Difference between revisions of "Friendly Traitor 2 Features are hot but giving up our secrets is not!"

From OWASP
Jump to: navigation, search
(The speakers)
Line 11: Line 11:
 
Mike Poor's Bio comming soon!
 
Mike Poor's Bio comming soon!
  
Kevin Johnson is a Senior Security Analyst with InGuardians. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time contributes to a large number of open source security projects. Kevin founded and leads the development on B.A.S.E. (the Basic Analysis and Security Engine) project. The BASE project is the most popular web interface for the Snort intrusion detection system. Kevin is an instructor for SANS, teaching both the Incident Handling and Hacker Techniques class and the Web Application Penetration Testing and Ethical Hacking class, which he is the author. He has presented to many organizations, including Infragard, ISACA, ISSA, RSA and the University of Florida.
+
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.
  
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

Revision as of 09:19, 20 September 2010

The presentation

Owasp logo normal.jpg
In Friendly Traitor 2, Kevin Johnson and Mike Poor continue to explore the risks and threats exposed by the features that we keep demanding from developers. Our software clients are becoming more complex, and attackers have smelled the blood in the water and are attacking them in droves.

Kevin and Mike will begin by explaining some of the new features of HTML5 and JavaScript that are being rolled out, and subsequently exploited. The presentation then delves into the latest in Adobe Flash exploitation fun and finishes strong with presenting their latest research in mobile phone "feature" exploitation.

Throughout the talk, Mike and Kevin will be releasing exploit code and tools that target these features. They will also be releasing their latest additions to Wadfe Alcorn's BeEF exploit tool developed in order to exploit these technologies.

The speakers

Mike Poor's Bio comming soon!

Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.