Black Hat 2006 to Feature SPI Dynamics' Presentation on AJAX and RSS Security Threats

JavaScriptSearch
Tuesday, August 1, 2006; 08:24 AM

Web application security firm, S.P.I. Dynamics, Inc., has announced that three of the company's researchers will highlight the latest hacking trends at the upcoming Black Hat 2006 conference in Las Vegas, Nevada, August 2 and 3, 2006.

This year's Black Hat includes a significant number of talks focused on Web application security - a clear indicator of the impact Web applications are having on future trends in security. Bob Auger, Research and Development Engineer for SPI Dynamics, will present alongside the Company's Co-founder and CTO, Caleb Sima, on the use of RSS and Atom feeds as methods of hacking client systems. The talk is titled ''Zero Day Subscriptions: Using RSS and Atom Feeds as Attack Delivery Systems,'' and is scheduled during the Black Hat conference Thursday, August 3rd from 9:00 a.m. until 9:50 a.m. PT. RSS (Really Simple Syndication) is an XML format designed for sharing web content.

In addition Billy Hoffman, Lead SPI Labs Research Engineer, will present two talks at Black Hat focused on hacking, the latest in Asynchronous JavaScript and XML (AJAX) threats, and Web application worms and viruses. Mr. Hoffman's first talk entitled, ''AJAX (in)security'' scheduled for Thursday, August 3rd from 11:15 a.m. until 12:30 p.m. PT, will comprehensively discuss the fundamental security issues of Ajax, which include browser/server interaction issues, application design issues, vulnerabilities in work-arounds like AJAX bridges, and how the hype surrounding Web 2.0 applications is actually increasing security risk. The discussion will examine the different hacking techniques used against AJAX applications, and how to properly design an AJAX application to avoid these security issues. It will also include a demonstration of how to secure existing applications.

Mr. Hoffman, will also present ''Analysis of Web Application Worms and Viruses'' scheduled at the Black Hat conference Thursday, August 3rd from 4:45 p.m. until 6:00 p.m. PT. The presentation will analyze the scope of new application-level hacking threats by examining how web worms and viruses operate with regard to propagation methods, execution paths, payload threats and limitations, and design features. Mr. Hoffman will closely dissect source code of recent Web application worms such as the Perl.Sanity worm and the MySpace.com virus to better understand how these programs function in the wild, as well as take a look at hypothetical situations of future worm programs. The talk will conclude with guidelines for implementing Web application security pre and post production.

In addition, SPI Dynamics will host a book signing at Black Hat for Caleb Sima's publishing debut in the newly released book titled, ''Hacking Exposed Web Applications: Web Security Secrets and Solutions, Second Edition,'' published by McGraw-Hill/Osborne and co-authored by web application security specialists Joel Scambray and Mike Shema, at the company's Black Hat booth on Wednesday, August 2nd from 6:00 p.m. until 6:30 p.m. PT.

SPI Dynamics has over 750 customers among Global 2000 enterprises, including over 70 U.S. Federal accounts, and has strategic partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa investing in the Company in 2005. SPI Dynamics is privately held with headquarters in Atlanta, Georgia.