Securing Enterprise Applications presented at SyScan 2009

by Shreeraj Shah,

Tags: Security Web

Summary : Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and
Web Services has changed the dimension of Application Hacking. We are witnessing new ways
of hacking web based applications and it needs better understanding of technologies to
secure applications. The only constant in this space is change.In this dynamically changing scenario in the era of Web 2.0 it is important to understand
new threats that emerge in order to build constructive strategies to protect corporate
application assets. Application layers are evolving and lot of client side attack vectors
are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations
and client side logic exploitations. At the same time various new attack vectors are evolving
around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack
vectors and defense strategies.The course is designed by the author of "Web Hacking: Attacks and Defense", "Hacking Web
Services" and "Web 2.0 Security – Defending Ajax, RIA and SOA" bringing his experience in
application security and research as part of curriculum to address new challenges.Application Hacking is hands-on class. The class features real life cases, hands one
exercises, new scanning tools and defense mechanisms. Participants would be methodically
exposed to various different attack vectors and exploits. In the class instructor will
explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing
and application audits.We are going to address following topics in detail:Web Application Firewall: Advanced content filtering by tools and techniques.