JavaScriptSearch Tuesday, August 1, 2006; 08:24 AM
Web application security firm, S.P.I. Dynamics,
Inc., has announced that three of the company's researchers
will highlight the latest hacking trends at the upcoming Black Hat 2006
conference in Las Vegas, Nevada, August 2 and 3, 2006.
This year's
Black Hat includes a significant number of talks focused on Web
application security - a clear indicator of the impact Web applications
are having on future trends in security. Bob Auger, Research and
Development Engineer for SPI Dynamics, will present alongside the
Company's Co-founder and CTO, Caleb Sima, on the use of RSS and Atom
feeds as methods of hacking client systems. The talk is titled ''Zero
Day Subscriptions: Using RSS and Atom Feeds as Attack Delivery
Systems,'' and is scheduled during the Black Hat conference Thursday,
August 3rd from 9:00 a.m. until 9:50 a.m. PT. RSS (Really Simple
Syndication) is an XML format designed for sharing web content.
In addition Billy Hoffman, Lead SPI Labs Research Engineer, will
present two talks at Black Hat focused on hacking, the latest in Asynchronous JavaScript and XML (AJAX)
threats, and Web application worms and viruses. Mr. Hoffman's first
talk entitled, ''AJAX (in)security'' scheduled for Thursday, August 3rd
from 11:15 a.m. until 12:30 p.m. PT, will comprehensively discuss the
fundamental security issues of Ajax, which include browser/server
interaction issues, application design issues, vulnerabilities in
work-arounds like AJAX bridges, and how the hype surrounding Web 2.0
applications is actually increasing security risk. The discussion will
examine the different hacking techniques used against AJAX
applications, and how to properly design an AJAX application to avoid
these security issues. It will also include a demonstration of how to
secure existing applications.
Mr. Hoffman, will also present ''Analysis of Web Application Worms and
Viruses'' scheduled at the Black Hat conference Thursday, August 3rd
from 4:45 p.m. until 6:00 p.m. PT. The presentation will analyze the
scope of new application-level hacking threats by examining how web
worms and viruses operate with regard to propagation methods, execution
paths, payload threats and limitations, and design features. Mr.
Hoffman will closely dissect source code of recent Web application
worms such as the Perl.Sanity worm and the MySpace.com virus to better
understand how these programs function in the wild, as well as take a
look at hypothetical situations of future worm programs. The talk will
conclude with guidelines for implementing Web application security pre
and post production.
In addition, SPI Dynamics will host a book signing at Black Hat for
Caleb Sima's publishing debut in the newly released book titled,
''Hacking Exposed Web Applications: Web Security Secrets and Solutions,
Second Edition,'' published by McGraw-Hill/Osborne and co-authored by
web application security specialists Joel Scambray and Mike Shema, at
the company's Black Hat booth on Wednesday, August 2nd from 6:00 p.m.
until 6:30 p.m. PT.
SPI Dynamics has over 750 customers among Global 2000
enterprises, including over 70 U.S. Federal accounts, and has strategic
partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa
investing in the Company in 2005. SPI Dynamics is privately held with
headquarters in Atlanta, Georgia.
www.webhackingexposed.com
|
|