March 2007 CapBUG Talk
April 23rd, 2007 by jdixon
Mistakes to Lure Hackers: Vulnerability 2.0
Matt Fisher, SPI Dynamics
March 27, 2007
Matt Fisher presented his talk entitled Mistakes to Lure Hackers: Vulnerability 2.0 at the CapBUG meeting in Columbia, MD. Matt introduced the audience to modern web application vulnerabilities including cross-site scripting, SQL injection and even “blind” SQL injection.
Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we’ll examine some of the factors going into the “new web” that makes them so vulnerable to script attacks.
Editor’s Note: I personally saw this talk in NYC and am very grateful Matt was able to present it again for our group. This was the first MetaBUG video recording/streaming, and the quality suffers a bit. We have learned quite a bit from just our first session and expect that future presentations will be much improved in both video and audio quality.
[MP4] Mistakes to Lure Hackers: Vulnerability 2.0 - 95MB
The video is also available at Google Video.
© 2007. Some rights reserved. You are free to copy, distribute, display and link to the work under the following conditions: you must attribute the work to the author, Matt Fisher, SPI Dynamics.
Category: Talks | No Comments »
