FROC2010 Abstract Byrne2
The Presentation: "Beware of Serialized GUI Objects Bearing Data"
A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to access all server-side session data, as well as some globally-scoped application variables. The technical details of the vulnerabilities will be explained and a live demonstration will be performed. A similar vulnerability will also be demonstrated in Microsoft's ASP.Net.
The Speakers: David Byrne and Rohini Sulatycki, Trustwave
Rohini Sulatycki is a Security Consultant within the Application Security practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team responsible for Penetration Testing, Application Security, and Incident Response testing for Trustwave's clients.
Rohini has been involved in the Information Technology industry for more than 13 years. Rohini specializes in application security testing and code review conducting a large number of application tests in her capacity at Trustwave. Rohini has been a technical reviewer for several books and publications including Java Security and IEEE Security and Privacy. Rohini has presented at various security events including Black Hat.
David Byrne is a Senior Security Consultant within the Application Security practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team responsible for Penetration Testing, Application Security, and Incident Response for Trustwave's clients.
David has been involved with information security for a decade. Before Trustwave, he was the Security Architect at Dish Network. In 2008, he released Grendel (grendel-scan.com), an open source web application security scanner. David frequently presents at security events including DEFCON, Black Hat, Toorcon, SANS, and OWASP AppSec.