[WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

Billy Hoffman Billy.Hoffman at spidynamics.com
Thu Jul 27 13:00:03 EDT 2006


Thanks for the note. 

SPI Dynamics conducted this research independently. We specifically
state in the document that Jeremiah is also doing research in this area,
and we point to his presentation at BlackHat and when and where it will
be taking place. No one at SPI has seen any published material or seen
any public presentation describing any specific techniques regarding
this area of research. We are simply publishing the techniques that we

Take care,
Billy Hoffman
Lead R&D Engineer
SPI Dynamics - http://www.spidynamics.com
Phone: 678-781-4800
Direct: 678-781-4845

-----Original Message-----
From: RSnake [mailto:rsnake at shocking.com] 
Sent: Thursday, July 27, 2006 12:31 PM
To: Billy Hoffman
Cc: websecurity at webappsec.org
Subject: Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting
Intranet Applications using JavaScript

SPI Dynamics is late.  Jeremiah Grossman and I have been working on this
for quite a while, and he presented about it at an OWASP meeting almost
a month ago, with working demos:


It looks like your whitepaper's first paragraph is pulled almost exactly
from the first paragraph of Jeremiah's presentation overview
(suspiciously close anyway).


Maybe it's a coincidence, but even so his demo was released before yours
by nearly a month.  I think it would be curteous to revise your paper to
reflect as much.


The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list