Publications
Fracking Flex
PDF | ODP | PPT | Video | Paper
Abstract: Web applications have become increasingly more complex over the years. Users are demanding a rich content experience that is both simple and pleasant to use. In addition to the increased complexity, applications are utilizing a mix of technologies to support this drive. One such technology is Flex, which utilizes the Adobe Flash Platform to deliver Rich Internet Applications to users.
With increased complexity comes a downside. Application security testers often hit roadblocks when assessing Flex applications due to the use of binary protocols and custom objects going across the wire. This talk will provide testers an understanding of the architecture components that make up Flex applications and an assessment methodology for security testing. In addition, several tools will be discussed that will help the tester perform a thorough security review of a Flex application.
2010-06-18 — SummerC0n 2010
Why AppSec Tools Suck
PDF | ODP | PPT | Video | Paper
Abstract: Coming soon…
2009-07-02 — Toorcamp 2009
Securosis: Building a Web Application Security Program
PDF | ODP | PPT | Video | Paper
Abstract: Web Applications not only have many of the same threats and issues as traditional applications, but by their nature, have a whole additional set of issues to worry about as well. They require a different approach and analysis, and we hope that you will follow the use cases and adapt the technologies and process improvements suggested to meet your organizational needs.
Marcin Wielgoszewski and Andre Gironda are recognized contributors in this report published by Rich Mogull and Adrian Lane of Securosis.
AntiSamy.NET: Fighting XSS the .NET Way
PDF | ODP | PPT | Video | Paper
Abstract: AntiSamy.NET is the direct .NET port of AntiSamy for Java. Originally developed by Arshan Dabirsiaghi and Jason Li of Aspect Security, Jerry Hoff has been porting AntiSamy to .NET in this OWASP Summer of Code 2008 project. This talk presents the community with a project overview and status update on the work completed to date. For more information please visit the OWASP AntiSamy.NET project homepage.
2008-11-06 — OWASP EU Summit 2008
Path X: Explosive Security Testing Tools with XPath
PDF | ODP | PPT | Video | Paper
Abstract: This talk will cover what XPath is, how it is used to parse XML in web applications in order to aid security testing tools, and why XPath expressions are good locators in comparison to other methods such as DOM or CSS selectors. The presenters will attempt to demonstrate how XPath can be used for good instead of being targeted with injection or blind XPath injection attacks.
2008-02-17 — ShmooCon 2008
Continuous Prevention Testing
Abstract: Continuous testing presents methodologies and tools that developers, quality engineers, and security professionals can all share and use effectively to their own unique approach. The tools presented are cross-discipline, meaning they can be utilized by a developer as a development tool, by a qa-tester as a quality assurance tool, and by a vulnerability assessor as a security assurance tool. Whether you’re trying to build better code faster, demonstrate the power of automated testing using a data-driven test framework, or find security-related defects — Continuous testing has something for you.
2007-10-19 — ToorCon 9
Comments are closed.