Monthly Archives: December 2012

Surviving the Week 12/28/12

The 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition The business logic abuse scenarios presented by the Ponemon Institue are web scraping, account hijacking, click fraud, botnets causing denial of service, electronic…

Full Article →

Surviving the Week 12/21/12

HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance The 5th revision of HTML is regarded as the future of web markup language. The long awaited specs for HTML5 have been finalized. This week,…

Full Article →

XSS & CSRF with HTML5 – Attack, Exploit, and Defense (OWASP AppSecUSA Presentation Review)

This very useful talk was as much an education in HTML5 for me as it was an education on how HTML5 can be abused. I am coming up to speed on HTML5 concepts. Shreeraj Shah…

Full Article →

Get Off Your AMF & Don’t REST on JSON (OWASP AppSecUSA Presentation Review)

First off, in the spirit of full disclosure, two points: One is that this talk took place at the same time as the Shreeraj Shah talk I attended, but I did indeed effectively attend this…

Full Article →

SQL Server Exploitation (OWASP AppSecUSA Presentation Review)

SQL Server Exploitation, Escalation, and Pilfering The general thesis of this talk I attended by Scott Sutherland and Antti Rantasaari from @NetSpi is that SQL Server is mostly very well designed with respect to security so that most…

Full Article →

I>S+D! – Interactive Application Security Testing (IAST), Beyond SAST/DAST (OWASP AppSecUSA Presentation Review)

This talk, by Ofer Maor, CTO - Quotium (Follow on Twitter, @quotium) at 2012 AppSecUSA, addressed something that I see is an up and coming issue, interactive in-memory code testing. There are several talks about it and there is…

Full Article →

WTF – WAF Testing Framework (OWASP AppSecUSA Presentation Review)

The fundamental idea of this talk was that testing a WAF for good data getting through as well as bad data not getting through is a very good idea and one we wholeheartedly agree with…

Full Article →

Surviving the Week 12/14/12, Most Healthcare Organizations Suffered Data Breaches

Most Healthcare Organizations Suffered Data Breaches Two separate reports released this week show the critical condition of U.S. healthcare organizations and hospitals when it comes to data breaches, with 94 percent of healthcare organizations hit…

Full Article →

Secure Code Reviews, Magic or Art (OWASP AppSecUSA Presentation Review)

Continuing my series of write-ups on the talks I attended at AppSecUSA this year. Sherif Koussa (@Skoussa) who is a Principal Application Security Consultant at Software Secured presented this talk about source code reviews and proposed a methodology for going…

Full Article →

Reverse Engineering “Secure” HTTP API’s with an SSL Proxy (OWASP AppSecUSA Presentation Review)

This is a continuation of my series on the talks I attended at OWASP AppSecUSA in October of this year. Presenters: Alejandro Caceres, Computer Network Operations Engineer – Lunarline Inc. Mark Haase, Sr. Security Software Engineer –…

Full Article →

Page 1 of 212