Surviving the Week 12/21/12
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The […]
Month: December 2012
XSS & CSRF with HTML5 – Attack, Exploit, and Defense (OWASP AppSecUSA Presentation Review)
This very useful talk was as much an education in HTML5 for me as it was an education on how HTML5 can be abused. I […]
Get Off Your AMF & Don’t REST on JSON (OWASP AppSecUSA Presentation Review)
First off, in the spirit of full disclosure, two points: One is that this talk took place at the same time as the Shreeraj Shah […]
SQL Server Exploitation (OWASP AppSecUSA Presentation Review)
SQL Server Exploitation, Escalation, and Pilfering The general thesis of this talk I attended by Scott Sutherland and Antti Rantasaari from @NetSpi is that SQL Server is mostly […]
I>S+D! – Interactive Application Security Testing (IAST), Beyond SAST/DAST (OWASP AppSecUSA Presentation Review)
This talk, by Ofer Maor, CTO – Quotium (Follow on Twitter, @quotium) at 2012 AppSecUSA, addressed something that I see is an up and coming issue, interactive in-memory code […]
Secure Code Reviews, Magic or Art (OWASP AppSecUSA Presentation Review)
Continuing my series of write-ups on the talks I attended at AppSecUSA this year. Sherif Koussa (@Skoussa) who is a Principal Application Security Consultant at Software Secured presented this talk […]
Reverse Engineering “Secure” HTTP API’s with an SSL Proxy (OWASP AppSecUSA Presentation Review)
This is a continuation of my series on the talks I attended at OWASP AppSecUSA in October of this year. Presenters: Alejandro Caceres, Computer Network Operations Engineer […]
Results of a New SANS Survey on Application Security Policies in Enterprises
Please join us for this upcoming webcast, SANS Survey on Application Security Policies in Enterprises, on December 13 at 1 PM EDT where SANS will […]
Surviving the Week 12/7/12, PayPal Fixes Trio of Remote-Access Vulnerabilities
Detecting Successful XSS Testing with JS Overrides with ModSecurity The following link demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to […]