AppSecEU08 Office 2.0: Software as a Service, Security on the Sidelines

Presentation Abstract
Online office suites have proliferated over the last year, improving drastically and providing feasible alternatives to traditional desktop office software in the form of Google Docs, ThinkFree and Zoho. Securing these services presents interesting challenges: web application vulnerabilities intersect the world of macro-viruses, 0-day file format flaws and phone home bugs.

This presentation discusses "Office 2.0" threats demonstrating real world vulnerabilities borne out of the presenter's research. It will cover the following areas:


 * Assessing the attack surface of online office suites
 * Exploiting the awkward problem of file system access
 * Weaknesses in document collaboration implementations
 * Phone home bugs and advanced document tracking

Though the focus is on online office suites, the concerns raised and addressed during this session apply equally well to all Web 2.0 applications.

John Heasman