This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

AppSecEU08 Office 2.0: Software as a Service, Security on the Sidelines

Jump to: navigation, search

Presentation Abstract

Online office suites have proliferated over the last year, improving drastically and providing feasible alternatives to traditional desktop office software in the form of Google Docs, ThinkFree and Zoho. Securing these services presents interesting challenges: web application vulnerabilities intersect the world of macro-viruses, 0-day file format flaws and phone home bugs.

This presentation discusses "Office 2.0" threats demonstrating real world vulnerabilities borne out of the presenter's research. It will cover the following areas:

  • Assessing the attack surface of online office suites
  • Exploiting the awkward problem of file system access
  • Weaknesses in document collaboration implementations
  • Phone home bugs and advanced document tracking

Though the focus is on online office suites, the concerns raised and addressed during this session apply equally well to all Web 2.0 applications.

John Heasman