Difference between revisions of "Denver May 2008 meeting"

From OWASP
Jump to: navigation, search
(New page: === Topic: Cross Site Scripting, Exploits and Defenses=== For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary [...)
 
(Topic: Cross Site Scripting, Exploits and Defenses)
Line 9: Line 9:
 
Nevertheless, we hope that you found the presentations interesting, and the interactive format a welcome change.
 
Nevertheless, we hope that you found the presentations interesting, and the interactive format a welcome change.
  
 +
[https://www.owasp.org/index.php/Image:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf Slide deck]
 +
 +
Note that alot of the content is hidden in the speakers notes of the presentation, which we need to sanitize a bit to protect to guilty prior to posting.
  
 
=== '''Speakers''' ===
 
=== '''Speakers''' ===

Revision as of 12:12, 3 June 2008

Topic: Cross Site Scripting, Exploits and Defenses

For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary defacement of Barack Obama's website demonstrated the impact of XSS vulnerabilities to the masses.

During this presentation, we demonstrated exactly how effective XSS vulns can be, and showed you what you can do to protect yourself and your sites.

The practicalities of doing live-demos meant that each night we had one demo fail. At Denver it was the live session stealing demo against a production website. In Boulder it was the browser-based botnet.

Nevertheless, we hope that you found the presentations interesting, and the interactive format a welcome change.

Slide deck

Note that alot of the content is hidden in the speakers notes of the presentation, which we need to sanitize a bit to protect to guilty prior to posting.

Speakers

Chapter leaders David Campbell and Eric Duprey presented on the emerging threat of cross site scripting (XSS) vulnerabilities.

David Campbell is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large multinational financials to consulting for government agencies. DC is presently head of security engineering for Raytheon Polar Services, and is also on the board of directors of Psiframe Inc., a San Francisco based security consultancy.

Eric Duprey is a Senior Security Engineer for Dish Network Corporation.