SlideShare una empresa de Scribd logo

S Shah Web20

Aung Khant
Aung Khant
Tecnología
1 de 4
Descargar para leer sin conexión
Top 10 Web 2.0 attack vectors Shreeraj Shah Founder, Net Square shreeraj@net-square.com Web 2.0 is the novel term coined for new generation Web applications. start.com, Google maps, Writely and MySpace.com are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself. XML is making a significant impact at both presentation and transport (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice. WEB 2.0 Security concerns – Reshaping the industry This technological transformation is bringing in new security concerns and attack vectors into existence. Yamanner, Samy and Spaceflash type worms are exploiting “
S Shah Web20
S Shah Web20
S Shah Web20

Recomendados

Ikarus
IkarusIkarus
Ikarus
Alper Türkyılmaz
 
Ikaruson Pc
Ikaruson PcIkaruson Pc
Ikaruson Pc
Alper Türkyılmaz
 
Fy10 Software + Services Cloud Overview 2 of 4
Fy10 Software + Services Cloud Overview 2 of 4Fy10 Software + Services Cloud Overview 2 of 4
Fy10 Software + Services Cloud Overview 2 of 4
David Williams
 
Silverlight 3.0
Silverlight 3.0Silverlight 3.0
Silverlight 3.0
Rishu Mehra
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
Aung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
Aung Khant
 
Session Fixation
Session FixationSession Fixation
Session Fixation
Aung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
Aung Khant
 

Recomendados

Ikarus
IkarusIkarus
Ikarus
Alper Türkyılmaz
 
Ikaruson Pc
Ikaruson PcIkaruson Pc
Ikaruson Pc
Alper Türkyılmaz
 
Fy10 Software + Services Cloud Overview 2 of 4
Fy10 Software + Services Cloud Overview 2 of 4Fy10 Software + Services Cloud Overview 2 of 4
Fy10 Software + Services Cloud Overview 2 of 4
David Williams
 
Silverlight 3.0
Silverlight 3.0Silverlight 3.0
Silverlight 3.0
Rishu Mehra
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
Aung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
Aung Khant
 
Session Fixation
Session FixationSession Fixation
Session Fixation
Aung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
Aung Khant
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
Himanshu Kumar Das
 
Ria Meets Enteprise SOA
Ria Meets Enteprise SOARia Meets Enteprise SOA
Ria Meets Enteprise SOA
schennamaraja
 
Risico's Web 2.0
Risico's Web 2.0Risico's Web 2.0
Risico's Web 2.0
hnzz pronk
 
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah
 
WEB 2.0 SLIDES
WEB 2.0 SLIDESWEB 2.0 SLIDES
WEB 2.0 SLIDES
bineet21
 
WEB 2.0
WEB 2.0WEB 2.0
WEB 2.0
bineet21
 
WEB 2.0
WEB 2.0WEB 2.0
WEB 2.0
guestb3fba6
 
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Shreeraj Shah
 
Web 2 0 Ppt
Web 2 0 PptWeb 2 0 Ppt
Web 2 0 Ppt
rsyokesh
 
Web 2 0 Ppt
Web 2 0 PptWeb 2 0 Ppt
Web 2 0 Ppt
Hema Prasanth
 
Leveraging The Web 2.0 Movement, Dion Hinchliffe
Leveraging The Web 2.0 Movement, Dion HinchliffeLeveraging The Web 2.0 Movement, Dion Hinchliffe
Leveraging The Web 2.0 Movement, Dion Hinchliffe
Giuliano Prati
 
Cavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Cavalcare l'onda del Web 2.0 - Dion HinchcliffeCavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Cavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Tommaso Sorchiotti
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
TSUBHASHRI
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
Suresh Kumar
 
Ajax white paper
Ajax white paperAjax white paper
Ajax white paper
Kugan Karthikeyan
 
Web2.0 Ajax and REST in WebSphere Portal
Web2.0 Ajax and REST in WebSphere PortalWeb2.0 Ajax and REST in WebSphere Portal
Web2.0 Ajax and REST in WebSphere Portal
Munish Gupta
 
HTML5 & Renesas RZ/G
HTML5 & Renesas RZ/GHTML5 & Renesas RZ/G
HTML5 & Renesas RZ/G
dynamis
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
guest66dc5f
 
Dom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat PresoDom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
Shreeraj Shah
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
ClubHack
 
Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
Aung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
Aung Khant
 

Más contenido relacionado

Similar a S Shah Web20

Ria Meets Enteprise SOA
Ria Meets Enteprise SOARia Meets Enteprise SOA
Ria Meets Enteprise SOA
schennamaraja
 
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Shreeraj Shah
 
Web 2 0 Ppt
Web 2 0 PptWeb 2 0 Ppt
Web 2 0 Ppt
rsyokesh
 
Cavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Cavalcare l'onda del Web 2.0 - Dion HinchcliffeCavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Cavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Tommaso Sorchiotti
 
Web2.0 Ajax and REST in WebSphere Portal
Web2.0 Ajax and REST in WebSphere PortalWeb2.0 Ajax and REST in WebSphere Portal
Web2.0 Ajax and REST in WebSphere Portal
Munish Gupta
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
guest66dc5f
 
Dom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat PresoDom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
Shreeraj Shah
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
ClubHack
 

Similar a S Shah Web20 (20)

Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Ria Meets Enteprise SOA
Ria Meets Enteprise SOARia Meets Enteprise SOA
Ria Meets Enteprise SOA
 
Risico's Web 2.0
Risico's Web 2.0Risico's Web 2.0
Risico's Web 2.0
 
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
 
WEB 2.0 SLIDES
WEB 2.0 SLIDESWEB 2.0 SLIDES
WEB 2.0 SLIDES
 
WEB 2.0
WEB 2.0WEB 2.0
WEB 2.0
 
WEB 2.0
WEB 2.0WEB 2.0
WEB 2.0
 
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
 
Web 2 0 Ppt
Web 2 0 PptWeb 2 0 Ppt
Web 2 0 Ppt
 
Web 2 0 Ppt
Web 2 0 PptWeb 2 0 Ppt
Web 2 0 Ppt
 
Leveraging The Web 2.0 Movement, Dion Hinchliffe
Leveraging The Web 2.0 Movement, Dion HinchliffeLeveraging The Web 2.0 Movement, Dion Hinchliffe
Leveraging The Web 2.0 Movement, Dion Hinchliffe
 
Cavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Cavalcare l'onda del Web 2.0 - Dion HinchcliffeCavalcare l'onda del Web 2.0 - Dion Hinchcliffe
Cavalcare l'onda del Web 2.0 - Dion Hinchcliffe
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Ajax white paper
Ajax white paperAjax white paper
Ajax white paper
 
Web2.0 Ajax and REST in WebSphere Portal
Web2.0 Ajax and REST in WebSphere PortalWeb2.0 Ajax and REST in WebSphere Portal
Web2.0 Ajax and REST in WebSphere Portal
 
HTML5 & Renesas RZ/G
HTML5 & Renesas RZ/GHTML5 & Renesas RZ/G
HTML5 & Renesas RZ/G
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
 
Dom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat PresoDom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
 

Más de Aung Khant

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
Aung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
Aung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
Aung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
Aung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
Aung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
Aung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
Aung Khant
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
Aung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
Aung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
Aung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
Aung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
Aung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
Aung Khant
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
Aung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
Aung Khant
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web App
Aung Khant
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based Applications
Aung Khant
 
Search Attacks
Search AttacksSearch Attacks
Search Attacks
Aung Khant
 
Secure Dev Practices
Secure Dev PracticesSecure Dev Practices
Secure Dev Practices
Aung Khant
 

Más de Aung Khant (20)

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web App
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based Applications
 
Ruby Security
Ruby SecurityRuby Security
Ruby Security
 
Search Attacks
Search AttacksSearch Attacks
Search Attacks
 
Secure Dev Practices
Secure Dev PracticesSecure Dev Practices
Secure Dev Practices
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

S Shah Web20

  • 1. Top 10 Web 2.0 attack vectors Shreeraj Shah Founder, Net Square shreeraj@net-square.com Web 2.0 is the novel term coined for new generation Web applications. start.com, Google maps, Writely and MySpace.com are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself. XML is making a significant impact at both presentation and transport (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice. WEB 2.0 Security concerns – Reshaping the industry This technological transformation is bringing in new security concerns and attack vectors into existence. Yamanner, Samy and Spaceflash type worms are exploiting “