A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Pen Testing Web 2.0: The Client Jeremy Druin AIDE 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

Pen Testing Web 2.0: The Client
Jeremy Druin

AIDE 2012


Pen Testing Web 2.0: The Client is an introduction to pen-testing web applications utilizing HTML5 web storage and AJAX. This presentation begins with a brief review of HTML5 web storage and AJAX serialization formats before demonstrating techniques for testing defects in web 2.0 application security. The demos will use the Mutillidae 2.x training application.

Stealing HTML5 Storage and JSON Injection: Jeremy will break down the principals behind HTML5 Storage and JSON Injection attacks to show the ever evolving risk that web coding introduces into our environments. You will enjoy peering into the process via a demo of web application code Jeremy developed to enlighten us as to how an attack would occur in the real world and what security risk this could present. The attacks you will experience will include obtaining valuable contents from an unsuspecting user’s HTML5 database, then transporting the stolen data to a chosen location for security analysis. Additionally Jeremy will demonstrate an attack which injects code into JSON used in so-called “web 2.0”.

Jeremy Druin works as a internal pen-tester, incident responder, and defect-remediation expert for a multi-national transportation logistic company. Other responsibilities include web vulnerability assessment operations, setting application and database security standards, creating developer training programs, and teaching developers how to architech, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae 2.x training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on web application pen-testing and remediation along with operating the "webpwnized" YouTube video channel. Jeremy has a Bachelors in Computer Science from Indiana University and is a GIAC-certified Web Application Pen-Tester.

Recorded at AIDE 2012

Download from:

Back to AIDE 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast