SlideShare a Scribd company logo

Varun - Subtle Security Flaws - ClubHack2007

Download as PPT, PDF
ClubHack
ClubHack
TechnologyBusiness
1 of 17
Varun Sharma Application Consulting and Engineering (ACE) Team, Microsoft India
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
Product 1 ‘s Site Product 2 ‘s Site Product 3 ‘s Site Central Payment Site Signed XML POST
[object Object],[object Object],[object Object],[object Object]
Book movie ticket Screen 1 for User 1
Book movie ticket Screen 2 for User 1 You have 7 minutes left Enter Payment details:- Name:- Credit Card Number:- Address:- … . Click to Book
Book movie ticket Screen 1 for User 2
Book movie ticket Screen 1 for User 2 after 7 minutes
[object Object],[object Object],[object Object]
 

Recommended

Computer viruses
Computer virusesComputer viruses
Computer virusesnkosana cusson ngwenya
 
Computer hardware software and firmware
Computer hardware software and firmwareComputer hardware software and firmware
Computer hardware software and firmwarenafisarayhana1
 
Dünyanin en yüksek 10 heykeli̇
Dünyanin en yüksek 10 heykeli̇Dünyanin en yüksek 10 heykeli̇
Dünyanin en yüksek 10 heykeli̇Raci Göktaş
 
Orient express
Orient expressOrient express
Orient expressRaci Göktaş
 
NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...
NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...
NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...NIMA
 
1. мурус
1. мурус1. мурус
1. мурусstartuppoint
 
Webbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjarnan |.SE
 
PARA KAZANMAK
PARA KAZANMAKPARA KAZANMAK
PARA KAZANMAKRaci Göktaş
 

Recommended

Computer viruses
Computer virusesComputer viruses
Computer virusesnkosana cusson ngwenya
 
Computer hardware software and firmware
Computer hardware software and firmwareComputer hardware software and firmware
Computer hardware software and firmwarenafisarayhana1
 
Dünyanin en yüksek 10 heykeli̇
Dünyanin en yüksek 10 heykeli̇Dünyanin en yüksek 10 heykeli̇
Dünyanin en yüksek 10 heykeli̇Raci Göktaş
 
Orient express
Orient expressOrient express
Orient expressRaci Göktaş
 
NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...
NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...
NIMA Expert Class/ Theorie Bleu Ocean Strategy/ Kris Brees/ ICSB/ 30 septembe...NIMA
 
1. мурус
1. мурус1. мурус
1. мурусstartuppoint
 
Webbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjarnan |.SE
 
PARA KAZANMAK
PARA KAZANMAKPARA KAZANMAK
PARA KAZANMAKRaci Göktaş
 
Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Raci Göktaş
 
Eoc Strategic Plan
Eoc Strategic PlanEoc Strategic Plan
Eoc Strategic PlanF Blanco
 
Bpm the battle 8 juni evaluatie trends in bpm
Bpm the battle 8 juni evaluatie trends in bpmBpm the battle 8 juni evaluatie trends in bpm
Bpm the battle 8 juni evaluatie trends in bpmrichard_van_tilborg
 
1. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 11. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 1jgutier4
 
Выставка "Образование и карьера" Муравьева Ася 2курс 10гр
Выставка "Образование и карьера" Муравьева Ася 2курс 10грВыставка "Образование и карьера" Муравьева Ася 2курс 10гр
Выставка "Образование и карьера" Муравьева Ася 2курс 10грakapi
 
Голографический стол
Голографический столГолографический стол
Голографический столstartuppoint
 
T7 apostrophes
T7 apostrophesT7 apostrophes
T7 apostrophesmecteam7
 
Equoterra - servizi per tutti
Equoterra - servizi per tuttiEquoterra - servizi per tutti
Equoterra - servizi per tuttiFrancesco Mondora
 
Expert Class Blue Ocean 6 Okt Fresh Forward
Expert Class Blue Ocean 6 Okt Fresh ForwardExpert Class Blue Ocean 6 Okt Fresh Forward
Expert Class Blue Ocean 6 Okt Fresh ForwardNIMA
 
Renovar – Oab 2009
Renovar – Oab 2009Renovar – Oab 2009
Renovar – Oab 2009OAB - Eleição
 
Mi ple
Mi pleMi ple
Mi pleJose Padilla
 
管理學971演示A班第9組
管理學971演示A班第9組管理學971演示A班第9組
管理學971演示A班第9組祐承 鄭
 
專案管理 Chap04
專案管理 Chap04專案管理 Chap04
專案管理 Chap04祐承 鄭
 
Segurança dos pneus
Segurança dos pneusSegurança dos pneus
Segurança dos pneusManuel Fernandes
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytestingThilak Pathirage -Senior IT Gov and Risk Consultant
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 

More Related Content

Viewers also liked

Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Raci Göktaş
 
Eoc Strategic Plan
Eoc Strategic PlanEoc Strategic Plan
Eoc Strategic PlanF Blanco
 
Bpm the battle 8 juni evaluatie trends in bpm
Bpm the battle 8 juni evaluatie trends in bpmBpm the battle 8 juni evaluatie trends in bpm
Bpm the battle 8 juni evaluatie trends in bpmrichard_van_tilborg
 
1. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 11. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 1jgutier4
 
Выставка "Образование и карьера" Муравьева Ася 2курс 10гр
Выставка "Образование и карьера" Муравьева Ася 2курс 10грВыставка "Образование и карьера" Муравьева Ася 2курс 10гр
Выставка "Образование и карьера" Муравьева Ася 2курс 10грakapi
 
Голографический стол
Голографический столГолографический стол
Голографический столstartuppoint
 
T7 apostrophes
T7 apostrophesT7 apostrophes
T7 apostrophesmecteam7
 
Equoterra - servizi per tutti
Equoterra - servizi per tuttiEquoterra - servizi per tutti
Equoterra - servizi per tuttiFrancesco Mondora
 
Expert Class Blue Ocean 6 Okt Fresh Forward
Expert Class Blue Ocean 6 Okt Fresh ForwardExpert Class Blue Ocean 6 Okt Fresh Forward
Expert Class Blue Ocean 6 Okt Fresh ForwardNIMA
 
管理學971演示A班第9組
管理學971演示A班第9組管理學971演示A班第9組
管理學971演示A班第9組祐承 鄭
 
專案管理 Chap04
專案管理 Chap04專案管理 Chap04
專案管理 Chap04祐承 鄭
 

Viewers also liked (14)

Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Bunu ona asla yapmayin!
Bunu ona asla yapmayin!
 
Eoc Strategic Plan
Eoc Strategic PlanEoc Strategic Plan
Eoc Strategic Plan
 
Bpm the battle 8 juni evaluatie trends in bpm
Bpm the battle 8 juni evaluatie trends in bpmBpm the battle 8 juni evaluatie trends in bpm
Bpm the battle 8 juni evaluatie trends in bpm
 
1. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 11. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 1
 
Выставка "Образование и карьера" Муравьева Ася 2курс 10гр
Выставка "Образование и карьера" Муравьева Ася 2курс 10грВыставка "Образование и карьера" Муравьева Ася 2курс 10гр
Выставка "Образование и карьера" Муравьева Ася 2курс 10гр
 
Голографический стол
Голографический столГолографический стол
Голографический стол
 
T7 apostrophes
T7 apostrophesT7 apostrophes
T7 apostrophes
 
Equoterra - servizi per tutti
Equoterra - servizi per tuttiEquoterra - servizi per tutti
Equoterra - servizi per tutti
 
Expert Class Blue Ocean 6 Okt Fresh Forward
Expert Class Blue Ocean 6 Okt Fresh ForwardExpert Class Blue Ocean 6 Okt Fresh Forward
Expert Class Blue Ocean 6 Okt Fresh Forward
 
Renovar – Oab 2009
Renovar – Oab 2009Renovar – Oab 2009
Renovar – Oab 2009
 
Mi ple
Mi pleMi ple
Mi ple
 
管理學971演示A班第9組
管理學971演示A班第9組管理學971演示A班第9組
管理學971演示A班第9組
 
專案管理 Chap04
專案管理 Chap04專案管理 Chap04
專案管理 Chap04
 
Segurança dos pneus
Segurança dos pneusSegurança dos pneus
Segurança dos pneus
 

Similar to Varun - Subtle Security Flaws - ClubHack2007

"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
Two way authentication
Two way authenticationTwo way authentication
Two way authenticationsree valli
 
Two way authentication
Two way authenticationTwo way authentication
Two way authenticationsree valli
 
a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti... a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti...ZTech Proje
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_pptNarayanan
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At ScaleMayank Dhiman
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsModeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsShinpei Hayashi
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iPrecisely
 

Similar to Varun - Subtle Security Flaws - ClubHack2007 (20)

"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
Security testing
Security testingSecurity testing
Security testing
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of Internet
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Ways to protect From Keyloggers!
Ways to protect From Keyloggers!Ways to protect From Keyloggers!
Ways to protect From Keyloggers!
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 
Two way authentication
Two way authenticationTwo way authentication
Two way authentication
 
Two way authentication
Two way authenticationTwo way authentication
Two way authentication
 
a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti... a famework for analyzing template security and privacy in biometric authenti...
a famework for analyzing template security and privacy in biometric authenti...
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_ppt
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At Scale
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsModeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM i
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Varun - Subtle Security Flaws - ClubHack2007

Editor's Notes

  1. I will be presenting five subtle and interesting flaws in applications.
  2. Sites that do not have knowledge of IT and do not want to create e-commerce apps, rely on Central payment sites.