27-07-2012, 02:42 PM
Advanced Web Hacking
advanced-web-hacking.ppt (Size: 989 KB / Downloads: 32)
The State of JavaScript Hacking
JavaScript is a GLUE Technology
Web Pages
Adobe Products
WSCRIPT and CSCRIPT
Mobile Devices
One Language to Rule Them All
Cross-site scripting
Cross-zone scripting
Web Exploits
The need for web exploits
for testing purposes
for demonstration purposes
non-exploitative web app testing does not exist
How to test for SQL Injection without exploiting the application?
How to test for Cross-site scripting without exploiting the application?
My name is O‘Neill.
Hundreds of them available online already!
Milw0rm
Full-disclosure
Who is going to unify them?
Exploit Environments
Metasploit
good but limiting
The Browser
probably what we want
Security Mashups
A Mashup is…
a website or application that combines content from more than one source into an integrated experience. Wikipedia
largely based on online services and APIs.
a way to circumvent various browser limitations.
Security Mashups
A Security Mashup is…
a way to create largely distributed testing infrastructures.
a mechanism for instantly accruing dynamic knowledge.
a mechanism that has a lot of potential for bad purposes.
a way to bypass the Same Origin Policies to an extend.