Friday 11 April 2008
Wednesday 7 November 2007
What Every Engineer Needs to Know About Web Security and Where to Learn It
Presenter: Neil Daswani
This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks. Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security. Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, we discuss how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain. Finally, we present some statistics on the current state of software security vulnerabilities, and discuss existing and upcoming challenges in the field of software security.
Posted by V for Vlamenoi ;) at 7.11.07
Labels: cross-site scripting, sql injection, web software security comments (0)
How to Break Web Software
Presenter: Mike Andrews
Mike Andrews looks at how web applications are attacked, walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.
Monday 5 November 2007
Analysis of Compromised Linux Server
These slides demonstrate the process used to analyze a compromised (hacked) Linux Server.
How not to get hacked!
The common ways that web applications can be attacked and what you need to do to prevent it.
Posted by V for Vlamenoi ;) at 5.11.07
Labels: file uploads, javascript injection, sql injection, web comments (0)