Tuesday, March 20, 2007

WEB 2.0 Hacking – Defending Ajax and Web Services


WEB 2.0 technologies for the Web application layer are still evolving. This framework consists of Web services, AJAX and SOAP/XML and while still evolving has thrown up new attack vectors. To combat the attacks one needs to understand the new methodology, tools and strategies. Steadily emerging as the first line of defense is the Web application firewall. This presentation reveals emerging security threats, some of which will be demonstrated.

Here

Advanced Web Application & Services Hacking



Training at Dubai for HITB 2007.

A growing concern has been Web application security Web and application servers are the target of regular attacks by attackers that exploit security loopholes or vulnerabilities in code or design. Adding to this concern are next generation applications; applications that are on the fast track and more appealing to the user, utilizing dynamic AJAX scripts, Web services and newer Web technologies to create intuitive and easy interfaces. The only constant in this space is change. In this dynamically changing scenario it is important to understand new threats that emerge in order to build constructive strategies to protect corporate assets.

This two day workshop will expose students to both aspects of security: attacks and defense. To think of newer Web applications without Web services is a big mistake. Sooner or later existing applications will be forced to migrate to the new framework. This workshop includes several cases, demonstrations and hands-on exercises with newer tools to give you a headstart over others in the field.

Here

Tuesday, March 13, 2007

ISACA-UAE - Web Application Workshop ...



One day conference at Dubai on Web Application Security.
Here

Sunday, March 11, 2007

RSS Security Threats With Financial Services

Web 2.0 technologies are penetrating deeper into the financial services sector as Enterprise 2.0 solutions, adding value to financial services. Analysts can leverage information sources to go beyond the obvious. Trading and Banking companies like Wells Fargo and E*Trade are developing their next generation technologies using Web 2.0 components; components that will be used in banking software, trading portals and other peripheral services. The true advantage of RSS components is to push information to the end user rather than pull it from the Internet. The financial industry estimates that 95% of information exists in non-RSS formats and could become a key strategic advantage if it can be converted into RSS format. Wells Fargo has already implemented systems on the ground and these have started to yield benefits. RSS comes with its own security issues that assume critical significance with regard to financial services. In this article we will see some of the security concerns around RSS security and attack vectors.

Read here

My Bio with respect to Web Security Contribution...

Anurag is running a reflection series on his blog for web security professionals. He is compiling a list of person along with their resources. He has posted mine this week. You can read it here