This blog is created to keep track of my activities and place holder for sharing. Enjoy!
Monday, October 23, 2006
How safe is Web 2.0?
Technology commentator Bill Thompson says the latest incarnation of the web, dubbed Web 2.0, is prone to the same flaws as its predecessor
[Top 10 Web 2.0 attack vectors are taken as reference]
Read story
Wednesday, October 11, 2006
Hacking Web 2.0 Applications with Firefox
AJAX and interactive web services form the backbone of “web 2.0” applications. This technological transformation brings about new challenges for security professionals.
This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins. The key learning objectives of this article are to understand the:
* web 2.0 application architecture and its security concerns.
* hacking challenges such as discovering hidden calls, crawling issues, and Ajax side logic discovery.
* discovery of XHR calls with the Firebug tool.
* simulation of browser event automation with the Chickenfoot plugin.
* debugging of applications from a security standpoint, using the Firebug debugger.
* methodical approach to vulnerability detection.
Read
Monday, October 09, 2006
Top 10 Web 2.0 attack vectors
Web 2.0 is the novel term coined for new generation Web applications. start.com, Google maps, Writely and MySpace.com are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself.
XML is making a significant impact at both presentation and transport (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice.
More
Subscribe to:
Posts (Atom)