Hacking the Web

By:
Mr Deepan Chakravarthy
To add a paper, Login.

XSS (Cross Site Scripting), CSRF (Cross Site Reverse Forgery), CRLF(Carriage Return, Line Feed), RFI(Remote File Injection, SQL injection are some of the generally techniques used by attackers to evade web security. I will explain each type of attack with a POC (proof of concept). I will also explain some of the famous tools WebScarab, Burp, Paros, Whitehat Arsenal, XSS-Proxy, Yahoo pipes, Google Mashup editor, Cal9000 that are very useful for security professionals. Most importantly, I will speak about what developers need to keep in mind when writing web applications and other software to avoid security breach. Will populate my slides with enough interesting POCs and sample code. Will also analyze the source code Samy's cross site scripting worm, in detail and the techniques he used to breach Myspace security. Will also touch upon the general techniques people use to evade default filters uses by websites to scan for javascript and other malicious code in user input. Using google code search is another way to hunt down software with security holes. For example searching for searching for the PATH_INFO in the code. Will touch upon how Fragment identifier (#sign) can be used to inject long JS strings into user inputs with very limited length.


Keywords: XSS, CSRF, CRLF, SQL Injection, RFI, LFI
Stream: Perl
Presentation Type: 60 minute Presentation in English
Paper: Hacking the Web, Mr, Hacking the Web, Mr

Mr Deepan Chakravarthy

Software Engineer, Engineering, NovaGlobal Pte Ltd, Singapore
Singapore, Singapore, Singapore

Work Experience:

Software Engineer at NovaGlobal, Singapore. (Nov 2006 to till date)
Member of Technical Staff at Svapas Innovations, Chennai. (July 2006 to October 2006)
Associate Software Engineer at SpikeSource, Bangalore. (Feb 2006 to June 2006)

Education:
B.Tech from Anna University, Chennai.



Relevant Experience
1)Founder and CTO of www.sudoku-solver.net
2)PHP and JavaScript lead for www.bioask.com
3)Currently working on a web portal using GridSphere portlet container.


Previous Presentations
1) Fun with Linux Slides: Slides: http://www.codeshepherd.com/funwithlinux/funwithlinux.html
2)FOSS tools for Biotechnologist Slides: http://www.codeshepherd.com/bioinfo.html
3)Packaging Perl Modules Slides: http://www.codeshepherd.com/blank/perlmodules.html
4)AutoTools Slides: http://www.codeshepherd.com/downloads/automake.ppt

Ref: OS7P0099