Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] WHITE PAPER: For my next trick… hacking Web2.0

from [pdp (architect)] Network Security [Permanent Link]
Subject: [Full-disclosure] WHITE PAPER: For my next trick… hacking Web2.0
Date: Sat, 1 Sep 2007 00:10:20 +0100 
After several month spent in research on Web2.0 Insecurities I've
decided to sit down and write a whitepaper. The paper quickly became
rather blurred due to enormous amount of notes I've collected on this
subject. This is the reason why it was later restructured into
stories, which provide a lot better medium for understanding the
content.

http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/
http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/web2.0hacking.pdf
http://docs.google.com/Doc?id=dfpvfkxn_48f87xsv

    For some Web2.0 symbolizes the start of a new era of the Web, for
others it is merely a marketing buzzword designed to hook unaware
venture capitalists on the Web2.0 hype.

The term Web2.0 appeared for the first time in 2003 at a conference
organized by O'Reilly media. The event, simply titled "Web 2.0″,
attempted to reference the second generation of web technologies such
as social communities, server oriented architectures, Wikis, blogs,
collaborative environments, AJAX, etc. Since then the term has become
widely adopted across the entire Web industry and it has been used
ever since to describe innovation.

In simple words, Web2.0 outlines the technological, philosophical and
social superset of what we used to know as just the Web. Although we
know that the Web is not bound to any version number, it makes our
lives a lot easier to do so, so we can refer to a particular set of
features. The features of the Web2.0 era are rather blurred due to the
enormous amount of different opinions on the matter but we all agree
that they must include things such as feeds, data aggregators,
collaborative environments, social networks, client-side technologies
and SOA (Server Oriented Architecture).

Although Web2.0 has improved our ability to freely communicate and
share via the means of the Net, it has brought some unimaginable
dangers and as a result it is insecure. Web2.0 security is very much a
collection of every single security aspects of its components. On
their own they are just simple system abnormalities, but when put
together they create a problem worth our attention.

In this paper we are going to outline some of the dangers of Web2.0 by
combining fictional stories with technology that is real. Each story
begins with a prologue, which introduces the problem, and finishes
with a conclusion, which summarizes the attack techniques that are
described within the story context.

Cheers

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] WHITE PAPER: For my next trick… hacking Web2.0, pdp (architect) <=
Next by Date:  Anti-DDoS Appliance with a focus on Web Code Exploits (Comment Spam, and the like), Eric Marden
Next by Thread:  Anti-DDoS Appliance with a focus on Web Code Exploits (Comment Spam, and the like), Eric Marden
Indexes:  [Date] [Thread] [Top] [All Lists]