| By Jeremy Geelan |
Article Rating: |
|
| February 18, 2008 02:00 PM EST |
Reads: |
51,698 |
Being held for the first time on March 18, 2008 at the historic Roosevelt Hotel in New York City, AJAXWorld Security Bootcamp is a compelling, intensive, one-day, hands-on training program that will teach Web developers, Web designers, and other Web professionals how to build secure AJAX applications and demonstrate what the best practices are to mitigate security problems in AJAX apps.
It is led by one of the world's foremost AJAX security experts and popular teachers, Billy Hoffman.
The full program is below.
Click Here to Register Now and Save!
When: Monday, March 18, 2008: 8:30AM-5:30PM
Where: The Roosevelt Hotel on 45th and Madiscon, New York City
Who: AJAX Security Bootcamp is led by:
Billy Hoffman is a lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard on 01 August 2007. At SPI Dynamics, he focuses on automated discovery of Web application vulnerabilities and crawling technologies. He has been a guest speaker at Black Hat Federal, Toorcon, Shmoocon, O'Reilly's Emerging Technology Conference, The 5th Hope, and several other conferences. His work has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. In addition, Billy is a reviewer of white papers for the Web Application Security Consortium (WASC), and is a creator of Stripe Snoop, a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripes. He also spends his time contributing to OSS projects and writes articles under the handle Acidus.
Billy was a featured speaker at AJAXWorld Conference & Expo 2007 West.
Join Billy and your fellow Bootcamp delegates at the AJAXWorld Security Bootcamp on March 18. We'll see you in New York City!
Click Here to Register Now and Save!
|
AJAX Security Bootcamp Outline
|
| 8:30-8:45am |
Introductions and Participant Goals |
| 8:45-9:30am |
Live AJAX hacking demo
Step by step walk through of hacking an AJAX travel site
|
| 9:30-10:30am |
Web Security
Overview of traditional web security
Resource enumeration attacks
Injection attacks
Information Disclosure
|
| 10:30-10:45am |
Break |
| 10:45am-11:45am |
AJAX Attack surface
Scoping the application
Input validation
Rich input validation
|
| 11:45am-12:30pm |
Transparency in AJAX Applications
Manipulating variables
Control flow tampering
Control logic Denial of Service
Reverse engineering JavaScript
Trapping on-demand AJAX
|
| 12:30-1:30pm |
Lunch |
| 1:30-2:30pm |
Advanced AJAX Hacking
AJAX hijacking
Presentation layer hacking
Client-side storage
|
| 2:30-3:30pm |
Complex AJAX Application Hacking
Web mashups
Gadgets and Widgets
Offline AJAX application
|
| 3:30-4:15pm |
Audience Hacking Lab
Instructor supervised hacking of AJAX application
|
| 4:15-5:15pm |
Secure AJAX Development and Testing
Secure coding practicess
Framework security features
Testing AJAX applications
Preserving trust
|
| 5:15-5:30pm |
Q&A |
Click Here to Register Now and Save!
Subscribe to ColdFusion Developer's Journal Email News Alerts
Subscribe via RSS
