YOUR FEEDBACK
Rapid Module Development for DotNetNuke
MICHEAL SMITH wrote: GO TO THE LINK, U HAVE EVERYTHING U WANT THERE. MICHEAL...
May. 17, 2008 01:09 AM
SOA World Conference
Virtualization Conference
$50 Savings Expire May 23, 2008... – Register Today!
Did you read today's front page stories & breaking news?
SYS-CON.TV: Eclipse Adds SOA, AJAX, and Flex Tools. Guests Mike Milinkovich and Mike Tylor

SYS-CON.TV

2007 West
GOLD SPONSORS:
Active Endpoints
Your SOA Needs BPEL for Orchestration
BEA
Virtualized SOA: Adaptive Infrastructure for Demanding Applications
Nexaweb
Overcoming Bandwidth Challenges with Nexaweb
TIBCO
What is Service Virtualization?
SILVER SPONSORS:
WSO2
Using Web Services Technologies and FOSS Solutions
Click For 2007 East
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
TOP THREE LINKS YOU MUST CLICK ON


AJAXWorld News Desk
Billy Hoffman Explores AJAX Vulnerabilities at AJAXWorld
Inaugural AJAX Security Bootcamp taking place all day today in New York City

By: RIA News Desk
Mar. 18, 2008 01:30 PM
Digg This!

The work of Billy Hoffman, lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard last year, has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. Today though he is in full flow at the inaugural AJAX Security Bootcamp, an all-day deep dive into Web application vulnerabilities being held on Day One of the 5th International AJAXWorld Conference & Expo in New York City.

Before even the first hour of the Bootcamp had passed, Hoffman had given a review of traditional web security and moved on to the intracacies of Resource enumeration attacks, Injection attacks, and session hijacking as well as a step by step walk through of hacking an AJAX travel site.

The intensive, one-day, hands-on training program aims to teach Web developers, Web designers, and other Web professionals how to build secure AJAX applications and demonstrate what the best practices are to mitigate security problems in AJAX apps.

Published Mar. 18, 2008 — Reads 2,782
Copyright © 2008 SYS-CON Media. All Rights Reserved.
Related Stories
▪ AJAX Book Recommendation: "Ajax Security" by Hoffman and Sullivan
About RIA News Desk
Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to RIA@sys-con.com to share your product and company news coverage with AJAXWorld readers.

AJAX News Desk wrote: The work of Billy Hoffman, lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard last year, has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. Today though he is in full flow at the inaugural AJAX Security Bootcamp, an all-day deep dive into Web application vulnerabilities being held on Day One of the 5th International AJAXWorld Conference & Expo in New York City.
read & respond »
SILVERLIGHT LATEST STORIES
3rd International Virtualization Conference & Expo: Themes & Topics
By Jeremy Geelan
From Application Virtualization to Xen, a round-up of the virtualization themes & topics being discussed in NYC June 23-24, 2008 by the world-class speaker faculty at the 3rd International Virtualization Conference & Expo being held by SYS-CON Events in The Roosevelt Hotel, in midtown
JavaOne 2008: Sun Talks Up its Late-to-the-Party AIR-Silverlight Rival
By Maureen O'Gara
At Java One this week Sun has been selling its year -old-but-still-upcoming - and definitely late-to-the-party - Adobe AIR- and Microsoft Silverlight-competitive JavaFX Rich Client environment as a potential revenue-generator capable of putting ads on mobile applications and JavaFX Scri
AJAX World - Xceed Launches Microsoft Silverlight 2 Control
By .NETDJ News Desk
Xceed launched Xceed Upload for Silverlight, the commercial offering in support of Microsoft's promising new Silverlight technology. The product is available now for purchase or as a fully functional 45-day trial on Xceed's website. Xceed Upload for Silverlight lets developers add uplo
Microsoft To Keynote 4th International Virtualization Conference & Expo
By Virtualization News Desk
Mike Neil is general manager for virtualization strategy in the Windows Server Division at Microsoft. Mike is focused on the delivery of the Windows virtualization technology, including Windows Server 2008 Hyper-V, Microsoft Hyper-V Server and Virtual PC 2007. Mike also directs the tec
AJAX World - Curl Launches Adobe AIR Competitor
By RIA News Desk
Curl announced the beta release of Curl Nitro, the code name for an extension of the Curl Rich Internet Application (RIA) platform which offers enhanced desktop capabilities required by today's enterprises. The Nitro extension simplifies the process of installing and managing Curl appl
Is the Silverlight Adoption Rate Artificially Inflated?
By Kevin Hoffman
Silverlight 2.0 is a freaking phenomenal RIA development environment and I would actually, at this point, put the development experience in Silverlight 2.0 above and beyond Flex. I can do more faster and have it look better and run more efficiently in Silverlight 2.0 than I can in Flex
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
SYS-CON FEATURED WHITEPAPERS

3rd International Virtualization Conference & Expo: Themes & Topics
From Application Virtualization to Xen, a round-up of the virtualization themes & topics being discu
JavaOne 2008: Sun Talks Up its Late-to-the-Party AIR-Silverlight Rival
At Java One this week Sun has been selling its year -old-but-still-upcoming - and definitely late-to-
AJAX World - Xceed Launches Microsoft Silverlight 2 Control
Xceed launched Xceed Upload for Silverlight, the commercial offering in support of Microsoft's promi
Microsoft To Keynote 4th International Virtualization Conference & Expo
Mike Neil is general manager for virtualization strategy in the Windows Server Division at Microsoft
AJAX World - Curl Launches Adobe AIR Competitor
Curl announced the beta release of Curl Nitro, the code name for an extension of the Curl Rich Inter
Is the Silverlight Adoption Rate Artificially Inflated?
Silverlight 2.0 is a freaking phenomenal RIA development environment and I would actually, at this p
Xceed to Embrace Microsoft's Silverlight in Upcoming Product
Xceed is poised to launch Xceed Upload for Silverlight, its offering in support of Microsoft's promi
Cynergy Selected by Microsoft for Global Agency Initiative
Cynergy Systems announced it has been selected by Microsoft to participate in the Microsoft Global A
Gomez Announces Web Performance Testing Support for Microsoft Internet Explorer 8
Gomez announced support for Microsoft's Internet Explorer (IE) 8 beta 1. Using the Gomez ExperienceF
Silverlight 2 - Adobe Flex Killer Is on Its Way!
Silverlight 2.0 kicks ass and I can't wait to start dropping more hardcore blog posts regarding it.
ADS BY GOOGLE
BREAKING NEWS FROM THE WIRES
Aplana Software Has Developed a New Web-Site for Russian TV Channel Sport Using Microsoft Silverlight Technology
Aplana Software, a Moscow based software services company and a member of I.T.Co Group,
May. 15, 2008 02:00 PM