code
Read Here
Read Here
Subscribe to:
Posts (Atom)