This workshop will cover:
• Application security fundamentals: application evolution, Web 2.0 framework, layered threats, threat models, attack vectors and Web 2.0 protocols
• Application architecture: .NET and J2EE application frameworks, Web 2.0 application architecture, widgets framework, application layers and components, resources and interactions, other languages
• Advanced Web technologies and security: Ajax, Rich Internet Applications (RIA) and Web services
• Application attack vectors with Web 2.0 perspective: SQL injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), path traversal, session hijacking, LDAP/XPATH/Command injection, buffer overflow, input validation bypassing, database hacks and blind SQL injections
• Advanced attacks and exploits: Ajax-based XSS, CSRF with Web services, decompiling flash and RIA apps, WSDL scanning, XML poisoning, SQL injections through XML, external entity attacks, widget exploitation, RSS injections, cross domain bypass
• Application methodologies: blackbox/whitebox approaches, tools and tricks
• Advanced application footprinting and discovery: leveraging search engines, cross domain mashup discovery and Web 2.0 application domain enumeration along with technology fingerprinting
• Advanced browser-based attacks: XSS proxy and browser hijacking, Intranet scanning, JavaScript manipulation and DOM injections
• Scanning Web services: footprinting, discovery, scanning and attacking XML-RPC, SOAP and REST based applications
• Scanning for vulnerabilities through Web 2.0 source code: function and method signature mapping, entry point identification, data access layer calls, tracing variables and functions

Students need to bring their own Windows-based laptops with an operating system that is XP, Vista, or in the server family. Your laptop must have installed on it.NET framework and 1 GB RAM.