Kansas City November 2007 Meeting

Speaker: Tom Stripling, CISSP on The Dangers of Third-Party Content

It is now commonplace for web applications to include content from other sites, partners, and advertisers. If this content isn’t handled correctly, applications are left vulnerable to attack. By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.

Session Learning Objectives
 * Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion
 * Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content
 * Analyze the effectiveness of various application security countermeasures to combat the threat
 * Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications

Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.