P0wning the programmable Web presented at AUScert 2009

by Dan Hubbard, Stephan Chenette,

Summary : With hundreds of new mashups and web API's being released weekly, the 'web as a platform' is vastly expanding the threat landscape well beyond the browser. From Gadgets, Widgets, and Mashups, to REST, SOAP, and JavaScript, there are several security principals missing. During the session we will review the weaknesses in the programmable web, and demonstrate some of these weaknesses with proof-of-concept code.