2. Family Named: AbhishekKr
Friends Call: ABK
g33k Handle: aBionic
IndependentSecurity Enthusiast/Researcher
Also a Member of „EvilFingers‟ (other than ‘NULL’)
Application-Developer in ThoughtWorks Inc.
OpenSource Lover
http://null.co.in http://nullcon.net aBionic@twitter,linkedin,FB
3. Other than expanding to (secure)SiteHoster
A Fresh A Lab (s)SH
Approach RAT
http://sourceforge.net/projects/sitehoster
http://null.co.in http://nullcon.net aBionic@twitter,linkedin,FB
7. http://null.co.in
http://nullcon.net
Major Threats for Web Applications
Stats are not same (of 2009) …
aBionic@
twitter,linkedin,FB
But t h r e a t s are
8. XSS Defeating Concept
always aim the strongest opponent first,
makes you win battle easily
http://null.co.in http://nullcon.net aBionic@twitter,linkedin,FB
9. IT IS JUST A PIECE OF CODE
aBionic@twitter,linkedin,FB
13. http://null.co.in
http://nullcon.net
3 Major XSS Attack Patterns
All Effect From Options of User Input, a Web2.0 Gift
aBionic@
twitter,linkedin,FB
14. + Karthik calling Karthik…
http://null.co.in
+ User (tricked) Input…
http://nullcon.net
Included or injected <script/>
What You See Is (*NOT*) What You Get
aBionic@
twitter,linkedin,FB
34. Old Wine, Why Not Always Used
DB
all boss
Read on Read,write.*
Table T1
Read,Write
on Table t2
User- Web-App
Mapper
aBionic@twitter,linkedin,FB
35. http://null.co.in
http://nullcon.net
& For Condition Match
An A Apple Hash A An Day Input
Keeps The Doctor Attacker Away
aBionic@
twitter,linkedin,FB
36. I Tweet Tech: http://www.twitter.com/aBionic
I Blog Tech: http://abhishekkr.wordpress.com/
I OpenSource
GitHub: https://github.com/abhishekkr
SourceForge: http://sourceforge.net/users/abhishekkr
I Socialize: http://www.facebook.com/aBionic
I Techalize: http://in.linkedin.com/in/abionic
I Deviantize: http://abhishekkr.deviantart.com/
http://null.co.in http://nullcon.net aBionic@twitter,linkedin,FB