Wednesday, April 29, 2009

OWASP Event at Poland

Blueinfy is having training for a day at OWASP

Web 2.0 Hacking – Attacks & Countermeasures, by Shreeraj Shah, Blueinfy

Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.

Detail on training

There is a talk on Web 2.0 Exploits as well. Agneda

Saturday, April 25, 2009

Web2Proxy (Beta) - Web 2.0 Application Proxy, Profiling and Fuzzing tool

This tool helps in assessing next generation application running on Web/enterprise 2.0 platform. It profiles HTTP requests and responses at runtime by configuring it as proxy. It identifies structures like JSON, XML, XML-RPC etc. along with key HTTP parameters like cookie, login forms, hidden values etc. Based on profile one can take decision to trap and fuzz requests to identify potential vulnerabilities. This tool needs .NET framework and tested on Windows platform. We are adding several new features to upcoming edition.

Blueinfy's tool page
Demo page for tool