Sponsors



SECURECon is endorsed by

AJAXed Security

Nikola Mijatovic 2007

Once again, the industry is not learning from it's mistakes. And once again, the industry is coming up with new technologies, concepts, frameworks, etc. which have been designed and created with very little security. IT teams just started learning about XSS and other Webapp vulnerabilities and they are already getting overwhelmed with new technologies. So there is little time to dedicate to security.

This presentation offers basics around Web 2.0 security. It starts with explaining what AJAX (the synonym for Rich Client Architecture) is. It follows with general implications of AJAX and takes a look-out in the near AJAX future. Thereafter it explains briefly main Webapp vulnerabilities like XSS and general code injection. This is required for understanding of the consecutive part, which is dedicated to security implications of AJAX. This part talks about AJAX threats created through increased complexity of Rich Client Architecture. Several AJAX service are described also from a hacker perspective. The presentation ends with vulnerability remediation and testing recommendations.

A link to the presentations can be found here.

About Nikola Mijatovic

Nikola Mijatovic is a director of information security company SecPro. He has a Master in Computer Science from the University of Zurich, Switzerland. His master thesis was about secure web services in e-Government.

Nik has over 7 years experience working in IT and security roles. One of these was to develop security web applications. A challenging project where he was the security subject matter expert, involved a web application for global data monitoring used by the Swiss intelligence agency. In 2005 he moved to Australia where he soon started to work as security analyst for one of the banks. In his last role he was heavily engaged in improving the security of their main web application and additionally participated as the technical specialist in several forensic investigations.

Nik has a strong passion for information security. Outside his work he is active in numerous projects researching newest technologies and their vulnerabilities. For more information please visit www.secpro.com.au.