2010 BASC Presentations

From OWASP
Revision as of 12:19, 15 November 2010 by Tom Conner (Talk | contribs)

Jump to: navigation, search
Platinum Sponsors (Listed Alphabetically)
  CORE Security Rapid7  
SafeLight Security
  Security Innovation SOURCE  


We kindly thank our sponsors for their support. Please help us keep future BASCs free by viewing and visiting all of our sponsors.

Contents

Presentations

We would like to thank our speakers for donating their time and effort to help make this conference successful and free.

HTML5 Security

Presented by: Ming Chow
Time: 10:00-10:50
Track: 1

The power of HTML5 allows developers to create web applications not just structured content, but its new features has increased the attack surface. This presentation will demo and discuss new attack opportunities, particularly on client machines, including abusing the offline application cache and SQL injection via file-based client-side databases.

A Crumple Zone for Service Oriented Architectures

Presented by: Andrew Gronosky
Time: 11:00-11:50
Track: 1

We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design for Java RMI based services and compare it with web application firewalls.

Hacking SAP BusinessObjects

Presented by: Joshua Abraham and Will Vandevanter
Time: 13:00-13:50
Track: 1

BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.

Business Logic Attacks - BATs and BLBs

Presented by: Paul Schofield
Time: 15:00-15:50
Track: 1

Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss using multiple advanced techniques to battle these attacks, rather than relying exclusively on application code

The Exploit Arms Race

Presented by: Christien Rioux
Time: 16:00-16:50
Track: 1

As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time Stack Checking, DEP and ASLR, from attacks like trampolining, return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.

OWASP Basics 1 and 2

Presented by: Robert Cheyne
Time: 10:00-11:50
Track: 2

Rob presents a number of scenarios that walk participants through the basics of SQL injection, XSS and CSRF, along with a few other tricks he has up his sleeve. Participants will come away with a foundation for further security learning. Those already knowledgeable on application security issues will learn some new techniques for presenting and teaching this information in a clear, concise and effective manner.

Coffee Shop Warefare:Protecting Yourself in Dark Territory

Presented by: To Be Determined
Time: 13:00-13:50
Track: 2

A lighthearted look at the real threats that people face in personal computing, specifically when connected to unknown network at coffee shops and airports. John will cover many of these threats and discuss tools and best practices everyone can engage in to ensure they protect their machine and information from these risks.

Another TBD Presentation

Presented by: To Be Determined
Time: 14:00-14:50
Track: 2

abst

Another TBD Presentation

Presented by: To Be Determined
Time: 15:00-15:50
Track: 2

abstr

Another TBD Presentation

Presented by: To Be Determined
Time: 16:00-16:50
Track: 2

abstr



We kindly thank our sponsors for their support.
Please help us keep future BASCs free by viewing and visiting all of our sponsors.

Gold Sponsors
Auric Systems International Fortify Palo Alto Networks WhiteHat Security

You can find out more about this conference at the BASC homepage: http://www.owasp.org/index.php/2010_BASC_Homepage.
Conference Organizer: Jim Weiler