Thursday, March 20, 2008

HackInTheBox & RSA 2008- Blueinfy Training and Research

Training Title: Web Application Security – Advanced Attacks and Defense
Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.
Presentation Title: Securing Next Generation Applications – Scan, Detect and Mitigate
Presentation Details:
McKinsey’s recent global survey suggested that 80% of companies are investing in Web 2.0 technologies. Web 2.0 technologies are no longer restricted to social networking site but forming backend to enterprise level applications. This evolution is giving rise to next generation application hacking and attack vectors. It is imperative to understand these new attacks and scanning methods to detect vulnerabilities. This presentation will be full of real life cases, live demonstrations, new tools and techniques along in-depth coverage on the latest concepts and methodologies.

Presenting Research at RSA 2008


Session Code: SOA-202
Session Title: Web 2.0 Security Chess: Combat Strategies and Defense Tactics
Scheduled Date/Time: Wednesday, April 09 09:10 AM
RED ROOM 310
Session Abstract: Ajax, web services and rich Internet (Flash) are redefining moves on the security chessboard. Attack strategies are emerging like cross-site scripting with JSON or cross-site request forgery with XML. This session will cover Web 2.0 attacks, tools for assessment, and approaches for code analysis with demonstrations. Professionals can apply knowledge in real life to a secure Web 2.0 application layer.

Agenda

Thursday, March 13, 2008

Infosecworld 08 - Presentations on iHTTPModule and CSRF

You can go through my presentation and research work on iHTTPModule and CSRF. I have posted them on slideshare. Here is the posting you can view over here or go to the slideshare.

[CSRF]

[.NET iHTTPModule - Interesting stuff]

Sunday, March 9, 2008

InfosecWorld - iHTTPModule and CSRF

Speaking on iHTTPModule with IIS 7.0 integrated pipe. It can help in building defense by creating WAF. Also, addressing CSRF and security controls around it. Looking forward to meet some of the application security folks as well.

Monday, March 3, 2008

Workshop in Dubai - Application Security


Having 2 days workshop for ISACA in Dubai. Look forward to meet some of UAE folks. Cheers!

If you are interested in joining - More Detail