SEARCH RESULTS
 
Showing 1-6 of 6 records
1
 
Expand article

BlueHat SDL Sessions Wrap-up

2008-12-01 17:51:00 by sdl in The Security Development Lifecycle
 
...Concurrency Attacks on Web Applications by Scott Stender and Alex Vidergar of iSEC Partners Fuzzed Enough? When its OK to Put the Shears Down by Jason Shirk, Dave Weinstein and Lars Opstad, Microsoft Security Science team Real World Code Review Using the Right Tools in the Right Place at the Right Time by Vinnie Liu of Stach & Liu In addition...
 
Tags: sdl sessions, microsoft, microsoft trustworthy, microsoft sdl team, vinnie liu, liu, web applications, matt miller, jason shirk
 
 
 
 
Expand article

BlackHat Picks, Day 2

2008-08-04 17:48:24 by Chris Eng in Zero in a bit
 
...Concurrency Attacks in Web Applications. Option 2: Travis Goodspeed , Side-channel Timing Attacks on MSP430 Microcontroller Firmware 15:15-16:30 Option 1: Alexander Sotirov and Mark Dowd , How To Impress Girls With Browser Memory Protection Bypasses. Option 2: Karsten Nohl , Mifare - Little Security, Despite Obscurity. This is one of the...
 
Tags: day, option, attacks, concurrency attacks, cisco ios forensics, msp430 microcontroller firmware, day job, alexander sotirov, impress girls
 
 
 
 
Expand article

BlackHat Recap

The Article has images
2008-08-12 22:43:18 by Chris Eng in Zero in a bit
...Concurrency Attacks in Web Applications was interesting as well. In a nutshell, spewing thousands of simultaneous requests at web application transactions that are not thread-safe can create interesting problems. In the presentation, Scott ran his demo against a VM running on the attack machine. I found myself wondering how effective the same...
 
Tags: favorite, favorite talk, talk, sotirovdowd talk, scott stenders talk, completely reliable technique, reliable, attack, technique
 
 
 
 
Expand article

BlackHat Recap

The Article has images
2008-08-12 22:43:18 by Chris Eng in Zero in a bit
...Concurrency Attacks in Web Applications was interesting as well. In a nutshell, spewing thousands of simultaneous requests at web application transactions that are not thread-safe can create interesting problems. In the presentation, Scott ran his demo against a VM running on the attack machine. I found myself wondering how effective the same...
 
Tags: favorite, favorite talk, talk, sotirovdowd talk, scott stenders talk, completely reliable technique, reliable, attack, technique
 
 
 
 
Expand article

BlackHat Picks, Day 2

2008-08-04 17:48:24 by Chris Eng in Zero in a bit
 
...Concurrency Attacks in Web Applications. Option 2: Travis Goodspeed , Side-channel Timing Attacks on MSP430 Microcontroller Firmware 15:15-16:30 Option 1: Alexander Sotirov and Mark Dowd , How To Impress Girls With Browser Memory Protection Bypasses. Option 2: Karsten Nohl , Mifare - Little Security, Despite Obscurity. This is one of the...
 
Tags: day, option, attacks, concurrency attacks, cisco ios forensics, msp430 microcontroller firmware, day job, alexander sotirov, impress girls
 
 
 
 
Expand article

SDL Sessions at BlueHat

2008-09-25 16:05:00 by sdl in The Security Development Lifecycle
 
...concurrency vulnerabilities in web applications At this point we will have covered the Design and Implementation phases of the SDL; where better to go from here than Verification? One of the most important activities in the Verification phase is fuzzing, and we have a trio of security experts from the Microsoft Security Science team to talk...
 
Tags: sdl, bluehat, sessions, sdl team, sdl threat, bluehat sdl sessions, bluehat conference, verification phase talks, verification phase
 
 
 
 
 
Showing 1-6 of 6 records
1
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia