[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Keynote Videos Now Available for Download

Day 1 Keynote: Bruce Schneier - Schneier on Security
Day 2 Keynote: Jeremiah Grossman - Hacks Happen

Shreeraj Shah (Director, BlueInfy)

Filed under: Main Page — Administrator @ 7:29 pm

Presentation Title: Securing Next Generation Applications – Scan, Detect and Mitigate
Presentation Details:

McKinsey’s recent global survey suggested that 80% of companies are investing in Web 2.0 technologies. Web 2.0 technologies are no longer restricted to social networking site but forming backend to enterprise level applications. This evolution is giving rise to next generation application hacking and attack vectors. It is imperative to understand these new attacks and scanning methods to detect vulnerabilities. This presentation is going to cover following important aspects of next
generation application security.

- Footprinting, Scanning and Crawling of Web 2.0 applications.
- Ajax and Flash based XSS for Web 2.0 application.
- One-Way and Two-Way Cross Site Request Forgery for XML and JSON streams.
- Threat Model 2.0 for Web 2.0 applications.
- Hacking and Securing Service Oriented Architecture (SOAP, XML-RPC and REST based applications)
- Strategic security controls by leveraging Source code scanning and application layer filtering.

This presentation will be full of real life cases, live demonstrations, new tools and techniques along in-depth coverage on the latest concepts and methodologies.

About Shreeraj Shah

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

He is also the author of popular books like Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Event Partner


SCANIT ME LLC


OGER SYSTEMS

Supported & Endorsed By


UAE Telecommunications Regulatory Authority (TRA)


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)


ArgenISS

Gold Sponsors


Google


Microsoft Corporation

Official Media Partner (Magazine)


Network Middle East


Arabian Computer News


ITP Business

Official Airline Partner


Emirates Airlines

Our Speakers are Supported By


Bellua Asia Pacific

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations



CONFidence


ISECOM - Insititue for Security and Open Methodologies


ISACA Malaysia


IT Underground


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore


Syscan