AJAX Hacking (and prevention using ASP.NET)
As promised in recent events - here are links to important webcasts for those of you who are thinking about implementing AJAX.
This Webcast demonstrates how ASP.NET AJAX works and provide real examples of the inner workings of an AJAX application. In addition, we explore how Java script and Web services work and why securing them is critical.
Live From Redmond: How Hackers Reverse Engineer and Exploit an ASP.NET AJAX Application
This Webcast defines how to reverse engineer and exploit an ASP.NET AJAX application. Attendees learn how a hacker looks at the application and what information they gather from exploring the applications architecture. In addition, we discuss the threat of cross-site scripting (XSS), what it is and how this dangerous application security defect increases the attack surface of AJAX applications making the XSS threat even more malicious.
Live From Redmond: The Brave New World of AJAX Hacking (and prevention using ASP.NET)
This Webcast covers advanced cross-site scripting (XSS) attack methods, such as Web malware, XSS in e-mail, datamining with AJAX and virus’s that run inside of Web browsers. We cover the impact of these attacks and how they can be used to steal cookies. In addition, we review how mistakes in AJAX style programming could introduce security vulnerabilities into your code.
Live From Redmond: The Next Generation of AJAX Attacks – A New Generation of Attack Theories
This presentation is a comprehensive discussion AJAX related application security concerns. Specifically we discuss browser/server interact issues, the increased attack surface of AJAX applications, repudiation of HTTP requests, exposing application logic, vulnerabilities in AJAX bridges, cross-site scripting (XSS) and AJAX (i.e. The MySpace Virus, inappropriate use of AJAX, and input validation issues, presentation layer attacks and exploiting mash-ups).
Live From Redmond: Best Practices: A Look at Developer ASP.NET AJAX Security Mistakes
AJAX is changing the way Web applications look and how they are developed, but Web developers are not aware of the security risks they are introducing into their applications with these emerging technologies. While most developers are aware of the importance of designing and testing for security in their applications, few of them are aware of the unique security implications of AJAX technologies. AJAX fundamentally changes the user experience and server interactions in Web applications, so developers may be taking otherwise secure applications and opening up new angles of attack for hackers by hastily adopting these new approaches without understanding their vulnerabilities. This talk will discuss and demonstrate the security pitfalls common in ASP.NET AJAX development. The talk will then introduce secure AJAX development principles for building secure AJAX applications for the ASP.NET AJAX Extensions, complete with working examples of secure Atlas development. QA challenges for exhaustive testing are great, but QA should be an important factor when looking at securing your applications.