April 23rd, 2007 by jdixon
Mistakes to Lure Hackers: Vulnerability 2.0
Matt Fisher, SPI Dynamics
March 27, 2007
Matt Fisher presented his talk entitled Mistakes to Lure Hackers: Vulnerability 2.0 at the CapBUG meeting in Columbia, MD. Matt introduced the audience to modern web application vulnerabilities including cross-site scripting, SQL injection and even “blind” SQL injection.
Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we’ll examine some of the factors going into the “new web” that makes them so vulnerable to script attacks.
Editor’s Note: I personally saw this talk in NYC and am very grateful Matt was able to present it again for our group. This was the first MetaBUG video recording/streaming, and the quality suffers a bit. We have learned quite a bit from just our first session and expect that future presentations will be much improved in both video and audio quality.
[MP4] Mistakes to Lure Hackers: Vulnerability 2.0 – 95MB
The video is also available at Google Video.
© 2007. Some rights reserved. You are free to copy, distribute, display and link to the work under the following conditions: you must attribute the work to the author, Matt Fisher, SPI Dynamics.
Category: Talks |
No Comments »
March 31st, 2007 by merdely
| April 3, 2007 |
| 7:00 pm | to | 9:00 pm |
Location:
ASU, Tempe Center Map
Time:
April 3, 2007: 7:00 PM – 9:00 PM PST
Details:
This month is a Mystery Presentation! Either Darren Spruell, Darrin Chandler, or some random person will be presenting LDAP or something completely unrelated to LDAP! Chances are good that we’ll be meeting at GIOS, at ASU’s Tempe Center. This month’s presentation will also be broadcast live over the Internet, unless it isn’t.
Whatever happens, it is EXTREMELY likely that we’ll meet for libations and grub after the presentation at Casey Moore’s Oyster House.
Tempe Center is located on the Southeast corner of Mill Ave & University Dr. GIOS is in the Southeast corner of the plaza. Free parking beginning at 7pm MST (not MDT).
Note: the meeting starts at 02:00 UTC.
Category: Events, Meetings |
No Comments »
March 31st, 2007 by merdely
| April 24, 2007 |
| 6:30 pm | to | 8:30 pm |
Fresh off his interview with Will Backman on bsdtalk, Jason will be giving a talk and demonstration on PF, CARP and pfsync at the April CapBUG meeting. The demonstration will include using two Soekris embedded devices with OpenBSD configured as a redundant carp pair. Though highly dramatic, I doubt Jason will use the infamous “axe” technique to show failover. I guess it depends on how much caffeine he had that day.
Due to the availability of equipment, we will hold this month’s meeting at Raba in Columbia, MD at 6:30 PM EDT. We will again broadcast this talk as part of MetaBUG.
Note: the meeting starts at 22:30 UTC.
Category: Events, Meetings |
No Comments »
March 28th, 2007 by dwc
| April 3, 2007 |
| 7:00 pm | to | 10:00 pm |
Peter Hessler will be exploring xenocara, the new modular X, which has now replaced the old XF4 in OpenBSD-current. See SFOBUG for location and other details.
Note: the meeting starts at 02:00 UTC.
Category: Events, Meetings |
No Comments »
