HNS MAIN FEED
Saturday, 03:23 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
| Webcast: | Is Your Web App Secure? How Do You Know? |
| Date: | 10 September 2003, 1:00 PM EDT |
| Organizer: | SANS - Register here! |
Many computer attackers have moved up the protocol stack to focus exclusively on web application manipulation, and with good reason. In our penetration testing business, we've observed that web applications are the absolute weakest point of security in many organizations, weaker in fact than the underlying operating systems, servers, and other types of software.
Chillingly, home-grown web apps often get far less security scrutiny than commercial software, and are therefore usually even buggier. This must change, as our web applications are usually the home of some of our organizations most sensitive data. This briefing explores common and very damaging web application vulnerabilities, including user input manipulation, cross-site scripting, and SQL injection. We will also discuss a variety of brand-new and tried-and-true tools you can use to test your own web applications for flaws.
Speaker Bios:
Ed Skoudis: Ed Skoudis is a security consultant with International Network Services. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed secure network architectures, and responded to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed is a frequent speaker on issues associated with hacker tools and defenses, and has written the Prentice Hall books Malware: Fighting Malicious Code and Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate.
Caleb Sima: Caleb Sima, co-founder and chief technology officer of SPI Dynamics, focuses on making WebInspect(tm), the company's flagship product line. In addition, he is the director of SPI Labs, the application security research and development group within SPI Dynamics.
Some of Caleb's engineering exploits have gained media attention in publications such as the New York Times and the Washington Post. Furthermore, he has been a speaker at the 2003 Southeast CyberCrime Summit and the 2002 Cyber Security in the Financial Summit.
Chillingly, home-grown web apps often get far less security scrutiny than commercial software, and are therefore usually even buggier. This must change, as our web applications are usually the home of some of our organizations most sensitive data. This briefing explores common and very damaging web application vulnerabilities, including user input manipulation, cross-site scripting, and SQL injection. We will also discuss a variety of brand-new and tried-and-true tools you can use to test your own web applications for flaws.
Speaker Bios:
Ed Skoudis: Ed Skoudis is a security consultant with International Network Services. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed secure network architectures, and responded to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed is a frequent speaker on issues associated with hacker tools and defenses, and has written the Prentice Hall books Malware: Fighting Malicious Code and Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate.
Caleb Sima: Caleb Sima, co-founder and chief technology officer of SPI Dynamics, focuses on making WebInspect(tm), the company's flagship product line. In addition, he is the director of SPI Labs, the application security research and development group within SPI Dynamics.
Some of Caleb's engineering exploits have gained media attention in publications such as the New York Times and the Washington Post. Furthermore, he has been a speaker at the 2003 Southeast CyberCrime Summit and the 2002 Cyber Security in the Financial Summit.
[ Webcasts main page | Archive ]