Anthony Gold

Subscribe to Anthony Gold: eMailAlertsEmail Alerts
Get Anthony Gold: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: RIA Developer's Journal, AJAX World RIA Conference

RIA & Ajax: Press Release

How To Mitigate Risks in AJAX Apps

All-New AJAX Security Bootcamp Next Week at AJAXWorld in New York

Being held for the first time on March 18, 2008 at the historic Roosevelt Hotel in New York City, AJAXWorld Security Bootcamp is a compelling, intensive, one-day, hands-on training program that will teach Web developers, Web designers, and other Web professionals how to build secure AJAX applications and demonstrate what the best practices are to mitigate security problems in AJAX apps.

It is led by one of the world's foremost AJAX security experts and popular teachers, Billy Hoffman.

The full program is below.

Click Here to Register Now and Save!

When: Monday, March 18, 2008: 8:30AM-5:30PM 

Where: The Roosevelt Hotel on 45th and Madiscon, New York City

Who: AJAX Security Bootcamp is led by:

Billy Hoffman is a lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard on 01 August 2007. At SPI Dynamics, he focuses on automated discovery of Web application vulnerabilities and crawling technologies. He has been a guest speaker at Black Hat Federal, Toorcon, Shmoocon, O'Reilly's Emerging Technology Conference, The 5th Hope, and several other conferences. His work has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. In addition, Billy is a reviewer of white papers for the Web Application Security Consortium (WASC), and is a creator of Stripe Snoop, a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripes. He also spends his time contributing to OSS projects and writes articles under the handle Acidus.


Billy was a featured speaker at AJAXWorld Conference & Expo 2007 West.

Join Billy and your fellow Bootcamp delegates at the AJAXWorld Security Bootcamp on March 18. We'll see you in New York City!

Click Here to Register Now and Save!

AJAX Security Bootcamp Outline

8:30-8:45am Introductions and Participant Goals
8:45-9:30am

Live AJAX hacking demo

Step by step walk through of hacking an AJAX travel site

 

9:30-10:30am

Web Security

Overview of traditional web security

Resource enumeration attacks

Injection attacks

Information Disclosure

 

10:30-10:45am Break
10:45am-11:45am

AJAX Attack surface

Scoping the application

Input validation

Rich input validation

 

11:45am-12:30pm

Transparency in AJAX Applications

Manipulating variables

Control flow tampering

Control logic Denial of Service

Reverse engineering JavaScript

Trapping on-demand AJAX

 

12:30-1:30pm Lunch
1:30-2:30pm

Advanced AJAX Hacking

AJAX hijacking

Presentation layer hacking

Client-side storage

 

2:30-3:30pm

Complex AJAX Application Hacking

Web mashups

Gadgets and Widgets

Offline AJAX application

 

3:30-4:15pm

Audience Hacking Lab

Instructor supervised hacking of AJAX application

 

4:15-5:15pm

Secure AJAX Development and Testing

Secure coding practicess

Framework security features

Testing AJAX applications

Preserving trust

 

5:15-5:30pm Q&A

Click Here to Register Now and Save!

More Stories By Jeremy Geelan

Jeremy Geelan is Chairman & CEO of the 21st Century Internet Group, Inc. and an Executive Academy Member of the International Academy of Digital Arts & Sciences. Formerly he was President & COO at Cloud Expo, Inc. and Conference Chair of the worldwide Cloud Expo series. He appears regularly at conferences and trade shows, speaking to technology audiences across six continents. You can follow him on twitter: @jg21.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.