The track is being conducted by Shreeraj Shah, the founder of BlueInfy, and Vimal Patel, the director of the same organization. Blueinfy is an IT firm specializing in web application security auditing and assessment. Both individuals are active members of the information security community and have published several books and papers concerning web application security.
The curriculum has entailed discussions into traditional attacks in the context of how these can be modified to target Web 2.0 websites. Concepts such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) were covered in detail. Special emphasis was given regarding the limitations of existing tools in detecting problems with web pages that utilize these devious tactics. This is due in part to the paradigm shift which moves business logic and other back-end processes from the server-side to the client-side, consequently creating a situation wherein activities in Web 1.0 would have been harmless, but now have the potential of negatively impacting an end-user’s security.
Day two will continue exploring other emergent technologies and threats, such as mobile security, malware forensics, and cyber warfare. These are all critical topics, and zveloLABS will apply the learnings from this track into practical use within our real-time malicious websites detection technologies.
