Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Similar presentations


Presentation on theme: "Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit The OWASP Foundation OWASP & WASC AppSec 2007 Conference San Jose – Nov For my next trick... hacking Web2.0 (lite) Petko D. Petkov (pdp) GNUCITIZEN

2 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 powered BY 2

3 OWASP & WASC AppSec 2007 Conference – San Jose – Nov before we START  Feel free to ask questions!  Do ask questions!  Have fun! 3

4 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 what is WEB2.0? 4

5 OWASP & WASC AppSec 2007 Conference – San Jose – Nov  Marketing buzzword  Invented by O'Reilly Media in 2003  Wikis, Blogs, AJAX, Social Networks, Collaboration  APIs, SOA (Service Oriented Architecture)  Data in the Cloud  Applications on Demand 5

6 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 why web2.0 HACKING? 6

7 OWASP & WASC AppSec 2007 Conference – San Jose – Nov  Data Management  Information Leaks  Live Profiling  Information Spamming  Service Abuse  Autonomous Agents  Distribution  Attack Infrastructures 7

8 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 the PAPER  5 fictional stories with technology that is real  Learn by example  KISS (Keep it Simple Stupid)  Problems with no solutions  I was told that I need to come up with some solutions, otherwise I cannot present at OWASP. 8

9 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 the STORIES  MPack2.0  Attack Infrastructures  Wormoholic  Autonomous Agents  Bookmarks Rider  Distribution  RSS Kingpin  Information Spamming  Revealing the hidden Web  Service Abuse 9

10 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 know your ROOTS 10

11 OWASP & WASC AppSec 2007 Conference – San Jose – Nov what's MPACK? 11

12 OWASP & WASC AppSec 2007 Conference – San Jose – Nov what would it be in the web2.0 WORLD? hint: Google Mashup Editor 12

13 OWASP & WASC AppSec 2007 Conference – San Jose – Nov who is SAMY? 13

14 OWASP & WASC AppSec 2007 Conference – San Jose – Nov what's a covert CHANNEL? 14

15 OWASP & WASC AppSec 2007 Conference – San Jose – Nov but in the web2.0 WORLD? 15

16 OWASP & WASC AppSec 2007 Conference – San Jose – Nov who's the mechanical TURK? 16

17 OWASP & WASC AppSec 2007 Conference – San Jose – Nov to MALWARE? hint: Social Bookmarking 17

18 OWASP & WASC AppSec 2007 Conference – San Jose – Nov can web2.0 malware BROADCAST ? 18

19 OWASP & WASC AppSec 2007 Conference – San Jose – Nov MD5(DOMA IN + TIME) 19

20 OWASP & WASC AppSec 2007 Conference – San Jose – Nov where are my SCHEDULER S? 20

21 OWASP & WASC AppSec 2007 Conference – San Jose – Nov where are my ACTUATORS ? 21

22 OWASP & WASC AppSec 2007 Conference – San Jose – Nov data in the CLOUD... (the malicious one) 22

23 OWASP & WASC AppSec 2007 Conference – San Jose – Nov applications on DEMAND... (the malicious ones) 23

24 OWASP & WASC AppSec 2007 Conference – San Jose – Nov what's state and what's PERSISTENC E? 24

25 OWASP & WASC AppSec 2007 Conference – San Jose – Nov riding social bookmarks is FUN! 25

26 OWASP & WASC AppSec 2007 Conference – San Jose – Nov maybe make some money TOO! 26

27 OWASP & WASC AppSec 2007 Conference – San Jose – Nov to splog or not to splog. This is the QUESTION! 27

28 OWASP & WASC AppSec 2007 Conference – San Jose – Nov call me the rss KINGPIN! 28

29 OWASP & WASC AppSec 2007 Conference – San Jose – Nov service abuse and the hidden WEB 29

30 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 know your ROOTS 30

31 OWASP & WASC AppSec 2007 Conference – San Jose – Nov more  Profiling targets by watching their Web activities  Snoop onto targets  GEO Position Mobile phones  GEO Position individuals  More service abuse  More vulnerabilities  More Insecurities 31

32 OWASP & WASC AppSec 2007 Conference – San Jose – Nov solutions and recommendati ons? 32

33 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 thank YOU 33


Download ppt "Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike."

Similar presentations


Ads by Google