Home » News » WhiteHat Security Founder to L ...

News by JavaScriptSearch

WhiteHat Security Founder to Lead a Technical Session on Threats Posed by JavaScript Malware


Tuesday, January 30, 2007; 04:04 AM

WhiteHat Security today announced that Jeremiah Grossman, the Company's founder and CTO, will lead a technical session at this year's RSA Conference (www.rsaconference.com) in San Francisco. The presentation, "Hacking Intranet Websites from the Outside," to be held Tuesday, February 6, will address the increasing prevalence of Javascript malware, the threats associated with it, why organizations must understand it and how they can defend against it.

Session learning objectives include:
    -- How a user is first infected or attacked using a malicious Web page or Cross-Site Scripting vulnerability;
    -- How a Web browser can be completely controlled or monitored remotely;
    -- How a Web browser can be used as a stepping stone to perform network reconnaissance on internal networks; and,
    -- How to exploit internal machines using a compromised Web browser.
Grossman will demonstrate a wide variety of cutting-edge website attack techniques and describe best practices for securing websites and users against these threats, including:
    -- Port scanning and attacking intranet devices using JavaScript;
    -- Blind Web server fingerprinting using unique URLs;
    -- Discovery NAT'ed IP addresses with Java Applets; -- Stealing Web browser history with Cascading Style Sheets;
    -- Best-practice defense measures for securing Websites; and,
    -- Essential habits for safe Web surfing.
In addition to his position at WhiteHat, Jeremiah Grossman is a world- renowned expert in website vulnerability management and a founding member of the Web Application Security Consortium (WASC). He is a frequent speaker at industry events including the Black Hat Briefings, ISACA's Network Security Conference, NASA, the Air Force and Technology Conference, ISSA and Defcon. Grossman is also a featured expert and frequent contributor on TechTarget's SearchAppSecurity.com site.



Related Resources

Other Resources