[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006)
- From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006)
- Date: Mon, 31 Jul 2006 12:06:40 -0700
--Apple-Mail-24--28058972
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
I created an iCal Calendar (ICS) for myself that includes all the
webappsec talks at Black Hat. I figured other OS X users on the list
might also find it useful. Enjoy.
Regards,
Jeremiah Grossman
--Apple-Mail-24--28058972
Content-Transfer-Encoding: quoted-printable
Content-Type: text/calendar;
x-unix-mode=0644;
name=WebAppSec - Black Hat USA 2006.ics
Content-Disposition: attachment;
filename="WebAppSec - Black Hat USA 2006.ics"
BEGIN:VCALENDAR=0D=0AVERSION:2.0=0D=0AX-WR-CALNAME:WebAppSec=20-=20Black=20=
Hat=20USA=202006=0D=0APRODID:-//Apple=20Computer\,=20Inc//iCal=202.0//EN=0D=
=0AX-WR-RELCALID:02F45F8A-186D-49AB-B6C1-2967248EECF8=0D=0A=
X-WR-TIMEZONE:US/Pacific=0D=0ACALSCALE:GREGORIAN=0D=0AMETHOD:PUBLISH=0D=0A=
BEGIN:VTIMEZONE=0D=0ATZID:US/Pacific=0D=0ALAST-MODIFIED:20060731T182613Z=0D=
=0ABEGIN:DAYLIGHT=0D=0ADTSTART:20060402T100000=0D=0ATZOFFSETTO:-0700=0D=0A=
TZOFFSETFROM:+0000=0D=0ATZNAME:PDT=0D=0AEND:DAYLIGHT=0D=0ABEGIN:STANDARD=0D=
=0ADTSTART:20061029T020000=0D=0ATZOFFSETTO:-0800=0D=0ATZOFFSETFROM:-0700=0D=
=0ATZNAME:PST=0D=0AEND:STANDARD=0D=0AEND:VTIMEZONE=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T100000=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T102000=0D=0ASUMMARY:Finding=20and=20=
Preventing=20Cross-site=20request=20Forgery=0D=0A=
UID:B382E317-E608-4385-BBD2-9AF793F78EE2=0D=0ADTSTAMP:20060707T175539Z=0D=
=0ADESCRIPTION:Tom=20Gallagher\,=20Security=20Test=20Lead\,=20=
Microsoft\n\nThere=20is=20a=0D=0A=20n=20often=20overlooked=20security=20=
design=20flaw=20in=20many=20web=20applications=20today.=20=0D=0A=20Web=20=
applications=20often=20take=20user=20input=20through=20HTML=20forms.=20=
When=20privileg=0D=0A=20ed=20operations=20are=20performed\,=20the=20=
server=20verifies=20the=20request=20is=20from=20an=0D=0A=20=20authorized=20=
user.=20Cross-Site=20Request=20Forgery=20Attacks=20allow=20an=20attacker=20=
t=0D=0A=20o=20coerce=20an=20authorized=20user=20to=20request=20=
privileged=20operations=20of=20the=20atta=0D=0A=20cker=E2=80=99s=20=
choice.=20Learn=20about=20this=20attack\,=20how=20you=20can=20quickly=20=
identify=20th=0D=0A=20ese=20bugs=20in=20web=20applications\,=20common=20=
techniques=20programmers=20use=20prevent=0D=0A=20=20these=20attacks\,=20=
common=20bugs=20in=20some=20of=20these=20preventions\,=20how=20the=20=
atta=0D=0A=20ck=20applies=20to=20SOAP\,=20and=20how=20to=20automate=20=
tests=20to=20verify=20the=20attack=20is=20s=0D=0A=20uccessfully=20=
prevented.=0D=0ASEQUENCE:17=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T161500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T163500=0D=0ASUMMARY:Defending=20Black=20=
Box=20Web=20Applications:=20Building=20an=20Open=20Source=20We=0D=0A=20b=20=
Security=20Gateway=0D=0AUID:9F77BDDB-41C2-4BF0-B983-3DA74C4DC519=0D=0A=
SEQUENCE:12=0D=0ADTSTAMP:20060707T175755Z=0D=0ADESCRIPTION:Shawn=20=
Moyer\,=20CISO\,=20Agura=20Digital=20Security\n\nWeb=20apps=20cont=0D=0A=20=
inue=20to=20be=20the=20soft\,=20white=20underbelly=20of=20most=20=
corporate=20IT=20environments=0D=0A=20.=20While=20the=20optimal=20path=20=
is=20to=20fix=20your=20code\,=20it's=20not=20always=20an=20option=0D=0A=20=
\,=20especially=20for=20closed-source\,=20black-box=20web=20apps=20or=20=
apps=20hosted=20on=20s=0D=0A=20ervers=20that=20you=20can't=20harden=20=
directly.\n\nIf=20you=20have=20an=20app=20in=20your=20dat=0D=0A=20a=20=
center=20that=20your=20CIO=20thinks=20is=20the=20greatest=20thing=20=
since=20Microsoft=20Golf=0D=0A=20\,=20but=20is=20really=20the=20HTTP=20=
equivalent=20of=20a=20big=20flashing=20=E2=80=9Cown=20me=E2=80=9D=20=
sign\,=20t=0D=0A=20his=20talk=20is=20for=20you.\n\nWe'll=20walk=20=
through=20the=20process=20of=20configuring=20a=20=0D=0A=20caching\,=20=
content=20filtering=20/=20scanning=20(POST/GET/header/HTML/XHTML/XML)=20=0D=
=0A=20and=20traffic=20sanitizing=20/=20rewriting=20front=20end=20HTTP=20=
gateway=20that=20also=20trie=0D=0A=20s=20to=20frustrate=20web=20scans=20=
and=20HTTP=20fingerprinting.=20I'm=20releasing=20some=20bui=0D=0A=20ld=20=
scripts=20to=20do=20most=20of=20the=20heavy=20lifting=20as=20well.=0D=0A=
END:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T134500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T150000=0D=0ASUMMARY:Breaking=20AJAX=20=
Web=20Applications:=20Vulns=202.0=20in=20Web=202.0=0D=0A=
UID:643678FF-D6A7-4C48-93A5-D8049C6C2D35=0D=0ASEQUENCE:5=0D=0A=
DTSTAMP:20060707T172521Z=0D=0ADESCRIPTION:Alex=20Stamos\,=20Principal=20=
Partner\,=20iSEC=20Partners\nZane=20Lackey=0D=0A=20\,=20Security=20=
Consultant\,=20iSEC=20Partners\n\nThe=20Internet=20industry=20is=20curre=0D=
=0A=20ntly=20riding=20a=20new=20wave=20of=20investor=20and=20consumer=20=
excitement\,=20much=20of=20whi=0D=0A=20ch=20is=20built=20upon=20the=20=
promise=20of=20=E2=80=9CWeb=202.0=E2=80=9D=20technologies=20giving=20us=20=
faster\=0D=0A=20,=20more=20exciting\,=20and=20more=20useful=20web=20=
applications.=20One=20of=20the=20fundament=0D=0A=20als=20of=20=E2=80=9CWeb=
=202.0=E2=80=9D=20is=20known=20as=20Asynchronous=20JavaScript=20and=20=
XML=20(AJAX)\,=20wh=0D=0A=20ich=20is=20an=20amalgam=20of=20techniques=20=
developers=20can=20use=20to=20give=20their=20applica=0D=0A=20tions=20the=20=
level=20of=20interactivity=20of=20client-side=20software=20with=20the=20=
platfo=0D=0A=20rm-independence=20of=20JavaScript.\n\nUnfortunately\,=20=
there=20is=20a=20dark=20side=20t=0D=0A=20o=20this=20new=20technology=20=
that=20has=20not=20been=20properly=20explored.=20The=20tighter=20i=0D=0A=20=
ntegration=20of=20client=20and=20server=20code\,=20as=20well=20as=20the=20=
invention=20of=20much=20=0D=0A=20richer=20downstream=20protocols=20that=20=
are=20parsed=20by=20the=20web=20browser=20has=20creat=0D=0A=20ed=20new=20=
attacks=20as=20well=20as=20made=20classic=20web=20application=20attacks=20=
more=20diff=0D=0A=20icult=20to=20prevent.\n\nWe=20will=20discuss=20XSS\,=20=
Cross-Site=20Request=20Forgery=20(X=0D=0A=20SRF)\,=20parameter=20=
tampering=20and=20object=20serialization=20attacks=20in=20AJAX=20appl=0D=0A=
=20ications\,=20and=20will=20publicly=20release=20an=20AJAX-based=20XSRF=20=
attack=20framework=0D=0A=20.=20We=20will=20also=20be=20releasing=20a=20=
security=20analysis=20of=20several=20popular=20AJAX=20=0D=0A=20=
frameworks\,=20including=20Microsoft=20Atlas\,=20JSON-RPC=20and=20SAJAX.=20=
The=20talk=20wi=0D=0A=20ll=20include=20live=20demos=20against=20=
vulnerable=20web=20applications\,=20and=20will=20be=20=0D=0A=20=
appropriate=20for=20attendees=20with=20a=20basic=20understanding=20of=20=
HTML=20and=20JavaScr=0D=0A=20ipt.=20=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=
=0ADTSTART;TZID=3DUS/Pacific:20060802T134500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060802T150000=0D=0ASUMMARY:Taming=20Bugs:=20=
The=20Art=20and=20Science=20of=20Writing=20Secure=20Code=0D=0A=
UID:2AE93BAF-5855-45F9-AAA2-30F77BE079B5=0D=0ASEQUENCE:6=0D=0A=
DTSTAMP:20060707T174539Z=0D=0ADESCRIPTION:Paul=20B=C3=B6hm\,=20Lord=20=
Protector=20and=20Defender=20of=20the=20Crown=20at=20SEC-=0D=0A=20=
Consult\n\nIf=20you=20give=20a=20thousand=20programmers=20the=20same=20=
task=20and=20the=20same=0D=0A=20=20tools\,=20chances=20are=20a=20lot=20=
of=20the=20resulting=20programs=20will=20break=20on=20the=20s=0D=0A=20=
ame=20input.=20Writing=20secure=20code=20isn't=20just=20about=20avoiding=20=
bugs.=20Programmi=0D=0A=20ng=20is=20as=20much=20about=20People=20as=20it=20=
is=20about=20Code=20and=20Techniques.=20This=20talk=0D=0A=20=20will=20=
look=20deeper\,=20beyond=20the=20common=20bug=20classes\,=20and=20=
provide=20explanat=0D=0A=20ions=20for=20why=20programmers=20are=20prone=20=
to=20making=20certain=20mistakes.=20New=20strat=0D=0A=20egies=20for=20=
taming=20common=20bug=20sources=20will=20be=20presented.=20Among=20these=20=
are=20T=0D=0A=20ypedStrings=20for=20dealing=20with=20Injection=20Bugs=20=
(XSS\,=20SQL\,=20...)\,=20and=20Path=0D=0A=20=20Normalization=20to=20=
deal=20with=20Path=20Traversal.=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T151500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T153500=0D=0ASUMMARY:Finding=20Gold=20in=20=
the=20Browser=20Cache=0D=0AUID:E3068E4A-BED1-4B00-9B4C-6B86C1155CD1=0D=0A=
SEQUENCE:9=0D=0ADTSTAMP:20060707T175729Z=0D=0AEND:VEVENT=0D=0A=
BEGIN:VEVENT=0D=0ADTSTART;TZID=3DUS/Pacific:20060803T164500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T180000=0D=0ASUMMARY:Analysis=20of=20Web=20=
Application=20Worms=20and=20Viruses=0D=0A=
UID:9E865B14-356E-4793-9A37-CF6A69BFE26C=0D=0ASEQUENCE:7=0D=0A=
DTSTAMP:20060707T175830Z=0D=0ADESCRIPTION:Billy=20Hoffman\,=20Security=20=
Researcher\,=20SPI=20Dynamics\,=20Inc.\n\=0D=0A=20nWorms=20traditionally=20=
propagate=20by=20exploiting=20a=20vulnerability=20in=20an=20OS=20or=0D=0A=
=20=20an=20underlying=20service.=202005=20saw=20the=20release=20in=20the=20=
wild=20of=20the=20first=20wo=0D=0A=20rms=20that=20propagate=20by=20=
exploiting=20vulnerabilities=20in=20web=20applications=20ser=0D=0A=20ved=20=
by=20simple=20http=20daemons.=20With=20the=20near=20ubiquity=20of=20W3C=20=
compliant=20web=20=0D=0A=20browsers=20and=20advances=20in=20dynamic=20=
content=20generation=20and=20client-side=20tech=0D=0A=20nologies=20like=20=
AJAX\,=20major=20players=20like=20Google\,=20Yahoo\,=20and=20Microsoft=20=
a=0D=0A=20re=20creating=20powerful=20application=20accessible=20only=20=
through=20web=20browsers.=20T=0D=0A=20he=20security=20risks=20of=20web=20=
applications=20are=20already=20largely=20neglected.=20The=0D=0A=20=20=
discovery=20of=20programs=20that=20automatically=20exploit=20web=20=
applications=20and=20s=0D=0A=20elf-replicate=20will=20only=20make=20the=20=
situation=20worse.\n\nThis=20presentation=20w=0D=0A=20ill=20analyze=20=
the=20scope=20of=20these=20new=20threats.=20First=20we=20will=20examine=20=
how=20We=0D=0A=20b=20Worms=20and=20Viruses=20operate\,=20specifically=20=
focusing=20on=20propagation=20metho=0D=0A=20ds\,=20execution=20paths\,=20=
payload=20threats=20and=20limitations\,=20and=20design=20feat=0D=0A=20=
ures.=20Next=20we=20will=20autopsy=20the=20source=20code=20of=20the=20=
Perl.Sanity=20worm=20and=20t=0D=0A=20he=20MySpace.com=20virus=20to=20=
better=20understand=20how=20these=20programs=20function=20in=0D=0A=20=20=
the=20wild.=20We=20will=20discuss=20the=20shortcomings=20of=20these=20=
two=20attacks\,=20what=20=0D=0A=20that=20tells=20us=20about=20the=20=
author=E2=80=99s=20sophistication\,=20and=20how=20their=20impact=20c=0D=0A=
=20ould=20have=20been=20worse.=20Then=20we=20will=20hypothesize=20two=20=
future=20programs\,=20the=0D=0A=20=20Swogmoh=20worm=20and=20the=201929=20=
virus\,=20and=20discuss=20their=20capabilities=20to=20lea=0D=0A=20rn=20=
how=20these=20threats=20might=20evolve.=20Finally\,=20we=20will=20=
present=20guidelines=20=0D=0A=20for=20implementing=20new=20web=20=
applications=20securely=20to=20resist=20these=20new=20threa=0D=0A=20=
ts.\n\nParticipants=20should=20have=20a=20good=20understanding=20of=20=
the=20different=20HT=0D=0A=20TP=20methods\,=20Javascript\,=20DOM=20=
manipulation=20and=20security\,=20Perl\,=20and=20be=20=0D=0A=20familiar=20=
with=20web=20application=20design.=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060802T151500=0D=0ASUMMARY:Web=20Application=20=
Incident=20Response=20&=20Forensics:=20A=20Whole=20New=20Ball=20=0D=0A=20=
Game!=0D=0AUID:E7B8C99F-D589-40FF-902C-39B3B5AD6643=0D=0ASEQUENCE:4=0D=0A=
DTSTAMP:20060707T174310Z=0D=0ADESCRIPTION:Chuck=20Willis\,=20Senior=20=
Consultant=20at=20Mandiant\nRohyt=20Belani\,=0D=0A=20=20Director\,=20=
Mandiant\n\nWeb=20applications=20are=20normally=20the=20most=20exposed=20=
a=0D=0A=20nd=20the=20most=20easily=20compromised=20part=20of=20an=20=
organization's=20network=20presenc=0D=0A=20e.=20This=20combination=20=
requires=20that=20organizations=20be=20prepared=20for=20web=20appl=0D=0A=20=
ication=20compromises=20and=20have=20an=20efficient=20plan=20for=20=
dealing=20with=20them.=20Un=0D=0A=20fortunately\,=20traditional=20=
techniques=20for=20forensics=20and=20incident=20response=0D=0A=20=20do=20=
not=20take=20into=20account=20the=20unique=20requirements=20of=20web=20=
applications.=20T=0D=0A=20he=20multi-level=20architecture\,=20business=20=
criticality\,=20reliance=20on=20major=20d=0D=0A=20atabase=20and=20=
middleware=20software=20components\,=20and=20custom=20nature=20of=20web=20=
ap=0D=0A=20plications=20all=20create=20unique=20challenges=20for=20the=20=
security=20professional.=20R=0D=0A=20esponding=20to=20a=20web=20=
application=20attack=20brings=20many=20unique=20issues\,=20often=20=0D=0A=
=20with=20no=20clear=20right=20and=20wrong=20answers\,=20but=20this=20=
talk=20will=20provide=20usefu=0D=0A=20l=20information=20to=20guide=20=
attendees=20down=20this=20bumpy=20path.=0D=0ADURATION:PT1H=0D=0A=
END:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T090000=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T095000=0D=0ASUMMARY:Zero=20Day=20=
Subscriptions:=20Using=20RSS=20and=20Atom=20feeds=20As=20Attack=20Deliv=0D=
=0A=20ery=20Systems=0D=0AUID:EC39CC62-0692-4277-8DA8-14B91BC5F6E8=0D=0A=
SEQUENCE:7=0D=0ADTSTAMP:20060707T171825Z=0D=0ADESCRIPTION:Robert=20=
Auger\,=20Security=20Engineer\,=20SPI=20Dynamics=20Inc.\,=20Co-Fo=0D=0A=20=
under\,=20Web=20Application=20Security=20Consortium\nCaleb=20Sima\,=20=
CTO=20and=20Co-Fou=0D=0A=20nder\,=20SPI=20Dynamics\n\nThis=20=
presentation=20will=20discuss=20the=20use=20of=20RSS=20and=0D=0A=20=20=
Atom=20feeds=20as=20method=20of=20delivering=20exploits=20to=20client=20=
systems.=20In=20our=20r=0D=0A=20esearch=20we=20have=20found=20a=20number=20=
of=20RSS=20clients\,=20both=20local=20and=20web-based=0D=0A=20\,=20that=20=
are=20far=20too=20trusting=20of=20the=20content=20that=20is=20delivered=20=
via=20feeds.=0D=0A=20=20Although=20this=20content=20arrives=20as=20=
well-formed=20XML\,=20fundamentally=20it=20ori=0D=0A=20ginated=20as=20=
user=20input=20elsewhere.=20Like=20any=20such=20data\,=20it=20can=20=
contain=20mal=0D=0A=20icious=20and=20mal-formed=20content\,=20yet=20many=20=
clients=20fail=20to=20guard=20against=20t=0D=0A=20his.=20And=20though=20=
such=20content=20by=20definition=20originates=20remotely\,=20many=20cl=0D=
=0A=20ients=20use=20methods=20of=20display=20that=20cause=20it=20to=20be=20=
trusted=20as=20if=20it=20were=20l=0D=0A=20ocally=20originated.=20\n\nAs=20=
RSS=20becomes=20more=20ubiquitous\,=20the=20scope=20of=20thi=0D=0A=20s=20=
problem=20becomes=20worse.=20Many=20RSS=20feeds=20are=20machine=20=
generated=20from=20conte=0D=0A=20nt=20originating=20in=20other=20feeds\,=20=
search=20engine=20results\,=20and=20so=20on.=20This=20=0D=0A=20means=20=
that=20feed=20subscribers=20can=20even=20be=20targeted=20without=20them=20=
actually=20s=0D=0A=20ubscribing=20to=20your=20feed=20at=20all.=20This=20=
has=20potential=20uses=20for=20worm=20propaga=0D=0A=20tion\,=20botnet=20=
creation\,=20and=20other=20forms=20of=20attack.=0D=0AEND:VEVENT=0D=0A=
BEGIN:VEVENT=0D=0ADTSTART;TZID=3DUS/Pacific:20060803T151500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T163000=0D=0ASUMMARY:Six=20Degrees=20of=20=
XSSploitation=0D=0AUID:5C4F682B-6009-4014-A4AD-EA21D3319F9C=0D=0A=
SEQUENCE:20=0D=0ADTSTAMP:20060707T175723Z=0D=0ADESCRIPTION:Dan=20Moniz\,=20=
Member\,=20The=20Shmoo=20Group\nHD=20Moore\,=20Director=20of=0D=0A=20=20=
Security=20Research=20for=20BreakingPoint=20Systems\,=20Founder\,=20The=20=
Metasploit=20=0D=0A=20Project\n\nSocial=20networking=20sites=20such=20as=20=
MySpace=20have=20recently=20been=20th=0D=0A=20e=20target=20of=20XSS=20=
attacks\,=20most=20notably=20the=20\"samy=20is=20my=20hero\"=20incident=20=
=0D=0A=20in=20late=202005.=20XSS=20affects=20a=20wide=20variety=20of=20=
sites=20and=20back=20end=20web=20techn=0D=0A=20ologies\,=20but=20there=20=
are=20perhaps=20no=20more=20interesting=20targets=20than=20massive=0D=0A=20=
ly=20popular=20sites=20with=20viral=20user=20acquisition=20growth=20=
curves\,=20which=20allow=0D=0A=20=20for=20exponential=20XSS=20worm=20=
propagation\,=20as=20seen=20in=20samy's=20hack.=20Combine=20=0D=0A=20the=20=
power=20of=20reaching=20a=20wide=20and=20ever-widening=20audience=20with=20=
browser=20exp=0D=0A=20loits=20(based=20on=20the=20most=20common=20=
browsers=20with=20such=20a=20broad=20\"normal=20pers=0D=0A=20on\"=20user=20=
base)=20that=20can=20affect=20more=20than=20just=20the=20browser=20as=20=
we=20saw=20wit=0D=0A=20h=20WMF\,=20a=20insertion=20and=20infection=20=
method=20based=20on=20transparent=20XSS\,=20and=20=0D=0A=20payloads=20=
which=20can=20themselves=20round-trip=20the=20exploit=20code=20back=20=
into=20the=20=0D=0A=20same=20or=20other=20vulnerable=20sites\,=20and=20=
you=20have=20a=20self-healing=20distributed=0D=0A=20=20worm=20=
propagation=20platform=20with=20extremely=20accelerated=20infection=20=
vectors.=0D=0A=20\n\nWe=20investigate=20the=20possibilities=20using=20=
MySpace=20and=20other=20popular=20sit=0D=0A=20es=20as=20case=20studies\,=20=
along=20with=20the=20potential=20posed=20by=20both=20WMF=20and=20The=20=0D=
=0A=20Metasploit=20Project's=20recently-released=20browser=20fuzzing=20=
tool\,=20Hamachi\,=20=0D=0A=20to=20own=20a=20site=20with=20=
self-replicating=20XSS=20containing=20a=20malicious=20browser-e=0D=0A=20=
xploiting=20payload=20which=20itself=20will=20modify=20the=20browser=20=
to=20auto-exploit=20o=0D=0A=20ther=20sites\,=20all=20transparent=20to=20=
the=20user.=20On=20top=20of=20this=20one=20could=20layer=0D=0A=20=20any=20=
additional=20functionality\,=20some=20loud\,=20some=20quiet\,=20such=20=
as=20DDoS=20bo=0D=0A=20ts\,=20keyloggers\,=20other=20viral=20payloads\,=20=
and=20more.=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060802T181500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060802T213000=0D=0ASUMMARY:WASC=20meetup=0D=0A=
UID:F6887E24-21C4-4578-AF21-F90C3C8A403C=0D=0ASEQUENCE:6=0D=0A=
DTSTAMP:20060731T182506Z=0D=0ADESCRIPTION:Whenever=20there=20are=20lots=20=
of=20webappsec=20presentations=20and=20peopl=0D=0A=20e=20in=20the=20same=20=
place\,=20it's=20a=20good=20opportunity=20for=20members=20of=20the=20=
communi=0D=0A=20ty=20to=20meet-up.=20As=20we=20did=20last=20year\,=20=
tucked=20in=20between=20the=20first=20day=20tal=0D=0A=20ks=20and=20=
before=20the=20vendor=20parties\,=20we=20gather=20to=20share=20drinks\,=20=
war=20stori=0D=0A=20es\,=20gossip\,=20techno=20babble\,=20and=20some=20=
laughs.=20With=20the=20amount=20web=20appli=0D=0A=20cation=20security=20=
stuff=20going=20on=20at=20the=20conference\,=20our=204th=20WASC=20=
meet-up=20=0D=0A=20should=20be=20the=20biggest=20ever!\n\nEveryone=20is=20=
welcome=20and=20please=20drop=20me=20an=0D=0A=20=20email=20if=20you=20=
plan=20on=20attending.\n\nPlace:=20Shadow=20bar=20at=20Caesars\nhttp:/=0D=
=0A=20=
/www.caesars.com/Caesars/LasVegas/Dining/BarsLounges/ShadowBar.htm\n=0D=0A=
END:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T093000=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T095000=0D=0ASUMMARY:MatriXay=E2=80=94When=
=20WebApp&Database=20Security=20Pen-Test/Audit=20Is=20a=20Joy=0D=0A=
UID:A1538AB0-D0CB-4DFA-BBE1-E85BC0A0B139=0D=0ASEQUENCE:11=0D=0A=
DTSTAMP:20060707T175115Z=0D=0ADESCRIPTION:Yuan=20Fan\,=20Founder\,=20=
DBAppSecurity=20Inc.=20\nXiao=20Rong\n\nThis=20=0D=0A=20topic=20will=20=
present=20a=20new=20web-app/DB=20pen-test=20tool.=20This=20tool=20=
supports=20bo=0D=0A=20th=20proxy=20(passive)=20mode=20as=20well=20as=20=
direct=20URL=20targeting.=20It=20is=20a=20mixed=20W=0D=0A=20eb=20App=20=
SQL=20Injection=20systematic=20pen-test=20and=20WebApp/Database=20=
scanner/aud=0D=0A=20iting-style=20tool=20and=20supports=20most=20popular=20=
databases=20used=20by=20web=20applica=0D=0A=20tions=20such=20as=20=
Oracle\,=20SQL=20Server\,=20Access=20and=20DB2.=20It=20has=20many=20=
unique=20f=0D=0A=20eatures=20from=20web=20app=20backend=20Database=20=
automatic=20detection=20to=20the=20ability=0D=0A=20=20to=20browse=20=
database=20objects=20(without=20the=20need=20to=20ask=20for=20a=20=
passwords\,=20o=0D=0A=20f=20course)\,=20to=20the=20ability=20to=20=
locate/search=20for=20any=20sensitive=20content=20in=0D=0A=20side=20the=20=
DB=20and=20find=20more=20vulnerability=20points=20from=20source=20as=20=
well=20as=20pr=0D=0A=20ivilege=20escalation.=0D=0AEND:VEVENT=0D=0A=
BEGIN:VEVENT=0D=0ADTSTART;TZID=3DUS/Pacific:20060802T111500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060802T123000=0D=0ASUMMARY:A=20Tale=20of=20Two=20=
Proxies=0D=0AUID:FAAD8E08-6D58-4622-8089-E00F9807F416=0D=0ASEQUENCE:4=0D=0A=
DTSTAMP:20060707T173622Z=0D=0ADESCRIPTION:SensePost\n\nDuring=20this=20=
presentation=20SensePost=20will=20discuss=0D=0A=20=20and=20demonstrate=20=
two=20pieces=20of=20new=20technology=20-=20the=20Suru=20WebProxy=20and=20=
th=0D=0A=20e=20SP_LR=20Generic=20network=20proxy.\n\nThe=20Suru=20web=20=
proxy=20is=20an=20inline=20web=20pr=0D=0A=20oxy=20(the=20likes=20of=20=
Paros\,=20@stake=20webproxy=20and=20Webscarab)=20and=20offers=20the=20=0D=
=0A=20analyst=20unparalleled=20functionality.=20Are=20the=20days=20of=20=
the=20web=20proxy=20counte=0D=0A=20d?=20Is=20there=20really=20room=20for=20=
another=20web=20proxy?=20Come=20to=20their=20presentatio=0D=0A=20n=20and=20=
see=20what=20happened=20when=20the=20guys=20at=20SensePost=20decided=20=
to=20develop=20a=20=0D=0A=20proxy=20with=20punch.\n\nSP_LR=20is=20a=20=
generic=20proxy=20framework=20that=20can=20be=20used=0D=0A=20=20for=20=
malware=20analysis\,=20fuzzing=20or=20just=20the=20terminally=20curious.=20=
Its=20a=20ti=0D=0A=20ny\,=20generic=20proxy=20built=20on=20open-source=20=
tools=20with=20extensibility=20in=20mind=0D=0A=20=20at=20a=20low=20low=20=
price=20(GPL=20-=20Free=20as=20in=20beer).\n\nBoth=20proxies=20serve=20=
disti=0D=0A=20nct=20masters=20and=20will=20be=20valuable=20tools=20in=20=
any=20analysts=20arsenal..=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T111500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T123000=0D=0ASUMMARY:Ajax=20(in)security=0D=
=0AUID:1E18806A-B826-4331-B35D-26F513AA74D0=0D=0ASEQUENCE:4=0D=0A=
DTSTAMP:20060707T172342Z=0D=0ADESCRIPTION:Billy=20Hoffman\,=20Security=20=
Researcher\,=20SPI=20Dynamics\,=20Inc.\n\=0D=0A=20nAjax=20can=20mean=20=
different=20things=20to=20different=20people.=20To=20a=20user\,=20Ajax=20=
me=0D=0A=20ans=20smooth=20web=20applications=20like=20Google=20Maps=20or=20=
Outlook=20Web=20Access.=20To=20a=0D=0A=20=20developer\,=20Ajax=20=
provides=20methods=20to=20enrich=20a=20user's=20experience=20with=20a=20=0D=
=0A=20web=20application=20by=20reducing=20latency=20and=20offloading=20=
complex=20tasks=20on=20the=20=0D=0A=20client.=20To=20an=20information=20=
architect\,=20Ajax=20means=20fundamentally=20changing=20=0D=0A=20the=20=
design=20of=20web=20applications=20so=20they=20span=20both=20client=20=
and=20server.=20To=20t=0D=0A=20he=20security=20professional\,=20Ajax=20=
makes=20life=20difficult=20by=20increasing=20the=20a=0D=0A=20ttack=20=
surface=20of=20web=20applications=20and=20exposing=20internal=20logic=20=
layers=20to=20=0D=0A=20the=20entire=20network.=20With=2070%=20of=20=
attacks=20coming=20through=20the=20application=20l=0D=0A=20ayer\,=20Ajax=20=
makes=20the=20job=20of=20securing=20web=20applications=20that=20much=20=
harder.=0D=0A=20\n\nThis=20presentation=20will=20comprehensively=20=
discuss=20the=20fundamental=20secur=0D=0A=20ity=20issues=20of=20Ajax=20=
These=20include=20browser/server=20interact=20issues\,=20applic=0D=0A=20=
ation=20design=20issues\,=20vulnerabilities=20in=20work-arounds=20like=20=
Ajax=20bridges\=0D=0A=20,=20and=20how=20the=20hype=20surrounding=20Web=20=
2.0=20applications=20is=20making=20things=20wor=0D=0A=20se.=20=
Specifically=20we=20will=20examine=20the=20different=20attack=20=
methodologies=20used=0D=0A=20=20against=20Ajax=20applications\,=20how=20=
Ajax=20increases=20the=20danger=20of=20XSS=20attack=0D=0A=20s\,=20the=20=
dangers=20of=20exposing=20your=20application=20logic=20layer=20to=20the=20=
network\=0D=0A=20,=20how=20bridges=20can=20be=20used=20to=20exploit=20=
3rd=20party=20sites\,=20and=20more=20.=20Finall=0D=0A=20y=20we=20discuss=20=
how=20to=20properly=20design=20an=20Ajax=20application=20to=20avoid=20=
these=20s=0D=0A=20ecurity=20issues=20and=20demonstrate=20methods=20to=20=
secure=20existing=20applications.\=0D=0A=20n\nParticipates=20should=20=
have=20a=20good=20understanding=20of=20HTTP\,=20JavaScript\,=20=0D=0A=20=
and=20be=20familiar=20with=20web=20application=20design.=0D=0AEND:VEVENT=0D=
=0ABEGIN:VEVENT=0D=0ADTSTART;TZID=3DUS/Pacific:20060802T134500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060802T150000=0D=0ASUMMARY:SQL=20Injections=20=
by=20Truncation=0D=0AUID:88A0FBD7-1020-4496-A6A2-259C0B56BD35=0D=0A=
SEQUENCE:6=0D=0ADTSTAMP:20060707T173740Z=0D=0ADESCRIPTION:Bala=20=
Neerumalla\,=20Security=20Software=20Developer\,=20Microsoft\n\=0D=0A=20=
nIn=20this=20talk\,=20I=20will=20discuss=20some=20ways=20to=20circumvent=20=
common=20mitigation=0D=0A=20s=20of=20SQL=20Injection=20vulnerabilities=20=
in=20dynamic=20SQL.=20I=20will=20then=20suggest=20w=0D=0A=20ays=20to=20=
protect=20against=20them.=0D=0AEND:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T100000=0D=0ASUMMARY:Hacking=20=
Intranet=20Websites=20from=20the=20Outside=20\"JavaScript=20malware=20=0D=
=0A=20just=20got=20a=20lot=20more=20dangerous\"=0D=0A=
UID:4224D28C-F20E-4B8D-9419-9FA7A7808B8A=0D=0ASEQUENCE:10=0D=0A=
DTSTAMP:20060707T175518Z=0D=0ADESCRIPTION:Jeremiah=20Grossman\,=20=
Founder=20and=20CTO=20of=20WhiteHat=20Security\,=20I=0D=0A=20nc.\nT.C.=20=
Niedzialkowski\,=20Sr.=20Security=20Engineer\,=20WhiteHat=20Security\,=20=
I=0D=0A=20nc.\n\nImagine=20you=E2=80=99re=20visiting=20a=20popular=20=
website=20and=20invisible=20JavaScrip=0D=0A=20t=20exploit=20code=20=
steals=20your=20cookies\,=20captures=20your=20keystrokes\,=20and=20moni=0D=
=0A=20tors=20every=20web=20page=20that=20you=20visit.=20Then\,=20without=20=
your=20knowledge=20or=20con=0D=0A=20sent\,=20your=20web=20browser=20is=20=
silently=20hijacked=20to=20transfer=20out=20bank=20funds\=0D=0A=20,=20=
hack=20other=20websites\,=20or=20post=20derogatory=20comments=20in=20a=20=
public=20forum.=20N=0D=0A=20o=20traces\,=20no=20tracks\,=20no=20warning=20=
sirens.=20In=202005=E2=80=99s=20\"Phishing=20with=20Supe=0D=0A=20rbait\"=20=
presentation=20we=20demonstrated=20that=20all=20these=20things=20were=20=
in=20fact=20=0D=0A=20possible=20using=20nothing=20more=20than=20some=20=
clever=20JavaScript.=20And=20as=20bad=20as=20t=0D=0A=20hings=20are=20=
already\,=20further=20web=20application=20security=20research=20is=20=
reveali=0D=0A=20ng=20that=20outsiders=20can=20also=20use=20these=20=
hijacked=20browsers=20to=20exploit=20intran=0D=0A=20et=20=
websites.\n\nMost=20of=20us=20assume=20while=20surfing=20the=20Web=20=
that=20we=20are=20prot=0D=0A=20ected=20by=20firewalls=20and=20isolated=20=
through=20private=20NAT'ed=20IP=20addresses.=20We=20=0D=0A=20assume=20=
the=20soft=20security=20of=20intranet=20websites=20and=20that=20the=20=
Web-based=20int=0D=0A=20erfaces=20of=20routers\,=20firewalls\,=20=
printers\,=20IP=20phones\,=20payroll=20systems\=0D=0A=20,=20etc.=20even=20=
if=20left=20unpatched\,=20remain=20safe=20inside=20the=20protected=20=
zone.=20W=0D=0A=20e=20believe=20nothing=20is=20capable=20of=20directly=20=
connecting=20in=20from=20the=20outside=20=0D=0A=20world.=20Right?=20=
Well\,=20not=20quite.\n\nWeb=20browsers=20can=20be=20completely=20contro=0D=
=0A=20lled=20by=20any=20web=20page\,=20enabling=20them=20to=20become=20=
launching=20points=20to=20attac=0D=0A=20k=20internal=20network=20=
resources.=20The=20web=20browser=20of=20every=20user=20on=20an=20enterp=0D=
=0A=20rise=20network=20becomes=20a=20stepping=20stone=20for=20intruders.=20=
Now\,=20imagine=20visit=0D=0A=20ing=20a=20web=20page=20that=20contains=20=
JavaScript=20malware=20that=20automatically=20recon=0D=0A=20figures=20=
your=20company=E2=80=99s=20routers=20or=20firewalls\,=20from=20the=20=
inside\,=20opening=20=0D=0A=20the=20internal=20network=20up=20to=20the=20=
whole=20world.=20Even=20worse\,=20common=20Cross-Si=0D=0A=20te=20=
Scripting=20vulnerabilities=20make=20it=20possible=20for=20these=20=
attacks=20to=20be=20la=0D=0A=20unched=20from=20just=20about=20any=20=
website=20we=20visit=20and=20especially=20those=20we=20trus=0D=0A=20t.=20=
The=20age=20of=20web=20application=20security=20malware=20has=20begun=20=
and=20it=E2=80=99s=20critic=0D=0A=20al=20that=20understand=20what=20it=20=
is=20and=20how=20to=20defend=20against=20it.\n\nDuring=20th=0D=0A=20is=20=
presentation=20we'll=20demonstrate=20a=20wide=20variety=20of=20=
cutting-edge=20web=20app=0D=0A=20lication=20security=20attack=20=
techniques=20and=20describe=20bestpractices=20for=20secur=0D=0A=20ing=20=
websites=20and=20users=20against=20these=20threats.\n\nYou=E2=80=99ll=20=
see:\n\n=20=20=20=20*=20Po=0D=0A=20rt=20scanning=20and=20attacking=20=
intranet=20devices=20using=20JavaScript\n=20=20=20=20*=20Blind=0D=0A=20=20=
web=20server=20fingerprinting=20using=20unique=20URLs\n=20=20=20=20*=20=
Discovery=20NAT'ed=20IP=20=0D=0A=20addresses=20with=20Java=20Applets\n=20=
=20=20=20*=20Stealing=20web=20browser=20history=20with=20Cas=0D=0A=20=
cading=20Style=20Sheets\n=20=20=20=20*=20Best-practice=20defense=20=
measures=20for=20securing=20w=0D=0A=20ebsites\n=20=20=20=20*=20Essential=20=
habits=20for=20safe=20web=20surfing=20=0D=0ADURATION:PT1H=0D=0A=
END:VEVENT=0D=0ABEGIN:VEVENT=0D=0A=
DTSTART;TZID=3DUS/Pacific:20060803T103000=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T105000=0D=0ASUMMARY:Investigating=20=
Evil=20Websites=20with=20Monkeyspaw:=20The=20Greasemonkey=20Se=0D=0A=20=
curity=20Professional's=20Automated=20Webthinger=0D=0A=
UID:52FDE205-066A-4BA8-84D1-1CEF4A88851F=0D=0ADTSTAMP:20060707T175544Z=0D=
=0ADESCRIPTION:Tod=20Beardsley\,=20Lead=20Counter-Fraud=20Engineer\,=20=
TippingPoint\,=0D=0A=20=20a=20division=20of=203com\n\nMonkeyspaw=20is=20=
a=20unified\,=20single-interface=20set=20of=0D=0A=20=20security-related=20=
website=20evaluation=20tools.=20Implemented=20in=20Greasemonkey\=0D=0A=20=
,=20its=20purpose=20is=20to=20automate=20several=20common=20tasks=20=
employed=20during=20the=20ea=0D=0A=20rly=20steps=20of=20an=20incident=20=
investigation=20involving=20client-side=20exploits.\n=0D=0A=20\nMore=20=
generally\,=20Monkeyspaw=20is=20also=20intended=20to=20demonstrate=20=
some=20of=20th=0D=0A=20e=20more=20interesting=20data=20correlation=20=
capabilities=20of=20Greasemonkey.=20Hopefu=0D=0A=20lly\,=20its=20release=20=
will=20encourage=20more=20security=20application=20development=20i=0D=0A=20=
n=20this=20easy=20to=20use\,=20cross-platform\,=20web-ready=20scripting=20=
environment.\n=0D=0A=20\nAbout=20Greasemonkey:=20Greasemonkey=20is=20=
described=20as=20\"bookmarklets=20on=20cra=0D=0A=20ck\"=20by=20its=20=
primary=20developer\,=20Aaron=20Boodman.=20For=20more=20details\,=20see=20=
hi=0D=0A=20s=20presentation.=0D=0ASEQUENCE:14=0D=0AEND:VEVENT=0D=0A=
BEGIN:VEVENT=0D=0ADTSTART;TZID=3DUS/Pacific:20060803T164500=0D=0A=
DTEND;TZID=3DUS/Pacific:20060803T180000=0D=0ASUMMARY:Case=20Study:=20The=20=
Secure=20Development=20Lifecycle=20and=20Internet=20Explor=0D=0A=20er=20=
7=0D=0AUID:EA603B39-4533-4100-898E-F199BE2A2023=0D=0ASEQUENCE:9=0D=0A=
DTSTAMP:20060707T175832Z=0D=0ADESCRIPTION:Tony=20Chor\,=20Group=20=
Program=20Manager\,=20Internet=20Explorer\,=20Micr=0D=0A=20osoft=20=
Corporation\nRob=20Franco\,=20Security=20Program=20Manager\,=20Internet=20=
Expl=0D=0A=20orer\,=20Microsoft=20Corporation\n\nTony=20Chor=20will=20=
discuss=20Microsoft=E2=80=99s=20secur=0D=0A=20ity=20engineering=20=
methodology=20and=20how=20it=20is=20being=20applied=20to=20the=20=
developme=0D=0A=20nt=20of=20Internet=20Explorer=207.=20He=20will=20=
detail=20key=20vulnerabilities=20and=20attack=0D=0A=20s=20this=20=
methodology=20revealed=20as=20well=20as=20how=20the=20new=20version=20of=20=
IE=20will=20mi=0D=0A=20tigate=20those=20threats=20with=20unique=20=
features=20such=20as=20the=20Phishing=20Filter=20an=0D=0A=20d=20=
Protected=20Mode.=0D=0AEND:VEVENT=0D=0AEND:VCALENDAR=0D=0A=
--Apple-Mail-24--28058972
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
On Jul 31, 2006, at 11:17 AM, contact@webappsec.org wrote:
> Black Hat is only 2 days away and we're expecting a good turn out
> for the 4th
> Web Application Security Consortium (WASC) meet-up! Everyone is
> welcome to
> attend.
>
> Place: Shadow bar at Caesars
> http://www.caesars.com/Caesars/LasVegas/Dining/BarsLounges/
> ShadowBar.htm
>
> Time: Wed, August 2 @ 6:15pm - 9:30
>
> Description:
> Whenever there are lots of webappsec presentations and people in
> the same
> place, it's a good opportunity for members of the community to
> meet-up. As
> we did last year, tucked in between the first day talks and before
> the vendor
> parties, we gather to share drinks, war stories, gossip, techno
> babble, and
> some laughs. With the amount web application security stuff going
> on at the
> conference, our 4th WASC meet-up should be the biggest ever!
>
>
> See everyone there!
>
>
> Regards,
>
> Robert Auger
> WASC Officer
> contact@webappsec.org
>
>
> ----------------------------------------------------------------------
> ------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
--Apple-Mail-24--28058972
Content-Type: text/plain; charset=us-ascii
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
--Apple-Mail-24--28058972--
Brought to you by http://www.webappsec.org
Search this site
|