When Web 2.0 Attacks - Understanding Security Implications Of Ajax, Flash And presented at OWASP Appsec 2009

by Rafal Los (hewlett packard ),

Tags: Web Application Security

URL : http://www.owasp.org/index.php/When_Web_2.0_Attacks_-_Understanding_Security_Implications_of_AJAX,_Flash_and

Summary : Web 2.0 - love it or hate it, the technology driving the highly interactive web experience is in your browser and coming to your enterprise. Securing Web 2.0 requires extraordinary means due to the increased attack surface, new breed of "Web 2.0 developers" and increased visibility of sites and applications. Understanding the risks associated with Web 2.0 and beyond is essential to building "less risky" web applications into the next phase of the web. This talk focuses on how 2 prevalent technologies; AJAX and Adobe Flash!, create the potential for catastrophic failure. Focus is given to understanding each technology's attack surface, most common security failures, and exploitation of common coding mistakes. This workshop-style walk-through of the Web 2.0's ugly underbelly will give participants a deeper understanding of why security professionals are terrified of "highly interactive web technologies" and why we say that "everything old is new again"