- Gursev Singh Kalra Principal Consultant McAfee, Foundstone Professional Services
|
|
- Antonia Candace Horton
- 6 years ago
- Views:
Transcription
1 Attacking OData - Gursev Singh Kalra Principal Consultant McAfee, Foundstone Professional Services
2 Agenda OData Primer Oyedata for OData Assessments OyedataDemonstrations Ofuzz Demonstration Attacking OData Services McAfee, 2012 Gursev Singh Kalra 2
3 ODATA PRIMER McAfee, 2012 Gursev Singh Kalra 3
4 Why OData? * McAfee, 2012 Gursev Singh Kalra 4
5 What is OData? Query and Update Data over the Web. JDBC/ODBC for the Internet Resources identified using Uniform Resource Identifiers (URIs) HTTP based RESTful data services Relies on PUT, POST, DELETE and GET methods Adopted by Microsoft, IBM, SAP etc McAfee, 2012 Gursev Singh Kalra 5
6 O -Overwhelming Open Data Protocol Service Metadata Document Entries and Entity Types EDMDataTypes, CSDL Service Document Service Operations Complex Types Feeds, more McAfee, 2012 Gursev Singh Kalra 6
7 Entity Types, Feeds & Service Doc Service Document Feed A Feed B Feed C EntityType A Entry 1 Entry 2 Entry N Entity Type B Entry 1 Entry 2 Entry N EntityType C Entry 1 Entry 2 Entry N McAfee, 2012 Gursev Singh Kalra 7
8 Building Blocks McAfee, 2012 Gursev Singh Kalra 8
9 Entity Type and Entry Entity Type Entry McAfee, 2012 Gursev Singh Kalra 9
10 Feeds Collection of Typed Entries An OData Service can have one ore more feeds Service Document lists all top-level Feeds McAfee, 2012 Gursev Singh Kalra 10
11 Service Document Service Root URI McAfee, 2012 Gursev Singh Kalra 11
12 Service Metadata Document *DNA*of an OData Service CSDL describes Data Model /$metadata McAfee, 2012 Gursev Singh Kalra 12
13 Service Operations Remotely Invoked Custom Functions Accept Primitive Data Via GET or POST Return primitives, complex types, feeds or a void * McAfee, 2012 Gursev Singh Kalra 13
14 OYEDATAAND OFUZZ * McAfee, 2012 Gursev Singh Kalra 14
15 FuzzingOData (One Entity) Service Metadata Document Fuzzing Template McAfee, 2012 Gursev Singh Kalra 15
16 Few OyedataFeatures McAfee, 2012 Gursev Singh Kalra 16
17 OYEDATADEMONSTRATIONS McAfee, 2012 Gursev Singh Kalra 17
18 OFUZZ DEMONSTRATION * McAfee, 2012 Gursev Singh Kalra 18
19 ATTACKING ODATASERVICES * McAfee, 2012 Gursev Singh Kalra 19
20 OData on Security No Security Specifications Based on HTTP, AtomPub, and JSON Security considerations for several technologies involved * McAfee, 2012 Gursev Singh Kalra 20
21 Enumeration Service Document Service Metadata Document Tools (Oyedata, Linqpad, etc ) HTTP Methods PUT and DELETE McAfee, 2012 Gursev Singh Kalra 21
22 HTTP Verb Tunneling Allows to tunnel HTTP methods with POST Can be abused to execute unauthorized verbs McAfee, 2012 Gursev Singh Kalra 22
23 Navigation Properties pliers(1)/products Can be used as a springboard to other Entry Type s additional data McAfee, 2012 Gursev Singh Kalra 23
24 System Query Options Control the amount and type of data returned by the OData service. $select, $format, $expand, $filter, $orderbyetc Assess like regular web application parameters McAfee, 2012 Gursev Singh Kalra 24
25 Assessing OData Operations Key Enumeration and Entry Access Individual Property Access Write and Update operations (POST& PUT) Delete operations (DELETE) Service Operations McAfee, 2012 Gursev Singh Kalra 25
26 Data Validation and Error Handling Can be performed as per regular WAPT Malformed JSON and XML requests Database Integrity Checks McAfee, 2012 Gursev Singh Kalra 26
27 Additional Considerations Access File Systems, Databases, CMS and others Framework Generates Tons of Dynamic Code SQLi, Remote File Access, XPathInjection and Framework Specific Vulnerabilities McAfee, 2012 Gursev Singh Kalra 27
28 Further Reading and References Official OData website Oyedata A Pentester s Guide to Hacking OData McAfee, 2012 Gursev Singh Kalra 28
29 McAfee, 2012 Gursev Singh Kalra 29
30 THANK YOU! McAfee, 2012 Gursev Singh Kalra 30
A Pentester s Guide to Hacking OData
White Paper Gursev Singh Kalra, Principal Consultant McAfee Foundstone Professional Services Table of Contents Introduction 3 OData Basics 3 Accessing Feeds and Entries 3 The Service Document 4 The Service
More informationAttacking CAPTCHAs for Fun and Profit
Attacking Author: Gursev Singh Kalra Managing Consultant Foundstone Professional Services Table of Contents Attacking... 1 Table of Contents... 2 Introduction... 3 A Strong CAPTCHA Implementation... 3
More informationAttacking Visual CAPTCHAs with TesserCap
Attacking Visual CAPTCHAs with TesserCap Author: Gursev Singh Kalra Managing Consultant Foundstone Professional Services Table of Contents Attacking Visual CAPTCHAs with TesserCap... 1 Table of Contents...
More informationBroadening Web Service Access through REST and OData?
Broadening Web Service Access through REST and OData? Presented By: Steve Pilon, OSIsoft Michael van der Veeken, Atos Origin Where PI geeks meet 9/23/2010 Where PI geeks meet 2010 OSIsoft, LLC. All Rights
More informationPixelCAPTCHA. A Unicode Based CAPTCHA Scheme CYBER WORKFORCE ISSUES. Gursev Singh Kalra, Salesforce.com
PixelCAPTCHA A Unicode Based CAPTCHA Scheme Gursev Singh Kalra, Salesforce.com Abstract. This paper will discuss a new visual CAPTCHA [1] scheme that leverages the 64K Unicode code points from the Basic
More informationOData: What s New with REST APIs for Your Database. Sanjeev Mohan, Gartner Nishanth Kadiyala, Progress Mark Biamonte, OData TC Member, Progress
OData: What s New with REST APIs for Your Database Sanjeev Mohan, Gartner Nishanth Kadiyala, Progress Mark Biamonte, OData TC Member, Progress Audio Bridge Options & Question Submission 2 OData: What s
More informationREST API Documentation Using OpenAPI (Swagger)
REST API Documentation Using OpenAPI (Swagger) Modern technology for modern web frontends Martyn Kemp, Consultingwerk Ltd. martyn.kemp@consultingwerk.de http://www.consultingwerk.de/ 2 Consultingwerk Ltd.
More informationA Pentesters Guide to Hacking ActiveMQ-Based JMS Applications
A Pentesters Guide to Hacking ActiveMQ-Based JMS Applications 1 A Pentesters Guide to Hacking ActiveMQ-Based JMS Applications Table of Contents 4 Introduction 4 Messaging 101 5 Anatomy of a JMS Message
More informationOData Guide June 2014 Product Version 7.7 and above
PNMsoft Knowledge Base Sequence User Guides OData Guide June 2014 Product Version 7.7 and above 2014 PNMsoft All Rights Reserved This document, including any supporting materials, is owned by PNMsoft Ltd
More informationBypassing Web Application Firewalls
Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY CONSULTANT 17 th November 2017 BYPASSING A WAF WHY? Number of deployed Web Application Firewalls (WAFs) is increasing
More informationNiraj Bhatt Technical Architect Session Code:
Niraj Bhatt Technical Architect Session Code: Agenda Charge You Up Make you start saving money for next Tech Ed Deep Dive on migrating a SOAP service to REST service without any change in overall behavior
More informationRESTful Web Service Composition with JOpera
RESTful Web Service Composition with JOpera Cesare Pautasso Faculty of Informatics University of Lugano (USI), Switzerland http://www.pautasso.info 1 University of Lugano, Switzerland Faculty of Informatics
More informationArchitecture Figure 3.
The popularity of SAP EP and its availability on the Internet makes it a desirable entry point for hackers who are choosing the spot to attack companies of various size and industry. Let s take a look
More information[MS-ODATA]: Open Data Protocol (OData) Intellectual Property Rights Notice for Open Specifications Documentation
[MS-ODATA]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation ( this documentation ) for protocols,
More informationFi-domain names OData service description
Fi-domain names OData service description Version: 2.1 Page 1(18) 1 Introduction... 3 2 What is OData?... 4 2.1 OData: technical description... 4 3 OData service of fi-domain names... 6 3.1 Rights of use
More informationDevelop Mobile Front Ends Using Mobile Application Framework A - 2
Develop Mobile Front Ends Using Mobile Application Framework A - 2 Develop Mobile Front Ends Using Mobile Application Framework A - 3 Develop Mobile Front Ends Using Mobile Application Framework A - 4
More informationOData Protocol JSON Format Standards Support Document
[MS-ODATAJSON-Diff]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation ( this documentation ) for
More informationPeopleSoft Integration Tools II Rel 8.53
PeopleSoft Integration Tools II Rel 8.53 Duration: 4 Days What you will learn PeopleSoft Integration Tools II expands on the skills acquired in PeopleSoft Integration Tools I. In this 4-day course, you
More informationIntegration and Extensibility
Integration and Extensibility The OpenEdge Strategy Mike Marriage Senior Principal Product Manager mmarriag@progress.com Agenda Introduction Data, Data Everywhere The Tools Of The Trade Final Thoughts
More informationUnderstanding scan coverage in AppScan Standard
IBM Security AppScan Standard Open Mic Webcast January 27, 2015 Understanding scan coverage in AppScan Standard Panelists Shahar Sperling Software Architect at Application Security AppScan Tal Rabinovitch
More informationGeneXus for Smart Devices course - Architecture of Smart Device Applications
GeneXus for Smart Devices course - Architecture of Smart Device Applications The problem to solve is the construction of a backend for a real estate office, with a web section and another section for smart
More informationApplication Development
IBM Case Manager 5.0 Application Development Lauren Mayes, Mike Marin, Alan Babich, David Wang, Ganesh Vaideeswaran, Jay Brown October 1, 2010 Introduction Course Overview Target Audience Application developers
More informationOData Version Part 1: Protocol i
OData Version 4.01. Part 1: Protocol i Working Draft 0102 20 June08 December 20176 Technical Committee: OASIS Open Data Protocol (OData) TC Chairs: Ralf Handl (ralf.handl@sap.com), SAP SE Ram JeyaramanMichael
More informationScrew You and the Script You Rode in On
Screw You and the Script You Rode in On David Byrne Managing Consultant dbyrne@trustwave.com Presented by: Charles Henderson Director, Application Security Services chenderson@trustwave.com Introductions
More informationThe Great SharePoint 2016/2013 Adventure for Developers
The Great SharePoint 2016/2013 Adventure for Developers Developing for SharePoint 2016/2013 On-premises Course Code Audience Format Length Course Description Student Prerequisites GSA2016 Professional
More informationOData Version Part 1: Protocol
OData Version 4.01. Part 1: Protocol Committee Specification 01 30 January 2018 Specification URIs This version: http://docs.oasis-open.org/odata/odata/v4.01/cs01/part1-protocol/odata-v4.01-cs01-part1-
More informationSHAREPOINT DEVELOPMENT FOR 2016/2013
SHAREPOINT DEVELOPMENT FOR 2016/2013 Course Code: AUDIENCE: FORMAT: LENGTH: SP16-310-GSA (CP GSA2016) Professional Developers Instructor-led training with hands-on labs 5 Days COURSE INCLUDES: 5-days of
More informationRESTful CIM using the Open Data Protocol
RESTful CIM using the Open Data Protocol Alan McMorran B.Eng Ph.D!1 CIM Exchanges!2 CIM Data Exchange The exchange of data using CIM has traditionally been used in two primary ways: Full Model exchange
More informationZAP Innovations. OWASP Zed Attack Proxy. Simon Bennetts. OWASP AppSec EU Hamburg The OWASP Foundation
OWASP AppSec EU Hamburg 2013 The OWASP Foundation http://www.owasp.org ZAP Innovations OWASP Zed Attack Proxy Simon Bennetts OWASP ZAP Project Lead Mozilla Security Team psiinon@gmail.com Copyright The
More information#RESO16. Transport Workgroup Meeting Scott Petronis, Chair
#RESO16 Transport Workgroup Meeting Scott Petronis, Chair SPEAKER Scott Petronis Onboard Informatics Chief Product Officer spetronis@onboardinformatics.com Check out our conference app for more information
More informationOData Version 4.0. Part 1: Protocol Plus Errata 0203
OData Version 4.0. Part 1: Protocol Plus Errata 0203 OASIS Standard incorporating ApprovedDraft 01 of Errata 0203 30 October 2014 10 March 2016 Specification URIs This version: http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/redlined/part1-protocol/odata-v4.0-
More informationRESTFUL WEB SERVICES - INTERVIEW QUESTIONS
RESTFUL WEB SERVICES - INTERVIEW QUESTIONS http://www.tutorialspoint.com/restful/restful_interview_questions.htm Copyright tutorialspoint.com Dear readers, these RESTful Web services Interview Questions
More informationOData Version 4.0 Part 1: Protocol
OData Version 4.0 Part 1: Protocol OASIS Standard 24 February 2014 Specification URIs This version: http://docs.oasis-open.org/odata/odata/v4.0/os/part1-protocol/odata-v4.0-os-part1-protocol.doc (Authoritative)
More informationTop 7 Data API Headaches (and How to Handle Them) Jeff Reser Data Connectivity & Integration Progress Software
Top 7 Data API Headaches (and How to Handle Them) Jeff Reser Data Connectivity & Integration Progress Software jreser@progress.com Agenda Data Variety (Cloud and Enterprise) ABL ODBC Bridge Using Progress
More informationWhite Paper. Installation and Configuration of Fabasoft Integration for CMIS Summer Release
White Paper 2010 Summer Release Copyright Fabasoft R&D GmbH, A-4020 Linz, 2010. All rights reserved. All hardware and software names used are registered trade names and/or registered trademarks of the
More informationSo Many Ways to Slap a YoHo: Hacking Facebook & YoVille
Tom Stracener Strace, Contract Engineer MITRE EvilAdamSmith, Sr. Security Consultant Sean Barnum, Cybersecurity Principal MITRE So Many Ways to Slap a YoHo: Hacking Facebook & YoVille Misclaneous Disclaimers
More information[MS-ESREST]: Excel Services REST Protocol. Intellectual Property Rights Notice for Open Specifications Documentation
[MS-ESREST]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationPenetration Testing. James Walden Northern Kentucky University
Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application
More informationSpace Details. Available Pages
Key: Space Details extremescale Name: WebSphere extreme Scale and DataPower XC10 Appliance Wiki Description: Creator (Creation Date): dwblogadmin (Apr 09, 2009) Last Modifier (Mod. Date): carriemiller
More informationWEB APPLICATION PENETRATION TESTING VERSION 2
WEB APPLICATION PENETRATION TESTING VERSION 2 The most practical and comprehensive training course on web application pentesting elearnsecurity has been chosen by students in over 140 countries in the
More informationNo Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
[MS-ESREST]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationRESTful API Design APIs your consumers will love
RESTful API Design APIs your consumers will love Matthias Biehl RESTful API Design Copyright 2016 by Matthias Biehl All rights reserved, including the right to reproduce this book or portions thereof in
More informationApplication security. Not so obvious vulnerabilities. Nicolas Grégoire / Agarri CERN
Application security Not so obvious vulnerabilities Nicolas Grégoire / Agarri CERN Outline PHP Laxism XML Risks Blacklist Evasion XSLT Madness $ Whoami Nicolas Grégoire / Agarri Founder 13 years of Infosec
More informationWAPTv2 at a glance: Self-paced, online, flexible access interactive slides and 5+ hours of video material. Downloadable material
The most practical and comprehensive training course on Web App Pentest WAPTv2 at a glance: Self-paced, online, flexible access 1850+ interactive slides and 5+ hours of video material Downloadable material
More informationWhat is REST? ; Erik Wilde ; UC Berkeley School of Information
Erik Wilde (UC Berkeley School of Information) [http://creativecommons.org/licenses/by/3.0/] This work is licensed under a CC Attribution 3.0 Unported License [http://creativecommons.org/licenses/by/3.0/]
More informationSession 12. RESTful Services. Lecture Objectives
Session 12 RESTful Services 1 Lecture Objectives Understand the fundamental concepts of Web services Become familiar with JAX-RS annotations Be able to build a simple Web service 2 10/21/2018 1 Reading
More informationVulnerability & Attack Injection for Web Applications
Vulnerability & Attack Injection for Web Applications José Fonseca Marco Vieira Henrique Madeira DSN, Estoril, Portugal, 30/06/2009 University of Coimbra, Portugal Presentation Outline Research problem
More informationOData Atom Format Version 4.0
OData Atom Format Version 4.0 Committee Specification 02 17 November 2013 Specification URIs This version: http://docs.oasis-open.org/odata/odata-atom-format/v4.0/cs02/odata-atom-format-v4.0-cs02.doc (Authoritative)
More informationServices Web Nabil Abdennadher
Services Web Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Plan What is Web Services? SOAP/WSDL REST http://www.slideshare.net/ecosio/introduction-to-soapwsdl-and-restfulweb-services/14 http://www.drdobbs.com/web-development/restful-web-services-a-tutorial/
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13
1 Roadmap Dave Bain PeopleSoft Product Management 2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any
More informationApache Wink Developer Guide. Draft Version. (This document is still under construction)
Apache Wink Developer Guide Software Version: 1.0 Draft Version (This document is still under construction) Document Release Date: [August 2009] Software Release Date: [August 2009] Apache Wink Developer
More informationRelease Information. Product Version 1308 Release Date 9/ SuccessFactors Inc. All rights reserved. Contact Information
OData Query Trademark Information (TBD) and (TBD) are trademarks of SuccessFactors Inc. All other trademarks and copyrights are the property of their respective owners. No part of this document may be
More informationTAXII 2.0 Specification Pre Draft
TAXII 2.0 Specification Pre Draft Current Status/Intent This document serves to gain consensus on pre draft concepts of TAXII 2.0. Please feel free to poke holes and comment! Overview TAXII is an open
More information[MC-EDMX]: Entity Data Model for Data Services Packaging Format. Intellectual Property Rights Notice for Open Specifications Documentation
[MC-EDMX]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation ( this documentation ) for protocols,
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More information2 Apache Wink Building Blocks
2 Apache Wink Building Blocks Apache Wink Building Block Basics In order to take full advantage of Apache Wink, a basic understanding of the building blocks that comprise it and their functional integration
More informationTRANSFER MANAGER 2017
TRANSFER MANAGER 2017 LAST UPDATED: JULY 2017 System enhancements are located in Resolved system issues are located in WHAT S IMPROVED? BEFORE YOU BEGIN WEB SERVICE The Transfer Manager 2017 Web Service
More informationThe Browser Binding with a CMIS Repository
1 The Browser Binding with a CMIS Repository By Florian Müller, Jay Brown, and Jeff Potts, authors of CMIS and Apache Chemistry in Action A big part of the CMIS specification describes how the CMIS domain
More informationHuman vs Artificial intelligence Battle of Trust
Human vs Artificial intelligence Battle of Trust Hemil Shah Co-CEO & Director Blueinfy Solutions Pvt Ltd About Hemil Shah hemil@blueinjfy.net Position -, Co-CEO & Director at BlueInfy Solutions, - Founder
More informationDesign & Manage Persistent URIs
Training Module 2.3 OPEN DATA SUPPORT Design & Manage Persistent URIs PwC firms help organisations and individuals create the value they re looking for. We re a network of firms in 158 countries with close
More informationSemantics In Action For Proactive Policing
Semantics In Action For Proactive Policing Jen Shorten Technical Delivery Architect, Consulting Services Jon Williams Senior Sales Engineer, UK Public Sector The Nature of Policing Is Changing The increasing
More informationIndex A, B, C. Rank() function, steps, 199 Cloud services, 2 Comma-separated value (CSV), 27
Index A, B, C Calculations, Power Query distinct customers code implementations, 205 duplicate date and customer, 204 group by dialog configuration, 204 objective, 202 output, 205 Query Editor toolbar,
More informationOData Version Part 2: URL Conventions
OData Version 4.01. Part 2: URL Conventions Committee Specification 01 30 January 2018 Specification URIs This version: http://docs.oasis-open.org/odata/odata/v4.01/cs01/part2-url-conventions/odata-v4.01-cs01-part2-
More informationBRIDGING THE GAP: COLLIBRA CONNECT FROM THE BUSINESS POINT OF VIEW
BRIDGING THE GAP: COLLIBRA CONNECT FROM THE BUSINESS POINT OF VIEW Piotr Boczkowski, Collibra Connect Development Leader Adrian Hsieh, Product Integration Architect Sina Heshmati, Strategic Technical Advisor
More informationSharePoint 2013 CRUD on List Items Using REST Services & jquery
American Scientific Research Journal for Engineering, Technology, and Sciences (ASRJETS) ISSN (Print) 2313-4410, ISSN (Online) 2313-4402 Global Society of Scientific Research and Researchers http://asrjetsjournal.org/
More informationWeb Services and SOA. The OWASP Foundation Laurent PETROQUE. System Engineer, F5 Networks
Web Services and SOA Laurent PETROQUE System Engineer, F5 Networks OWASP-Day II Università La Sapienza, Roma 31st, March 2008 Copyright 2008 - The OWASP Foundation Permission is granted to copy, distribute
More informationCL_55244 JavaScript for Developers
www.ked.com.mx Av. Revolución No. 374 Col. San Pedro de los Pinos, C.P. 03800, México, CDMX. Tel/Fax: 52785560 Por favor no imprimas este documento si no es necesario. About this course. This course is
More informationThe Presence and Future of Web Attacks
Agenda The Presence and Future of Web Attacks Marco Fullin, CISSP Warning: This talk will be technical, chaotic and hurt Akamai Today Grow revenue opportunities with fast, personalized web experiences
More informationCrownPeak Playbook CrownPeak Search
CrownPeak Playbook CrownPeak Search Version 0.94 Table of Contents Search Overview... 4 Search Benefits... 4 Additional features... 5 Business Process guides for Search Configuration... 5 Search Limitations...
More informationOracle RESTful Services A Primer for Database Administrators
Oracle RESTful Services A Primer for Database Administrators Sean Stacey Director Database Product Management Oracle Server Technologies Copyright 2017, Oracle and/or its affiliates. All rights reserved.
More informationOData Atom Format Version 4.0
OData Atom Format Version 4.0 Committee Specification Draft 01 26 April 2013 Specification URIs This version: http://docs.oasis-open.org/odata/odata-atom-format/v4.0/csd01/odata-atom-format-v4.0- csd01.doc
More informationSecurityCenter 5.0 SCAP Assessments. May 28, 2015 (Revision 2)
SecurityCenter 5.0 SCAP Assessments May 28, 2015 (Revision 2) Table of Contents Overview... 3 Standards and Conventions... 3 Abbreviations... 3 Simple Assessment Procedure... 4 XCCDF Certified vs. Lower-Tier
More informationWeb Application Security Strategies -- OWASP Taiwan 2008 OWASP. The OWASP Foundation
Web Application Security Strategies -- Taiwan 2008 Yen-Ming Chen Director of Consulting, Northwest Foundstone, A Division of McAfee Yen-Ming.Chen@Foundstone.Com Copyright The Foundation Permission is granted
More informationCREATING WEB SERVICES WITH INTEGRATED WEB SERVICES (IWS)
CREATING WEB SERVICES WITH INTEGRATED WEB SERVICES (IWS) TURN YOUR RPG PROGRAMS INTO WEB SERVICES WITH EASE Presented by Mike Larsen Email: Mikelarsen.rbl@gmail.com LinkedIn: www.linkedin.com/in/mike-larsen-a4414a20
More informationOData Common Schema Definition Language (CSDL) JSON Representation Version 4.01
OData Common Schema Definition Language (CSDL) JSON Representation Version 4.01 Committee Specification Draft 02 / Public Review Draft 02 28 September 2017 Specification URIs This version: http://docs.oasis-open.org/odata/odata-csdl-json/v4.01/csprd02/odata-csdl-json-v4.01-
More informationFAQs OData Services SAP Hybris Cloud for Customer PUBLIC
FAQs OData Services SAP Hybris Cloud for Customer PUBLIC TABLE OF CONTENTS FAQS ODATA SERVICES... 3 1. How to access the SAP Hybris Cloud for Customer OData API of your tenant?...3 2. How to access the
More information[MS-DPEDMX]: Entity Data Model for Data Services Packaging Format Data Portability Overview
[MS-DPEDMX]: Entity Data Model for Data Services Packaging Format Data Portability Overview Intellectual Property Rights Technical Documentation. Microsoft publishes Open Specifications documentation for
More informationTaking White Hats to the Laundry: How to Strengthen Testing in Common Criteria
Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria Apostol Vassilev, Principal Consultant September 23,2009. Product Testing in Common Criteria Product Testing in Common Criteria
More informationUX400. OpenUI5 Development Foundations COURSE OUTLINE. Course Version: 02 Course Duration: 5 Day(s)
UX400 OpenUI5 Development Foundations. COURSE OUTLINE Course Version: 02 Course Duration: 5 Day(s) SAP Copyrights and Trademarks 2017 SAP SE or an SAP affiliate company. All rights reserved. No part of
More informationRESTful SCA with Apache Tuscany
RESTful SCA with Apache Tuscany Luciano Resende lresende@apache.org http://lresende.blogspot.com Jean-Sebastien Delfino jsdelfino@apache.org http://jsdelfino.blogspot.com 1 Agenda IBM Software Group What
More informationIntroduction. From SOA to REST: Designing and Implementing RESTful Services [./] Tutorial at ICWE Sebastián, Spain) Contents
Introduction From SOA to REST: Designing and Implementing RESTful Services [./] Tutorial at ICWE 2009 [http://icwe2009.webengineering.org/] (San Sebastián, Spain) Cesare Pautasso (Faculty of Informatics,
More informationMIS Training Institute Page 1
Application Defense Tactics & Strategies - WAF at the Gateway Shreeraj Shah Blueinfy Solutions Pvt. Ltd. Dubai HackInTheBox 2009 Who Am I? http://shreeraj.blogspot.com http://shreeraj.blogspot.com shreeraj@blueinfy.com
More informationUnraveling the Mysteries of J2EE Web Application Communications
Unraveling the Mysteries of J2EE Web Application Communications An HTTP Primer Peter Koletzke Technical Director & Principal Instructor Common Problem What we ve got here is failure to commun cate. Captain,
More informationMcAFEE PROFESSIONAL SERVICES. Unisys ClearPath OS 2200 Security Assessment White Paper
McAFEE PROFESSIONAL SERVICES Unisys ClearPath OS 2200 Security Assessment White Paper Prepared for Unisys Corporation April 25, 2017 Table of Contents Executive Summary... 3 ClearPath Forward OS 2200 Summary...
More informationSchema For Namespace Already Contains Type
Schema For Namespace Already Contains Type wsdl with duplicate type definitions on the same target namespace Thrown by JAXB: 'string15' is already defined at line 305 column 2 of schema. this file contains
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationLab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure
Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters.
More informationXML. Objectives. Duration. Audience. Pre-Requisites
XML XML - extensible Markup Language is a family of standardized data formats. XML is used for data transmission and storage. Common applications of XML include business to business transactions, web services
More informationIntroduction to REST Web Services
Introduction to REST Web Services Asst. Prof. Dr. Kanda Runapongsa Saikaew Department of Computer Engineering Khon Kaen University http://gear.kku.ac.th/~krunapon/xmlws 1 Agenda What is REST? REST Web
More informationFoundstone 7.0 Patch 8 Release Notes
Foundstone 7.0 Patch 8 Release Notes These release notes describe the changes and updates for Foundstone 7.0, patch 8. This application installs only the patch needed to update the Foundstone system. Foundstone
More information<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. WhiteHat Security Sentinel
RSA ARCHER GRC Platform Implementation Guide WhiteHat Security Jeffrey Carlson, RSA Partner Engineering Last Modified: 12/13/2016 Solution Summary The integration of WhiteHat
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationDeveloping RESTful Services Using JAX-RS
Developing RESTful Services Using JAX-RS Bibhas Bhattacharya CTO, Web Age Solutions Inc. April 2012. Many Flavors of Services Web Services come in all shapes and sizes XML-based services (SOAP, XML-RPC,
More informationUnder the hood testing - Code Reviews - - Harshvardhan Parmar
Under the hood testing - Code Reviews - - Harshvardhan Parmar In the news September 2011 A leading bank s Database hacked (SQLi) June 2011 Sony hack exposes consumer passwords (SQLi) April 2011 Sony sites
More informationE : Web Application Servers. Architecture and Design
E6998-04: Web Application Servers Dr. Donald F. Ferguson, IBM Fellow Chief Architect, IBM Software Group dff@us.ibm.com, or donff2@aol.com BLOG: http://www.ibm.com/developerworks/blogs/page/donferguson
More informationCreating OData Custom Composite Keys
Creating OData Custom Composite Keys 1993, 2016 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without
More informationQ WEB APPLICATION ATTACK STATISTICS
WEB APPLICATION ATTACK STATISTICS CONTENTS Introduction...3 Results at a glance...4 Web application attacks: statistics...5 Attack types...5 Attack trends...8 Conclusions... 11 2 INTRODUCTION This report
More informationIEEE Sec Dev Conference
IEEE Sec Dev Conference #23, Improving Attention to Security in Software Design with Analytics and Cognitive Techniques Jim Whitmore (former) IBM Distinguished Engineer Carlisle, PA jjwhitmore@ieee.org
More informationINTRODUCTION TO THE BUSINESS DATA CATALOG (BDC) IN MICROSOFT OFFICE SHAREPOINT SERVER 2007 (MOSS)
INTRODUCTION TO THE BUSINESS DATA CATALOG (BDC) IN MICROSOFT OFFICE SHAREPOINT SERVER 2007 (MOSS) BY BRETT LONSDALE, MCSD.NET, MCT COMBINED KNOWLEDGE WWW.COMBINED-KNOWLEDGE.COM BRETT@COMBINED-KNOWLEDGE.COM
More information