[WEB SECURITY] Lots of WebAppSec at Black Hat

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 1 18:22:24 EDT 2006

Black Hat is well-known as the conference to attend for cutting edge  
information security research. What's exciting to me about this years  
USA conference (July 29-August 3, 2006) is the absolute stunning  
amount of web application security talks being presented (list  
below). Most conferences have maybe 1 or 2 talks on the subject.  
Clearly the awareness and importance of webappsec has grown  

Also as we've done the last 2 years at BH, WASC will be organizing an  
informal get together. More details to come.


Advanced Asp.Net Exploits and Countermeasures
Dinis Cruz, Senior Security Consultant, IOActive

Investigating Evil Websites with Monkeyspaw:
The Greasemonkey Security Professional's Automated Webthinger
Tod Beardsley, Lead Counter-Fraud Engineer, TippingPoint, a division  
of 3com

Finding Gold in the Browser Cache
Corey Benninger, Security Consultant, Foundstone, a Division of McAfee

Taming Bugs: The Art and Science of Writing Secure Code
Paul Böhm, Lord Protector and Defender of the Crown at SEC-Consult

Case Study: The Secure Development Lifecycle and Internet Explorer 7
Tony Chor, Group Program Manager, Internet Explorer, Microsoft  
Rob Franco, Security Program Manager, Internet Explorer, Microsoft  

Oedipus Web Application Scanner Project
Jordan Del-Grande
Justin Clarke

MatriXay—When Web App & Database Security Pen-Test/Audit Is a Joy

Finding and Preventing Cross-Site Request Forgery
Tom Gallagher, Security Test Lead, Microsoft

Hacking Intranet Websites from the Outside
"JavaScript malware just got a lot more dangerous"
Jeremiah Grossman, Founder and CTO of WhiteHat Security, Inc.
T.C. Niedzialkowski, Sr. Security Engineer, WhiteHat Security, Inc.

Ajax (in)security
Billy Hoffman, Security Researcher, SPI Dynamics, Inc.

Analysis of Web Application Worms and Viruses
Billy Hoffman, Security Researcher, SPI Dynamics, Inc.

Six Degrees of XSSploitation
Dan Moniz, Member, The Shmoo Group
HD Moore, Director of Security Research for BreakingPoint Systems,  
Founder, The Metasploit Project

Defending Black Box Web Applications:
Building an Open Source Web Security Gateway
Shawn Moyer, CISO, Agura Digital Security

SQL Injections by Truncation
Bala Neerumalla, Security Software Developer, Microsoft

A Tale of Two Proxies

Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0
Alex Stamos, Principal Partner, iSEC Partners
Zane Lacke, Security Consultant, iSEC Partners

Web Application Incident Response & Forensics: A Whole New Ball Game!
Chuck Willis, Senior Consultant at Mandiant
Rohyt Belani, Director, Mandiant

Full Schedule:



Jeremiah Grossman
Founder and CTO
WhiteHat Security, Inc.

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list