FROC2010 Abstract Byrne2

Revision as of 16:05, 12 May 2010 by Dc (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The Presentation: "Beware of Serialized GUI Objects Bearing Data"

A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to access all server-side session data, as well as some globally-scoped application variables. The technical details of the vulnerabilities will be explained and a live demonstration will be performed. A similar vulnerability will also be demonstrated in Microsoft's ASP.Net.

The Speakers: David Byrne and Rohini Sulatycki, Trustwave

Back to Conference Agenda