CSI – Web Application Panel

September 18, 2009

I have been asked by Rafal Los (a good friend of mine) to join him on a panel at CSI in October to discuss the current state and future of Web Application Security. I’m really excited for the Panel and it will be fun to catch up with many people that didn’t make it to BlackHat and DefCon.

Here is the information on the presentation:

Title: Web Summit
Date/Time: Monday (October 26, 2009) 2:00pm — 5:30pm
Topic: Web 2.0

An informed host and select group of expert speakers tackle web issues. After brief presentations, debates and open forums, you’ll more fully understand the issues and solutions, and have the insight that will guide you to better, more confident decisions regarding those complex and challenging issues.

Morphing more business functions into Web 2.0 applications offers both irresistible business opportunities and undeniable security threats. Criminals are using the Web as an attack vector and crafting more sophisticated, exceptionally targeted attacks. Yet who needs to exploit vulnerabilities when there are plenty of malicious ways to use legitimate applications, like social networking sites and microblogs. And what about the browser? A browser is in a position to both protect the local device from Web-borne threats and thwart attacks that take place solely within the Web—but are current browsers proactively shouldering their security responsibilities? Learn how to both secure your organization’s own Web site and protect your sensitive data from attacks launched from other vulnerable Web sites. Get to know the Web-based threats of today and tomorrow, and explore what next-generation security tools could live up to the promise of revolutionizing Internet security.

I. Web application vulnerabilities and attacks
II. Browser attacks
III. Mitigating Web security threats and next-gen solutions


BeEF 0.4 released!!

September 18, 2009

Wade Alcorn recently released the new version of BeEF. This version includes many of the modules RSnake and I presented at Defcon 17. The videos can be found at: http://vimeo.com/jabra/videos. I’m really excited for this version! BeEF 0.4 moves BeEF from just a proof-of-concept to a framework that is really powerful for penetration testing.

I will be updating the BeEF package in BackTrack 4 sometime early next week.


September: Patch Tuesday

September 8, 2009

I’m looking forward to Patch Tuesday tomorrow. Microsoft released the breakdown and here is what they have coming out tomorrow: 5 critical remote code execution advisories! Heh, really! The day after a long weekend… Ouch! This is great for Hackers and bad for sys-admins.

Tuesday is gonna be a fun day!