Bugging Web 2.0

Aditya K Sood
This talk sheds light on deterrent nature of world of web vulnerabilities.

The talk reflects our research including released and reported vulnerabilities in the critical web enterprise applications, network devices and the website providing online services.

The business is a crucial aspect of the online world and to combat against web vulnerabilities it is necessary to trace the roots. New attack vectors will be a part of this presentation which can be used effectively in penetration testing of web applications.

Some of the new attacks cover in this presentation as follows:
1. Inline Hyperlinking Injections through MS Office documents
2. Persistent Redirection Log off Vulnerability and Malware Issues
3. Exploiting I-Paper Platforms – SCRIBD Case Study
4. Web Widget Interface Flaws – Access Control Design Issues.
5. Cross Interface Attacks – Attacking Network Devices through FTP
Consoles
Jan 24 2011
64 mins
Bugging Web 2.0
Join us for this summit:
More from this community:

Cloud Computing

Webinars and videos

  • Live and recorded (3255)
  • Upcoming (105)
  • Date
  • Rating
  • Views
  • From Agile Methodologies through test-driven development and continuous integration, and powered by the game-changing cultural shift of DevOps, IT organizations everywhere have been dramatically accelerating their delivery of business value. The final step in this race is continuous delivery—from requirements to running systems along a roadway of software— at the breakneck speed of innovation.

    Joshua McKenty, one of the fathers of OpenStack and a member of both the OpenStack and Cloud Foundry governance boards, will provide an insider's take on the challenges, successes, failures and controversies of this decade's most profound revolution. Expect to come away with an understanding of:

    - Where IaaS and PaaS really fit in the software-defined data center
    - How the silos come down
    - The changes required for security, disaster recovery and SLA management to survive in this brave new world
    - The role of open source frameworks in the modern world
    - Real-world case studies: Who's winning at continuous deployment, and how are they doing it?
  • The Operations Bridge is “the” solution for IT Operations to effectively address the challenges they face when it comes to managing the new style of IT: complex composite applications, virtualized environments, cloud-based services, big data, and a variety of management solutions from different vendors. In this session, you will learn how the HP Operations Bridge solution allows you to take up those challenges and consolidate all your existing IT monitoring solutions, providing a unique solution to maximize efficiency and improve runtime and performance of your IT services.
  • Join Tommy and Blain as they explore the entry point for provisioning open source servers on Microsoft’s Public Cloud services – Windows Azure. The same platform that runs on Hyper-V 2012 R2 with established performance with major workloads like Xbox Live, Bing, and Office 365. Check out Oracle on Windows or Linux, and WordPress sites all configurable within the Microsoft Datacenters. They’ll show you the VM DEPOT which is used for publishing Open Source packages as well as the VM Gallery for spinning up new virtual machines from templates(ours or yours!).
  • Join Tommy and Blain as they explore the entry point for provisioning open source servers on Microsoft’s Public Cloud services – Windows Azure. The same platform that runs on Hyper-V 2012 R2 with established performance with major workloads like Xbox Live, Bing, and Office 365. Check out Oracle on Windows or Linux, and WordPress sites all configurable within the Microsoft Datacenters. They’ll show you the VM DEPOT which is used for publishing Open Source packages as well as the VM Gallery for spinning up new virtual machines from templates(ours or yours!).
  • Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Deploying and managing network security at remote locations can be time consuming and expensive. McAfee Next Generation Firewalls give your organization a simple solution for centrally deploying, managing and updating remote locations. No technical skills are required to install at remote locations, freeing your skilled staff to focus on more important security management.

    Join us for an in-depth look at how plug-and-play deployment and remote management can reduce manual effort, reduce costs, and improve your network service. Steve Smith, Senior Technical Manager at McAfee, will review how the McAfee NGFW can be installed and up and running in a matter of minutes using our cloud-based installation server. He will also review how the McAfee NGFW Security Management Center gives you remote management and enterprise-wide situational awareness.
  • Enterprises are realizing that the opportunity of data analytics is maximum when the data is fresh and represents the "current reality" of operations or customer experience. The business value of data dramatically falls with its age.

    As IT and line-of-business executives begin to operationalize Hadoop and MPP based batch Big Data analytics, it's time to prepare for the next wave of innovation in data processing.

    Join this webinar on analytics over real-time streaming data.

    You will learn about:
    •How business value is preserved and enhanced using Real-time Streaming Analytics with numerous use-cases in different industry verticals
    •Technical considerations for IT leaders and implementation teams looking to integrate Real-time Streaming Analytics into enterprise architecture roadmap
    •Recommendations for making Real-time Streaming Analytics – real – in your enterprise
    •Impetus StreamAnalytix – an enterprise ready platform for Real-time Streaming Analytics
  • To some, open source cloud computing and storage are inclusive, yet to others they can be exclusive of each other used for separate purposes. Likewise, some open source and cloud technologies, solutions and services are marketed as business enablers, yet are there technology concerns to be considered? On the other hand, the focus can be on the technology as an enabler, yet does it address business needs and concerns or become a barrier. The key to leveraging open source and cloud technologies is realizing what to use when, where, why and how, not to mention in new ways vs. simply as a replacement for doing things how they have been done in the past.

    Key themes:
    · What is your focus and why are you interested in Open Source and Cloud solutions
    · Software Defined Marketing vs. Software Defined Management and enablement
    · Balancing costs of for fee vs. for free (time, money, staffing, on-going support)
    · How to leverage hard products (hardware, software, valueware, services) to create your soft product (services)
    · Using various tools, technologies and solutions in hybrid ways
    · What are the major open source and cloud (computing and storage) solutions, technologies and services
    · Who is doing what and how you can leverage those activities
  • The foundation of success for any company is an outstanding customer experience, but we all know the journey toward creating an amazing service culture is a challenging one. While a great culture doesn’t happen overnight, it IS attainable (really!) with the right approach. Join Joel Daly, HOSTING’s COO, as he discusses HOSTING’s journey: the obstacles, the companies we admire, and the process we undertook to reach excellent service.
  • Questo è il primo episodio di una serie di webinar che illustreranno le diverse modalità in cui AWS viene utilizzato dai team di sviluppo agili. Tutti gli episodi faranno riferimento a una startup impegnata nell'apertura di una nuova area di business, illustrando i vantaggi offerti dall'utilizzo di AWS. La startup puo' essere una nuova realtà o un centro di innovazione all'interno di una azienda esistente, ad esempio per seguire il lancio di un nuovo prodotto.

    In questo episodio vengono descritti i principali vantaggi di AWS per le startup e i team IT agili, soffermandosi su come il team abbia sviluppato rapidamente un prototipo funzionante utilizzando i diversi servizi offerti dalla piattaforma.
  • Channel
  • Channel profile
Up Down
  • Work Together Even When You're Not Together! Collaborate in the Cloud Apr 23 2014 4:00 pm UTC 60 mins
    Collaboration is crucial when it comes to your marketing team. No matter if you're based locally or globally, the concept of work and the way we interact is completely changing. With smartphones and tablets taking over our lives, efficient collaboration, coordination, and consistency around marketing campaigns and messaging can be challenging when running a marketing organization.

    Join this webinar to discover:

    - The latest and greatest in marketing automation and file sharing platforms
    - Content collaboration tools that save time and keep branding consistent between teams
    - How centralizing assets can ease global content translation and localization
    - Real-time content and campaign sharing that can spark new ideas and educate your organization
  • Data Protection and Compliance: Where Encryption Applies Apr 23 2014 3:00 pm UTC 60 mins
    Organizations of all sizes face a number of industry and regulatory compliance mandates. Whether its PCI DSS, SOX, HIPPA or FISMA, these regulations are changing to accommodate the ever-growing threat to sensitive data.

    Join Dave Shackleford, IT security consultant and founder of Voodoo Security, as he breaks down these updated requirements and how to remain current while securing your business.

    Attend this webcast and learn:
    - Best practices for protecting data in today’s complex security landscape

    - Latest updates to compliance mandates pertaining to data encryption

    - What these updates mean to your security teams.
  • Panel: Securing Documents and Data In A Mobile World Apr 22 2014 3:00 pm UTC 60 mins
    Once upon a time, a knowledge worker accessed proprietary
    documents on a company-owned desktop computer within the corporate
    firewall. Today's work environment is dramatically different - sensitive
    data and proprietary documents are increasingly produced and accessed
    outside the firewall, on employee-owned devices. Virtual collaboration is
    growing, and the cloud is redefining security paradigms even further. Yet,
    some things remain the same. Intellectual property must be protected,
    regulations must be complied with, and individual identities,
    authentication and privileges must be dynamically managed. This panel will
    look at how changing use cases and scenarios are changing the threat
    landscape for corporate IP, and how leading vendors are rising to the
    occasion to help enterprises meet these challenges. It will also discuss
    best practices in developing and executing a forward-looking IP protection
    strategy.
  • Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Apr 17 2014 6:00 pm UTC 45 mins
    Successful organizations run on key metrics and IT security should be no different. But which security metrics should operations, management and the boardroom be focused on? Factories focus on “days without an accident” Is the cyber parallel “days without a breach?”
    What to measure, how to measure, and how to communicate performance is key to improving the security team’s effectiveness and standing within the organization. Information like:
    - Which departments have access to which servers?
    - Who are the privileged users and when are they most active?
    - Where are the assets with vulnerabilities that can be reached from outside?
    - When are security defenses like firewalls likely to maxout?
    Join Dr. Larry Ponemon, Chairman & Founder of the Ponemon Institute, for key results of a new research study on security metrics and change management, and Jody Brazil, Founder, President and CTO of FireMon, for a pragmatic perspective on generating actionable metrics from your network security infrastructure and reducing the risks of relentless change.
  • Big Data Security: Challenges, Strategies and Tools Apr 17 2014 5:00 pm UTC 60 mins
    The webinar will explore the challenges facing security professionals concerning the prevalent and ever-increasing risks to Big Data Security, recommended strategies for closing the gaps, and tools and techniques for keeping Big Data secure.
  • Security Ratings: A Big Data Approach to Measuring and Mitigating Security Risk Apr 17 2014 4:00 pm UTC 45 mins
    The increasing volume of breaches we hear about in the news highlights the challenge risk managers face in working to address cyber risk. Current assessment methods, while insightful, are inadequate due to the pace at which security postures change, leaving organizations vulnerable and exposed in the blink of an eye. In order to truly reduce security risk, managers need more insight and better tools that allow for continuous visibility into the ever-changing network environments they are administering.

    Join Stephen Boyer, CTO and co-founder of BitSight Technologies, and Oliver Brew, Vice President of Professional Liability at Liberty International Underwriters (LIU) for this webinar to discover:

    - Why measuring security risk is difficult and how some assessment methods leave organizations vulnerable to threats and financial loss

    - How forward-looking organizations are using Big Data to reduce risk, increase transparency and address new regulatory requirements

    - Case Study: How LIU is using Security Ratings to mitigate risk
  • The Security of Big Data: An Enterprise Perspective Apr 17 2014 3:00 pm UTC 45 mins
    Everyone knows that there are risks associated with moving enterprise data to a Cloud and everyone knows the huge potential that the analytics of Big Data can bring especially when using the Cloud, but what happens when these two converge.

    The presentation will discuss some of the security and privacy challenges associated with Big Data in the Cloud and will present a number of key initiatives that the ODCA have done to support enterprises that wish to take this step.
  • Building Your Backup and Recovery Checklist Recorded: Apr 16 2014 63 mins
    Join backup and recovery experts to find out how to build your backup and recovery requirements checklist. By the end of this session, you’ll learn how you can:

    -Cut storage requirements by up to 80%
    -Save on storage costs and performance hits to your network.
    -Leverage near-instant recovery technology for protected virtual machines or servers.
    -Automate application-aware backups and testing for data corruption.
  • The Cybersecurity Framework is here, now what? Recorded: Apr 16 2014 54 mins
    Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Beyond attack signatures: Leveraging realtime analytics to pinpoint threats Recorded: Apr 16 2014 36 mins
    Today’s security event monitoring and correlation tools are under enormous pressure. Security Analysts are inundated with data, but rather than being given insight, it is more difficult than ever to sort through and locate the real events that need attention. The next generation of security tools purports to process much larger and a greater variety of data sets, run deep-dive analytics in real-time, and rely more on intelligence than attack signatures. But what does this actually mean?

    How do I collect the right data?
    What kinds of new detections can I do?
    How do I get enough context to overcome false positives?
    How do I automate more of my security intelligence, or the intelligence of others?
    What should I look for in a solution?
    How is this different from my SIEM, IDS/IDS, and Advance Malware Detection products?

    These, and other questions, will be addressed to shed light on what has quickly become a market space of tremendous promise, but currently shrouded in confusion.
  • Re-defining Network Security Performance: Beyond Just Firewalls Recorded: Apr 16 2014 62 mins
    Today’s IT professionals need security firewalls that do more than just packet filtering and stateful inspection. It’s critical that network pros redefine which metrics will actually ensure their security solutions will not be a performance bottleneck. This webinar digs into today’s firewall solutions, exploring their capabilities and providing pointers for selecting the solution that best meets IT security and performance requirements.

    What You Will Learn
    Why packet filtering and IPS aren’t the only performance metrics that matter
    The performance impact of running multiple security services
    How to select in-line security products that meet today’s multi-function security needs
  • Protection, Detection and Response: Security across the threat lifecycle Recorded: Apr 15 2014 4 mins
    Patrick and Mike discuss the importance of focusing on the complete security life-cycle: prevention, detection and response. They will also discuss the four essential pillars of incident response and how you can strengthen your security strategy across all endpoints, without getting buried in data.
  • How do you find a needle in a haystack? Uncover Big Data Security Analytics Recorded: Apr 15 2014 38 mins
    Advanced targeted cyber attacks have hit some of the world’s largest businesses. The attacks weren't blocked because they don’t match any known attack signature. Each one is unique, custom created to penetrate the target network and steal data.

    A new video featuring Gartner Distinguished Analyst, Neil MacDonald, and HP’s Eric Schou, explains how Big Data Security Analytics can help find and block targeted cyber attacks. View it to learn:

    How advanced targeted cyber attacks are different from traditional threats
    How Big Data techniques can spot attacks when traditional defenses fall short
    What you should be doing now to take advantage of Big Data Security Analytics
  • Using SIEM and Big Data to detect invisible threats Recorded: Apr 10 2014 51 mins
    The alarming rise of advanced persistent threats (APTs) makes security analytics around Big Data an imperative. In light of the challenges of converting Big Data into actionable information with first generation SIEMs, security professionals have become skeptical about the ability to use SIEM beyond compliance needs. Yet, today’s advanced SIEM technology takes threat detection, understanding and response to a whole new level. Join us to learn how to use next generation SIEM technology to specifically detect security threats within an ocean of Big Data. Discover how the latest technologies in security analytics such as the quad-correlation methods of rules, statistics, risk, and history can help your organization execute SIEM best practices in detection with intelligence, integration, and ease.
  • Intro to Box Recorded: Apr 9 2014 29 mins
    Join us for our Intro to Box series, a monthly discussion of the latest in the world of enterprise IT, content collaboration, cloud technology, and Box. We'll cover an overview of Box, how businesses like yours are changing the way they work with Box and other cloud technologies, and walk through a demo of the latest and greatest in the product. The sessions will be led by Box product experts, and you might even get a guest appearance from one of our fearless leaders.
  • Panel: In Search of Usable Network Security Recorded: Apr 9 2014 61 mins
    The Internet, as a communication medium, has been evolving. This evolution, unfortunately, has brought with it growth in Internet-based attacks, and corresponding growth in security technologies to fight these attacks. But, with this growth in security technologies, unintended complexity for security professionals has intensified. Join our roundtable as we endeavor to identify the factors contributing to security management complexity and how enhanced manageability tools can help.
  • Proactive Protection through Real Time Intelligence Recorded: Apr 9 2014 29 mins
    Outdated security approaches and stagnant, inaccurate data put your users at risk from today’s sophisticated cyber-attacks. Join us to learn about Webroot BrightCloud Security Services, and discover why companies such as RSA, F5, and Cisco have incorporated them into their solutions. We will also demonstrate how Webroot correlates disparate data on IPs, URLs, Files and Apps to provide highly accurate, next generation threat intelligence that enables our partners to proactively combat today’s advanced, and even previously unknown, threats in real time.
  • Big Data = Big Problems Recorded: Apr 9 2014 49 mins
    Big data has gone beyond a buzzword for businesses and is rapidly becoming embedded in the way organisations operate and make decisions. Highlighted as one of the key areas for attention in the latest ISF Threat Horizon 2016 report, Big data analytics can also mislead when decisions are based on faulty, skewed, incomplete or poorly analysed data sets, resulting in missed opportunities as organisations enter the wrong markets, or enter the right markets with the wrong products. It’s also possible that the same data sets can lead to different conclusions in different parts of the world as a result of cultural bias. Further complicating matters, attackers will target data analytics tools to ensure decisions are skewed.

    This webcast will look at the implied threats to Big Data and offer ways of communicating the challenge of effective Big Data analysis and decision making to senior management.
  • Cyber Crime and the Insider Threats in Data Security Recorded: Apr 8 2014 48 mins
    Whether driven by opportunism, greed, a desire for revenge, or a combination of all three, company insiders exploit their positions of trust to obtain access to their organization’s most valued digital assets. Moles, opportunists, contractors, disgruntled employees, and ex-IT personnel—all currently pose a greater risk to corporate intellectual property than state-sponsored hacking and APTs, both in frequency and in damage caused. Hear from Kroll Managing Director Jonathan Fairtlough about the challenges related to insider investigations, and how policies and proof-points can be implemented to lessen the chances of insider-driven data damage.
  • 7 habits of highly *ineffective* Big Data security Recorded: Apr 8 2014 57 mins
    It’s an inconvenient truth that proven and well-understood data security methods were designed to work with relational database management systems. Over the decades, certain habits became second nature to security-minded IT professionals. But many of these habits are now fundamentally incompatible with Big Data/NoSQL environments.

    This presentation will walk you through the data security implications of key differences between NoSQL and relational databases. You’ll leave the session knowing:
    signs that Big Data/NoSQL may be coming to your organization
    7 security habits that expose Big Data to a breach...or cause major delays/rework
    how early adopters are making new security habits in the era of Big Data
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Bugging Web 2.0
  • Live at: Jan 24 2011 2:00 pm
  • Presented by: Aditya K Sood
  • From:
Your email has been sent.
or close
You must be logged in to email this