Tutorial By hamiel-moyer
Preview:
Like most folks of a security bent (and if you’re reading this, that probably
means you), we’ve spent a lot of time watching Web 2.0 with bemusement.
Promiscuous sharing of information, client-side Javascript goop, blogging,
mini-blogging, micro-blogging, vlogging, social nets and social media have all given
the web much of what the starry-eyed latte-chugging idealists of Web 1.0 and the
dot-bomb boom were yammering on about ten years ago: a platform for anyone to
create content, to connect, to share, and to carve out a little space for themselves
and a few million of their closest friends.
All of the above, of course, seems to run absolutely orthogonal to everything
those of us in InfoSec preach: “Validate all user input. Authenticate and tokenize
everything. Sanitize all output. Audit the crap out of anything before it goes live.
Limit functionality to core functional requirements. Trust no one.”
Download Link: https://www.ihteam.net/papers/defcon-16-Attacking-Social-Networks.pdf