Create an Account
username: password:
 
  MemeStreams Logo

The SPI laboratory : Speaking at Shmoo

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
The SPI laboratory : Speaking at Shmoo
Topic: Technology 5:09 pm EDT, Mar 22, 2007

The first part of my presentation will provide an overview of all these new advanced threats. Specifically, how this attacks work and how they can be prevented. In the second half I’ll discuss how JavaScript is capable of crawling and auditing 3rd party websites just like a traditional web scanner. As a proof of concept, I created Jikto, a web scanner written in JavaScript. Although I will not be releasing the source code of Jikto, I will be giving a full live demo and provide a detailed discussion about its methodology and architecture. The purpose of this public discussion and demonstration is to raise awareness of the danger of a XSS vulnerability and educate web developers and administrators on how to create websites securely. The biggest tragedy of all would be if a developer decides to put off fixing a XSS vulnerability because they weren’t aware of all the damage that could be done.

The SPI laboratory : Speaking at Shmoo



 
 
Powered By Industrial Memetics
RSS2.0