With so many Web 2.0 applications being written in AJAX, it was only a matter of time before the vulnerabilities began to crop up, but no one expected the unusual form they would take. This session by the man who discovered the first cross-vendor AJAX vulnerability – JavaScript Hijacking - will detail it and other security concerns while also discussing ways that AJAX could be implemented to make it less risky. Finally, we will take a look at AJAX security incidents to-date, and identify the ways that increased adoption of AJAX is likely to change the way hackers behave.

Speaker Bio: Dr. Brian Chess currently serves as Fortify's Chief Scientist, where his work focuses on practical methods for creating secure systems. Dr. Chess holds a Ph.D. in computer engineering from UC Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code.

 

Click Here - For Discounted Registration

Click Here - To Submit Your Paper

Click Here - To Sponsor AJAXWorld

 

The world’s leading Rich Internet Applications & Web 2.0 event is expected to attract more than 1,000 i-technology developers. AJAXWorld grew from a single track, one-day seminar, less than a year ago, into a four-day international conference & expo with more than 150 sessions delivered in ten simultaneous tracks, by more than 150 faculty members. 

 

Track 01: Rich Internet Applications

Track 02: Web 2.0 Enterprise Mashups

Track 03: Enterprise AJAX

Track 04: RIA Frameworks & Toolkits

Track 05: Security in RIA Applications

Track 06: Hot Topics

Track 07: iPhone AJAX Applications

Track 08: Advanced AJAX

Track 09: Platform Choices / Real-World AJAX

Track 10: OpenLaszlo Diamond Track

 

The conference now includes the world famous AJAXWorld University's AJAX Developer Bootcamp, OpenLaszlo Track and Adobe Flex 3 Developer Bootcamp. This year’s AJAXWorld Expo Floor is expected to display bleeding edge RIA technologies from more than 75 leading AJAX vendors.

AJAXWorld 2007 East Conference & Expo Sponsored by the World's Top  Web 2.0 and RIA Technology Leaders!
AJAXWorld Conference & Expo 2007 East sponsors and exhibitors included: Laszlo Systems (Diamond Sponsor), JackBe (Platinum Sponsor), Adobe (Platinum Sponsor), Cynergy (Platinum Sponsor), Backbase (Gold Sponsor) Google (Gold Sponsor), Nexaweb (Gold Sponsor), ICEsoft (Gold Sponsor), Oracle (Gold Sponsor), Helmi Technologies (Gold Sponsor), JetBrains (Gold Sponsor), TIBCO (Gold Sponsor), Kapow Technologies (Gold Sponsor), Sun Microsystems (Silver Sponsor), Parasoft (Silver Sponsor), Servoy (Silver Sponsor), Etelos (Silver Sponsor),  Microsoft (Expo Plus Sponsor),  Lightstreamer (Exhibitor Plus Sponsor),  IT Mill (Exhibitor Plus Sponsor), FrogLogic (Exhibitor Plus Sponsor), ThinWire (Expo Sponsor), Quasar Tecnologies (Expo Sponsor), Zapatec (Exhibitor Plus Sponsor), MB Technologies Bindows (Exhibitor), OpenSpot (Exhibitor), ILOG (Exhibitor), Passport Corporation (Exhibitor), Addison-Wesley (Exhibitor), The Thomson Corporation (Exhibitor), Isomorphic Software-SmartClient (Exhibitor), Universal Mind (Exhibitor), Farata Systems (Exhibitor Plus),  Manning Publications (AJAX Book Sponsor), Apress (AJAX Book Sponsor), Conference Guru (Media Sponsor), Flash Goddess (Media Sponsor), AJAXWorld Magazine (Media Sponsor), Web 2.0 Journal (Media Sponsor), SYS-CON.TV (Media Sponsor), IT Mill (Media Sponsor), Methods & Tools (Media Sponsor), Web 2.0 Journal (Media Sponsor), and OASIS.

As of today OpenAjax Alliance members include: 24SevenOffice, abiss.gr, ActiveGrid, ActiveState, Adobe, American Greetings, Aplix Corporation, Appeon, Aptana, Arimaan Global Consulting, BEA Systems, Cisco Systems, Coradiant, Curl, Custom Credit Systems (Thinwire), Document Advantage, Dojo Foundation DreamFace Interactive, Eclipse Foundation, edge IPK, eLink Business Innovations, ESRI, F5, Fidelity Investments, Finetooth, Getahead (DWR), Global Computer Enterprises, GoETC, Google, Helmi Technologies, HR-XML, IBM, ICEsoft, Ikivo, ILOG, Innoopract, iPolipo, Isomorphic Software, IT MILL, JackBe, Javeline, JSSL, JWAX, Laszlo Systems, Lightstreamer, Microsoft, MobileAware, Mozilla Corporation, NetScript Technologies, Nexaweb, Nitobi, Novell, OpenLink Software, OpenSpot, OpenSymphony (OpenQA), Openwave Systems, Opera, OpSource, Oracle, OS3.IT, RadView, Redmonk, RIFT Technologies, SAP, Scalix, Seagull Software, Service-Now.com, Sitepen, Software AG, Sun Microsystems, Tealeaf Technology, Teleca Mobile, Telerik, The Frontside, Tibco, Transmend, Vertex Logic, Visible Measures, Visual WebGui, Volantis Systems, Webtide, XML11, Xucia, Zend, Zimbra, and Zoho.

	radixweb 08/18/08 07:24:10 AM EDT
	Great Post... Java Programmer...

	radixweb 08/18/08 03:07:42 AM EDT
	Hey, Great Post.....

AJAX Security News Desk 08/28/07 12:33:55 PM EDT

With so many Web 2.0 applications being written in AJAX, it was only a matter of time before the vulnerabilities began to crop up, but no one expected the unusual form they would take. This session by the man who discovered the first cross-vendor AJAX vulnerability - JavaScript Hijacking - will detail it and other security concerns while also discussing ways that AJAX could be implemented to make it less risky. Finally, we will take a look at AJAX security incidents to-date, and identify the ways that increased adoption of AJAX is likely to change the way hackers behave.