Reverse Engineering Web 2.0 Applications presented at SyScan 2010

by Shreeraj Shah,

Tags: Security Web

Summary : Web 2.0/RIA applications are using advanced web technologies like Ajax, Flash/Flex and Silverlight.
These technologies form the presentation layer of next generation applications. One of the ways to assess
security of these applications is by performing reverse engineering techniques across all these components.
Understanding of decompiling methodologies for Flash/Flex and Silverlight can help in discovering potential
vulnerabilities residing across application base.At the same time effective use of Javascript debugger can help in performing reverse engineering
Ajax driven applications. During this talk we will define methodologies and approaches for performing
reverse engineering to detect client side XSS, logical layer vulnerabilities, authorization bypasses,
weak JSON calls, XML stream poisoning points, abusing Javascript, DOM hacking etc. We will go over some
interesting tools and scripts which you can use at your work to secure your Web 2.0 applications.