YOUR FEEDBACK
Verizon Becomes a Counter-Android Linux Convert
JNels wrote: Hey - Jeffrey Nelson here at Verizon Wireless. Not a bit of ...
May. 16, 2008 12:08 PM
SOA World Conference
Virtualization Conference
$200 Savings Expire May 16, 2008... – Register Today!
Did you read today's front page stories & breaking news?

SYS-CON.TV: How Do You Minimize Unpleasant Surprises in Your Java Code? Guest Nigel Cheshire

2007 West
GOLD SPONSORS:
Active Endpoints
Your SOA Needs BPEL for Orchestration
BEA
Virtualized SOA: Adaptive Infrastructure for Demanding Applications
Nexaweb
Overcoming Bandwidth Challenges with Nexaweb
TIBCO
What is Service Virtualization?
SILVER SPONSORS:
WSO2
Using Web Services Technologies and FOSS Solutions
Click For 2007 East
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
SYS-CON.TV
SYS-CON.TV WEBCASTS
JACKBE The Big A(architecture in AJAX)
INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich
YAHOO! Applying AJAX to Speed User's Journey
ENERJY WEBCAST Java Code Quality Management
APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle
TOP LINKS YOU MUST CLICK ON


AJAXWorld News Desk
All-New AJAX Security Bootcamp Next Week at AJAXWorld in New York
Billy Hoffman Launches the World's First All-Day Immersive Learning Focused on Mitigating Risks in AJAX Apps

By: RIA News Desk
Feb. 18, 2008 02:00 PM
Digg This!

Being held for the first time on March 18, 2008 at the historic Roosevelt Hotel in New York City, AJAXWorld Security Bootcamp is a compelling, intensive, one-day, hands-on training program that will teach Web developers, Web designers, and other Web professionals how to build secure AJAX applications and demonstrate what the best practices are to mitigate security problems in AJAX apps.

It is led by one of the world's foremost AJAX security experts and popular teachers, Billy Hoffman.

The full program is below.

Click Here to Register Now and Save!

When:  Monday, March 18, 2008: 8:30AM-5:30PM 

Where:  The Roosevelt Hotel on 45th and Madiscon, New York City

Who:  AJAX Security Bootcamp is led by:

Billy Hoffman is a lead security researcher for SPI Dynamics (www.spidynamics.com), which was purchased by Hewlett-Packard on 01 August 2007. At SPI Dynamics, he focuses on automated discovery of Web application vulnerabilities and crawling technologies. He has been a guest speaker at Black Hat Federal, Toorcon, Shmoocon, O'Reilly's Emerging Technology Conference, The 5th Hope, and several other conferences. His work has been featured in Wired, Make magazine, Slashdot, G4TechTV, and in various other journals and Web sites. In addition, Billy is a reviewer of white papers for the Web Application Security Consortium (WASC), and is a creator of Stripe Snoop, a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripes. He also spends his time contributing to OSS projects and writes articles under the handle Acidus.


Billy was a featured speaker at AJAXWorld Conference & Expo 2007 West.

Join Billy and your fellow Bootcamp delegates at the AJAXWorld Security Bootcamp on March 18. We'll see you in New York City!

Click Here to Register Now and Save!

AJAX Security Bootcamp Outline

8:30-8:45am Introductions and Participant Goals
8:45-9:30am

Live AJAX hacking demo

Step by step walk through of hacking an AJAX travel site

9:30-10:30am

Web Security

Overview of traditional web security

Resource enumeration attacks

Injection attacks

Information Disclosure

10:30-10:45am Break
10:45am-11:45am

AJAX Attack surface

Scoping the application

Input validation

Rich input validation

11:45am-12:30pm

Transparency in AJAX Applications

Manipulating variables

Control flow tampering

Control logic Denial of Service

Reverse engineering JavaScript

Trapping on-demand AJAX

12:30-1:30pm Lunch
1:30-2:30pm

Advanced AJAX Hacking

AJAX hijacking

Presentation layer hacking

Client-side storage

2:30-3:30pm

Complex AJAX Application Hacking

Web mashups

Gadgets and Widgets

Offline AJAX application

3:30-4:15pm

Audience Hacking Lab

Instructor supervised hacking of AJAX application

4:15-5:15pm

Secure AJAX Development and Testing

Secure coding practicess

Framework security features

Testing AJAX applications

Preserving trust

5:15-5:30pm Q&A

Click Here to Register Now and Save!

Published Feb. 18, 2008 — Reads 40,273
Copyright © 2008 SYS-CON Media. All Rights Reserved.
About RIA News Desk
Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to RIA@sys-con.com to share your product and company news coverage with AJAXWorld readers.

ENTERPRISE OPEN SOURCE MAGAZINE LATEST STORIES . . .
IBM, Microsoft & Google Eras of Computing
By Sridhar Vembu
By now it is conventional wisdom to say that there was an IBM Era of computing, then a Microsoft Era, and now we are in the Google Era. In this post, I will explain why Microsoft was not the 'next IBM' and why Google is not the 'next Microsoft' - there are significant qualitative diffe
Open-Xchange to Deliver Collaboration Solution Integrated With Parallels Virtualization
By Virtualization News Desk
Open-Xchange and Parallels are integrating Open-Xchange open source email and collaboration software with Parallels technology to deliver a cost-effective, enterprise-class alternative to commercial email and collaboration products at a competitive price. The products, which will be fu
JavaOne 2008: Uncommon Java Bugs
By S G Ganesh
Any large Java source base can have insidious and subtle bugs. Every experienced Java programmer knows that finding and fixing these bugs can be difficult and costly. Fortunately, there are a large number of free open source Java tools available that can be used to find and fix defects
Application Security for Open Source - The New Frontier
By Theresa Bui-Friday
Hybrid applications made up of proprietary, open source and third-party components are the result of today's fast-paced and complex software development landscape. Applications developed within the last five years - whether internal or external - are at least 50% open source software (
3rd International Virtualization Conference & Expo: Themes & Topics
By Jeremy Geelan
From Application Virtualization to Xen, a round-up of the virtualization themes & topics being discussed in NYC June 23-24, 2008 by the world-class speaker faculty at the 3rd International Virtualization Conference & Expo being held by SYS-CON Events in The Roosevelt Hotel, in midtown
Open Source Penetration and Use in SOA Deployments
By SOA World Magazine News Desk
Open source has made significant inroads into middleware deployments in the enterprise. More and more, open source is being used to deliver the benefits of SOA and open source to the enterprise. There are many custom Enterprise Service Bus deployments waiting to be upgraded to a simple
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK
Open Source & Commercial Software: Both Are Crucial
By Dirk Morris
SOA World - Exclusive Q&A with David Linthicum, CEO of StrikeIron
By Jeremy Geelan
Which of These Six Open Source Companies Will Be the Next Red Hat?
By Mark R. Hinkle
Viewpoint: Time for Open Source Software Vendors to Think Beyond Free
By Christopher Keene
Viewpoint: Not Every ColdFusion Developer Should Be A Flex Developer
By Andrew Powell
Sun CEO: "Sun Continues to Lead the Open Source Innovation Revolution"
By Enterprise Open Source News Desk
MySQL 5.1 Delayed for Bug Spray
By Maureen O'Gara
Ingres Executives Named to Open Source Boards
By Enterprise Open Source News Desk
Open Source Census Starts
By Maureen O'Gara
Exadel dVision Certified for MySQL Enterprise 5.0
By Enterprise Open Source News Desk
OSA Announces New Board Members
By Enterprise Open Source News Desk
Sun Microsystems Extends Open Storage Platform with New Services and Tools in OpenSolaris Operating System
By Enterprise Open Source News Desk
ADS BY GOOGLE