I'll present The XSS Epidemic: Discovery, Disclosure, and Remediation at the 2008 ISSA NW Regional Security Conference on April 23rd, 2008, in Olympia, WA:
In the same mindset of a "month of browser, Mac OS X, PHP, etc. bugs" I challenged myself to find and report as many XSS (cross site scripting) vulnerabilities as possible in a 30 day period. The result was well more than 100 vulnerabilities in sites ranging from General Motors to George Mason University, 6 Secunia/CVE advisories for weak software, and a raging debate over the value of ScanAlert’s Hacker Safe label.
Our discussion will include a technical dive into this epidemic, including methodology, tools, examples, inherent risks, and the need to aid the Internet community in remediating this issue as well other web application security lapses.
I'll also present Malcode Analysis Techniques for Incident Handlers at the 20th Annual FIRST Conference in Vancouver, B.C. on June 25th, 2008. Details here.
In the same mindset of a "month of browser, Mac OS X, PHP, etc. bugs" I challenged myself to find and report as many XSS (cross site scripting) vulnerabilities as possible in a 30 day period. The result was well more than 100 vulnerabilities in sites ranging from General Motors to George Mason University, 6 Secunia/CVE advisories for weak software, and a raging debate over the value of ScanAlert’s Hacker Safe label.
Our discussion will include a technical dive into this epidemic, including methodology, tools, examples, inherent risks, and the need to aid the Internet community in remediating this issue as well other web application security lapses.
I'll also present Malcode Analysis Techniques for Incident Handlers at the 20th Annual FIRST Conference in Vancouver, B.C. on June 25th, 2008. Details here.
