[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us :: forum ]
[ :: sponsors :: past conferences :: conference kit (English) ]

Shreeraj Shah (Director, Net-Square)

Filed under: Main Page — Administrator @ 7:29 pm

Presentation Title: WEB 2.0 Hacking – Defending Ajax and Web Services
Presentation Details:

WEB 2.0 technologies for the Web application layer are still evolving. This framework consists of Web services, AJAX and SOAP/XML and while still evolving has thrown up new attack vectors. To combat the attacks one needs to understand the new methodology, tools and strategies. Steadily emerging as the first line of defense is the Web application firewall. This presentation reveals emerging security threats, some of which will be demonstrated.

Objectives:

* Logical evolution of Web applications has reached a new level with the introduction of WEB 2.0. WEB 2.0 is the combination of new technologies like Web services, AJAX and SOAP. It is important to understand this framework and the fundamentals, before looking at security threats.

* Imparting new Web application footprinting methodology by leveraging search engines like MSN and Google. Search engines are emerging as major information sources with Web services APIs.

* Comprehending XML-based attack vectors – LDAP/SQL injections, SOAP messaging attacks, AJAX and Web profiling. These shall be covered along with demonstration examples.

* Web services are the backbone of WEB 2.0 and it is important to understand security threats.

* Building a Web application firewall and implementing strategies to defend WEB 2.0 based applications.

About Shreeraj

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Net Square,a company that provides security consulting, training and development services to the world’s leading software vendors, financial and professional service providers. Prior to founding Net-Square, he has worked with Foundstone, Chase Manhattan Bank and IBM. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

He is also the author of Hacking Web Services (Thomson) and co-author of Web Hacking: Attacks and Defense (Addison-Wesley). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert. You can read his blog at http://shreeraj.blogspot.com/


Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


UAE Telecommunications Regulatory Authority(TRA)


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors


Gold Sponsors


Microsoft Corporation


HP Middle East

Official Airline Partner


Official Airline Partner for HITB Crew


CTF Sponsor


Scan Associates

CTF Prize Sponsor


Scan Associates

Official Media Partner


Official Publications



Our Speakers Are Supported By:


Telspace Systems

Telecom Security Task Force - TSTF.net

Mediaservice.net

F-Secure Corp

Mozilla Corporation

FMA-RMS (Singapore/Malaysia)

Official Hotel


Supporting Media:

InfoSec News

(ISN) InfoSec News

XAKEP

Xakep (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies


IT Underground


X-Focus China

Zone-H Defacement Mirror


Xatrix Security

Copyright 2007 Hack In The Box (M) Sdn. Bhd.