I have been asked by Rafal Los (a good friend of mine) to join him on a panel at CSI in October to discuss the current state and future of Web Application Security. I’m really excited for the Panel and it will be fun to catch up with many people that didn’t make it to BlackHat and DefCon.
Here is the information on the presentation:
Title: Web Summit
Date/Time: Monday (October 26, 2009) 2:00pm — 5:30pm
Topic: Web 2.0
An informed host and select group of expert speakers tackle web issues. After brief presentations, debates and open forums, you’ll more fully understand the issues and solutions, and have the insight that will guide you to better, more confident decisions regarding those complex and challenging issues.
Morphing more business functions into Web 2.0 applications offers both irresistible business opportunities and undeniable security threats. Criminals are using the Web as an attack vector and crafting more sophisticated, exceptionally targeted attacks. Yet who needs to exploit vulnerabilities when there are plenty of malicious ways to use legitimate applications, like social networking sites and microblogs. And what about the browser? A browser is in a position to both protect the local device from Web-borne threats and thwart attacks that take place solely within the Web—but are current browsers proactively shouldering their security responsibilities? Learn how to both secure your organization’s own Web site and protect your sensitive data from attacks launched from other vulnerable Web sites. Get to know the Web-based threats of today and tomorrow, and explore what next-generation security tools could live up to the promise of revolutionizing Internet security.
I. Web application vulnerabilities and attacks
II. Browser attacks
III. Mitigating Web security threats and next-gen solutions