All-New AJAX Security Bootcamp Next Week at AJAXWorld in New York @ OPEN WEB DEVELOPER'S JOURNAL

All-New AJAX Security Bootcamp Next Week at AJAXWorld in New York

Billy Hoffman Launches the World's First All-Day Immersive Learning Focused on Mitigating Risks in AJAX Apps

Feb. 18, 2008 02:00 PM

Being held for the first time on March 18, 2008 at the historic Roosevelt Hotel in New York City, AJAXWorld Security Bootcamp is a compelling, intensive, one-day, hands-on training program that will teach Web developers, Web designers, and other Web professionals how to build secure AJAX applications and demonstrate what the best practices are to mitigate security problems in AJAX apps.

It is led by one of the world's foremost AJAX security experts and popular teachers, Billy Hoffman.

The full program is below.

Click Here to Register Now and Save!

When: Monday, March 18, 2008: 8:30AM-5:30PM

Where: The Roosevelt Hotel on 45th and Madiscon, New York City

Who: AJAX Security Bootcamp is led by:

Billy Hoffman is a lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard on 01 August 2007. At SPI Dynamics, he focuses on automated discovery of Web application vulnerabilities and crawling technologies. He has been a guest speaker at Black Hat Federal, Toorcon, Shmoocon, O'Reilly's Emerging Technology Conference, The 5th Hope, and several other conferences. His work has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. In addition, Billy is a reviewer of white papers for the Web Application Security Consortium (WASC), and is a creator of Stripe Snoop, a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripes. He also spends his time contributing to OSS projects and writes articles under the handle Acidus.

Billy was a featured speaker at AJAXWorld Conference & Expo 2007 West.

Join Billy and your fellow Bootcamp delegates at the AJAXWorld Security Bootcamp on March 18. We'll see you in New York City!

Click Here to Register Now and Save!

AJAX Security Bootcamp Outline
8:30-8:45am Introductions and Participant Goals
8:45-9:30am
Live AJAX hacking demo
Step by step walk through of hacking an AJAX travel site
9:30-10:30am
Web Security
Overview of traditional web security
Resource enumeration attacks
Injection attacks
Information Disclosure
10:30-10:45am Break
10:45am-11:45am
AJAX Attack surface
Scoping the application
Input validation
Rich input validation
11:45am-12:30pm
Transparency in AJAX Applications
Manipulating variables
Control flow tampering
Control logic Denial of Service
Reverse engineering JavaScript
Trapping on-demand AJAX
12:30-1:30pm Lunch
1:30-2:30pm
Advanced AJAX Hacking
AJAX hijacking
Presentation layer hacking
Client-side storage
2:30-3:30pm
Complex AJAX Application Hacking
Web mashups
Gadgets and Widgets
Offline AJAX application
3:30-4:15pm
Audience Hacking Lab
Instructor supervised hacking of AJAX application
4:15-5:15pm
Secure AJAX Development and Testing
Secure coding practicess
Framework security features
Testing AJAX applications
Preserving trust
5:15-5:30pm Q&A

Click Here to Register Now and Save!

Published Feb. 18, 2008 — Reads 40,306
Copyright © 2008 SYS-CON Media. All Rights Reserved.

About RIA News Desk
Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to RIA@sys-con.com to share your product and company news coverage with AJAXWorld readers.

LATEST OPEN WEB DEVELOPER STORIES

IBM, Microsoft & Google Eras of Computing

By Sridhar Vembu

By now it is conventional wisdom to say that there was an IBM Era of computing, then a Microsoft Era, and now we are in the Google Era. In this post, I will explain why Microsoft was not the 'next IBM' and why Google is not the 'next Microsoft' - there are significant qualitative

Enterprise Web Security Added to Google Apps

By Maureen O'Gara

Google has taken its Postini investment and turned out Google Web Security for the Enterprise, which is supposed to protect against spyware, viruses and zero-hour threats in real-time whether the user is on the corporate network or working remotely like at a hotel or in an airpor

3rd International Virtualization Conference & Expo: Themes & Topics

By Jeremy Geelan

From Application Virtualization to Xen, a round-up of the virtualization themes & topics being discussed in NYC June 23-24, 2008 by the world-class speaker faculty at the 3rd International Virtualization Conference & Expo being held by SYS-CON Events in The Roosevelt Hotel, in mi

Verizon Becomes a Counter-Android Linux Convert

By Maureen O'Gara

Verizon Wireless is snubbing Google's Linux-based Android initiative to go with the LiMo Foundation's mobile Linux spec for its next wave of mobile phones expected next year. Along with Verizon, Mozilla signed up - giving the consortium its first major open source ISV - and a key

Zoho Invites Google & Yahoo Users to Login

By Open Web Developer News Desk

Zoho announced that it is welcoming Google and Yahoo users with a unified login designed to encourage those users to try Zoho applications. Now, Google and Yahoo users who visit Zoho can simply log into Zoho using the usernames and passwords associated with their Google and Yahoo

Borland Finally Dumps CodeGear Tools Division

By Maureen O'Gara

It's only taken Borland two years but it's finally dumped its CodeGear tools division, responsible for Borland's hereditary JBuilder, Delphi and C++ Builder lines as well as its new web ventures into PHP and Ruby, said to be used by 7.5 million developers. Embarcadero Technologie