Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Published byNoel nolan Witte Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike."— Presentation transcript:

1 Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ The OWASP Foundation OWASP & WASC AppSec 2007 Conference San Jose – Nov 2007 http://www.owasp.org/ http://www.webappsec.org/ For my next trick... hacking Web2.0 (lite) Petko D. Petkov (pdp) GNUCITIZEN http://www.gnucitizen.org

2 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 powered BY http://www.gnucitizen.org 2

3 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007...before we START  Feel free to ask questions!  Do ask questions!  Have fun! 3

4 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 what is WEB2.0? 4

5 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007...  Marketing buzzword  Invented by O'Reilly Media in 2003  Wikis, Blogs, AJAX, Social Networks, Collaboration  APIs, SOA (Service Oriented Architecture)  Data in the Cloud  Applications on Demand 5

6 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 why web2.0 HACKING? 6

7 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007...  Data Management  Information Leaks  Live Profiling  Information Spamming  Service Abuse  Autonomous Agents  Distribution  Attack Infrastructures 7

8 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 the PAPER  5 fictional stories with technology that is real  Learn by example  KISS (Keep it Simple Stupid)  Problems with no solutions  I was told that I need to come up with some solutions, otherwise I cannot present at OWASP. 8

9 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 the STORIES  MPack2.0  Attack Infrastructures  Wormoholic  Autonomous Agents  Bookmarks Rider  Distribution  RSS Kingpin  Information Spamming  Revealing the hidden Web  Service Abuse 9

10 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 know your ROOTS 10

11 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... what's MPACK? 11

12 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... what would it be in the web2.0 WORLD? hint: Google Mashup Editor 12

13 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... who is SAMY? 13

14 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... what's a covert CHANNEL? 14

15 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007......but in the web2.0 WORLD? 15

16 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... who's the mechanical TURK? 16

17 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007......to MALWARE? hint: Social Bookmarking 17

18 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... can web2.0 malware BROADCAST ? 18

19 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007......MD5(DOMA IN + TIME) 19

20 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... where are my SCHEDULER S? 20

21 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... where are my ACTUATORS ? 21

22 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007......data in the CLOUD... (the malicious one) 22

23 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007......applications on DEMAND... (the malicious ones) 23

24 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... what's state and what's PERSISTENC E? 24

25 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... riding social bookmarks is FUN! 25

26 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007......maybe make some money TOO! 26

27 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... to splog or not to splog. This is the QUESTION! 27

28 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... call me the rss KINGPIN! 28

29 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... service abuse and the hidden WEB 29

30 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 know your ROOTS 30

31 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007...more  Profiling targets by watching their Web activities  Snoop onto targets  GEO Position Mobile phones  GEO Position individuals  More service abuse  More vulnerabilities  More Insecurities 31

32 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007... solutions and recommendati ons? 32

33 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 thank YOU http://www.gnucitizen.org 33

Download ppt "Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike."

Similar presentations

Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Scary, interesting, fun, creative, Exciting!. 1995 Community & Information Portal for Engineers.

Scary, interesting, fun, creative, Exciting! Community & Information Portal for Engineers.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 7/2/2015 5-1 Facebook is the most popular social.

IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall 7/2/ Facebook is the most popular social.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Adriana Iordan Web Marketing Manager / Avangate Social Networking Media How the software authors should use it?

Adriana Iordan Web Marketing Manager / Avangate Social Networking Media How the software authors should use it?
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Similar presentations

Ads by Google