User:Michael Brooks

From OWASP
Jump to: navigation, search

I have spoken at Defcon and Blackhat multiple times, and I'm looking forward to speaking at the Phoenix OWASP chapter in July. I write exploit code (http://milw0rm.com/author/677). According to the Department Of Homeland Security I have found the most dangerous CSRF vulnerability ever found (https://www.kb.cert.org/vuls/id/643049), and it is in the top 1000 most dangerous vulnerabilities ever discovered. I am also the top security expert on StackOverflow.com (The Rook: http://stackoverflow.com/questions/tagged?tagnames=security&sort=stats&pagesize=50).

The reason why I am signing up for an account right now is becuase the CSRF page has a rather serious typo. XSS can be used to bypass referer checks as easily as it can be used to bypass token checks. The Sammy worm used an XHR to obtain the token to forge reqeusts, I have also written an exploit to do this (http://milw0rm.com/exploits/7922). I would also like to contribute to OWASP in other ways.