Shreeraj Shah is founder of Net Square and leads Net Square's consulting, training and R&D activities. He is also the co-author of 'Web Hacking: Attacks and Defense,' published by Addison Wesley. He has published several advisories, tools, and white papers as researcher, and has presented at conferences including HackInTheBox, RSA, Blackhat, OSCON, Bellua, Syscan, CII, NASSCOM etc. He worked with Foundstone, Chase Manhattan Bank and IBM in the security space and was instrumental in product development, researching new methodologies and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews. He blogs at http://shreeraj.blogspot.com/.
The continuous adoption of Web 2.0 architecture for web applications is
instrumental in AJAX, Web services and Flash, emerging as key components.
AJAX is a combination of technologies such as JavaScript with the
XMLHttpRequest object, DOM and XML streams.
Cross site scripting (XSS) can make browsers vulnerable to critical
information hijacking if exploited with malicious intent. XSS is already
categorized as persistent [1], non-persistent [1] and DOM-based [2]. AJAX
code loaded in browser can have entry points to XSS and it is the job of the
security analyst to identify these entry points. It is difficult to
decisively conclude that possible entry points to an application can be
exploited. One may need to do a trace or debug to measure the risk of these
entry points. Th... (more)
Shreeraj Shah is founder of Net Square and leads Net Square's consulting, training and R&D activities. He is also the co-author of 'Web Hacking: Attacks and Defense,' published by Addison Wesley. He has published several advisories, tools, and white papers as researcher, and has presented at conferences including HackInTheBox, RSA, Blackhat, OSCON, Bellua, Syscan, CII, NASSCOM etc. He worked with Foundstone, Chase Manhattan Bank and IBM in the security space and was instrumental in product development, researching new methodologies and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews. He blogs at http://shreeraj.blogspot.com/.
Keith Bergelt
Gaurav Mantri
Aditya Banerjee
John Karamitsos
Kaj van de Loo
Bob Little
Alois Reitbauer
Chris Schin
Richard Gordon
Anil Parambath
