Sunday, October 25, 2009

SecurityByte & OWASP event in India




Blueinfy is conducting one day workshop and sharing research at this event.

Cloud Hacking – Distributed Attack & Exploit Platform

We are witnessing applications, networks and infrastructures moving towards cloud computing. These clouds are emerging as a common platform to perform distributed attacks. Web/Enterprise 2.0 technologies are adding a new dimension to compromise cloud security. In this talk following topics will be covered with real life cases, tools and demonstrations.

  • Fingerprinting and Footprinting clouds and resources
  • Clouds internals and discoveries
  • Cloud applications’ internal APIs and session hijacking & fixations
  • Privilege and authorization escalations in cloud computing
  • Network and Operating Systems hacks inside clouds
  • Exploiting client side of cloud users
  • Attack methods and exploits
  • Impact analysis of cross domain access inside cloud - Twitter, Facebook, LinkedIn, MySpace etc.
  • Google’s model and security threats – lessons to learn
  • Live hacks and demos
  • Tools to take away

Advanced Web Hacking – Securing Ajax, RIA and SOA

Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web-based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lots of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.
Research and Talk

Friday, October 02, 2009

Web 2.0 Hacking class at DeepSec from Blueinfy

Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies. The course is designed by the author of --Web Hacking: Attacks and Defense--, “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Hacking 2.0 is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits.

Visit here for detail on event

Thursday, October 01, 2009

Secure Coding Class in Singapore

We are conducting class in Singapore from 25th-27th November. Detail over here

Description

Enterprise application source code, independent of languages and platforms, is a major source of vulnerabilities. The class is designed and developed to focus on enterprise architecture and application analytics to discover vulnerabilities. One of the CSI surveys on vulnerability distribution suggests that in 64% of cases, a vulnerability crops up due to programming errors and in 36% of cases, due to configuration issues. We will be covering analysis techniques, with tools, for assessment and review of enterprise application source code. Enterprise 2.0 and mashups, along with other different Web 2.0 concepts, reinforced by hands-on experience, will help in understanding next generation application requirements.

It is imperative to know source code review methodologies and strategies for analysis. The emphasis of the class would be to develop a complete understanding of source code analysis, audit methodologies, techniques and tools. Knowledge gained would help in analyzing and securing enterprise applications at all different stages - architecture, design and/or development. The course is designed by the author of "Web Hacking: Attacks and Defenses", "Hacking Web Service" and "Web 2.0 Security - Defending Ajax, RIA and SOA", bringing his experience in application security and research to the curriculum. Special focus is given to compliance and Top-25 errors for enterprise applications.

This class is hands-on and needs laptops to implement its numerous exercises designed to run hand-in-hand with their concepts. The class features real life cases, hands-on exercises, code scanning tools and defense plans. Participants would be methodically taken down to the source code level and exposed to the possible flaws in architecture, design and coding practices. The class would then focus on the proper ways of writing secure code and analyzing the code base.

Visit for full detail