<HTML><head>
<meta name="robots" content="noindex" />
</head>
<BODY link="#008000" vlink="#002000">

<left><title>Pen Testing Web 2.0: The Client
Jeremy Druin AIDE 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)</title>
<CENTER>
<font size="6"><b>Pen Testing Web 2.0: The Client<br>
Jeremy Druin</b></font><b><font size="6"><br>
AIDE 2012</font></b><p>&nbsp;</p>
</CENTER>
<p align="left">
Pen Testing Web 2.0: The Client is an introduction to pen-testing web 
applications utilizing HTML5 web storage and AJAX. This presentation begins with 
a brief review of HTML5 web storage and AJAX serialization formats before 
demonstrating techniques for testing defects in web 2.0 application security. 
The demos will use the Mutillidae 2.x training application.<br>
<br>
Stealing HTML5 Storage and JSON Injection: Jeremy will break down the principals 
behind HTML5 Storage and JSON Injection attacks to show the ever evolving risk 
that web coding introduces into our environments. You will enjoy peering into 
the process via a demo of web application code Jeremy developed to enlighten us 
as to how an attack would occur in the real world and what security risk this 
could present. The attacks you will experience will include obtaining valuable 
contents from an unsuspecting user’s HTML5 database, then transporting the 
stolen data to a chosen location for security analysis. Additionally Jeremy will 
demonstrate an attack which injects code into JSON used in so-called “web 2.0”.<br>
<br>
<br>
<br>
Bio:<br>
Jeremy Druin works as a internal pen-tester, incident responder, and 
defect-remediation expert for a multi-national transportation logistic company. 
Other responsibilities include web vulnerability assessment operations, setting 
application and database security standards, creating developer training 
programs, and teaching developers how to architech, design and write secure 
applications. Additionally Jeremy develops the open-source Mutillidae 2.x 
training environment and consults on web-application security topics. As the 
Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on web 
application pen-testing and remediation along with operating the &quot;webpwnized&quot; 
YouTube video channel. Jeremy has a Bachelors in Computer Science from Indiana 
University and is a GIAC-certified Web Application Pen-Tester.<br>
&nbsp;</p>
<CENTER>
<p>
Recorded at <a href="http://www.appyide.org/">AIDE</a> 2012</p>
<p><iframe width="853" height="480" src="http://www.youtube.com/embed/bjGxBcLCo1Y" frameborder="0" allowfullscreen></iframe></p>
<p>Download from:<br>
<a href="http://archive.org/download/Aide2012/PenTestingWeb2.0TheClient-jeremyDruin.avi">
http://archive.org/download/Aide2012/PenTestingWeb2.0TheClient-jeremyDruin.avi</a>&nbsp; </p>
<b>
<p><a href="http://www.irongeek.com/i.php?page=videos/aide2012/mainlist">Back 
to AIDE 2012 video list</a></p>
</CENTER></left><!-- Begin Adsense Code -->
<center>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- Bigger Box -->
<ins class="adsbygoogle"
     style="display:inline-block;width:336px;height:280px"
     data-ad-client="ca-pub-3256770407637090"
     data-ad-slot="9758277793"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</center>
<!-- End Adsense Code -->
<script type="text/javascript">
function killclippy()
{
var exdate=new Date();
exdate.setDate(exdate.getDate() + 150);
var c_value=escape(true) + "; expires="+exdate.toUTCString();
document.cookie="killclippycookie=" + c_value;
document.getElementById('clippy').style.visibility = 'hidden';
}
</script>
<!-- analytics -->
<script type="text/javascript">

  var _gaq = _gaq || [];
  var pluginUrl ='//www.google-analytics.com/plugins/ga/inpage_linkid.js';
  _gaq.push(['_require', 'inpage_linkid', pluginUrl]);
  _gaq.push(['_setAccount', 'UA-186935-2']);
  _gaq.push(['_setDomainName', 'irongeek.com']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
<!-- analytics -->
<P align=center><B>If you would like to republish one of the articles from this site on your webpage or print journal please contact <A href="i.php?page=contact"><font color="#FFFFFF">IronGeek</font></A>.</B></P>
<P> 
<P align=center>Copyright 2020, IronGeek</FONT></BODY></HTML>