This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a […]
This talk was rumored to have been cancelled at a vulnerable vendors (Adobe) request, but Jeremiah Grossman and Robert Hansen decided to do parts of the talk anyway. Here’s my notes from the semi-restricted presentation. Jeremiah started off with a brief introduction on what clickjacking is. In a nutshell, it’s when you visit a malicious […]
Unfortunately, the conference provided lunch today, but did not provide us time to eat it so I had to eat while listening to this talk. It was by Trey Ford and Jeremiah Grossman from Whitehat Security and I’m pretty sure they’ve done it before. You may even be able to download a copy of the […]
This presentation is by Christian Heinrich, the project leader for the OWASP “Google Hacking” project. Presentation published on http://www.slideshare.net/cmlh Dual licensed under OWASP License and AU Creative Commons 2.5. OWASP Testing Guide v3 – Spiders/Robots/Crawlers 1. Automatically traverses hyperlinks 2. Recursively retrieves content referenced Behavior governed by the robots exclusion protocol. New method is <META […]
For the first session of the day, I decided to check out the Web Application Security Roadmap presentation by Joe White, President of Cyberlocksmith Corporation. Web application security is still very much in it’s infancy. Traditional “operations” teams do not understand web application security risk and are ill-equipped to defend against web application threats. Many […]
I’m currently at the OWASP AppSec 2008 Conference in New York City and am listening to the keynote presentation shared by the board of OWASP. Starting off is Jeff Williams, Chair of OWASP. He talked about OWASP’s mission, what we’re currently working on, and offered the following suggestions on how to take OWASP into the […]
Well, I’m finally home with a spare minute to write. I and the two guys who went to the conference with me (Peco and Robert) got a lot out of it. I apologize for the brevity of style of the conference writeups, but they were notes taken on a precariously balanced laptop, under bad network […]
We’ve reached the last couple sessions at Velocity 2008. Read me! Love me! We hear about Capacity Planning with John Allspaw of Flickr. He says: No benchmarks! Use real production data. (How? We had to develop a program called WebReplay to do this because no one had anything. We’re open sourcing it soon, stay tuned.) […]
After a tasty pseudo-Asian hotel lunch (though about anything would be tasty by now!), we move into the final stretch of afternoon sessions for Velocity. Everyone seems in a good mood after the interesting demos in the morning and the general success of the conference. First, it’s the eagerly awaited Even Faster Web Sites. Steve […]
Welcome to the second (and final) day of the new Velocity Web performance and operations conference! I’m here to bring you the finest in big-hotel-ballroom-fueled info and drama from the day. In the meantime, Peco had met our old friend Alistair Croll, once of Coradiant and now freelance, blogging on “Bitcurrent.” Oh, and also at […]
