|
|
| EVENTS & training: events |
| |
Seattle University, Engineering Building, Room 304
7/14/2008
6:00p to 8:00p
Presentation Abstract: This technical and informative discussion will examine web and online attacks such as the epidemic of XSS (cross site scripting) vulnerabilities (vulnerabilities that make it possible for attackers to steal authentication credentials and redirect visitors to malicious websites). Russ will dive into the methodology, tools, examples, and inherent risks of web applications as well as provide aid to the Internet Community in remediating XSS issues and other web application security issues. In a recent study, Russ challenged himself to find and report as many XSS vulnerabilities as possible in a 30-day period. The result was more than 100 vulnerabilities were discovered in websites that included General Motors and George Mason University, and created 6 Secunia/CVE advisories for weak software. The impact sparked a raging debate over the value of McAfee ScanAlert's Hacker Safe label as published in the article "McAfee ‘Hacker Safe’ Cert Sheds More Cred" located at http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/. Presenter Bio: Russ McRee, GCIH, GCFA, CISSP is a Security Analyst working with incident response at Microsoft for the Windows Live Security Incident Management team. He's the author of the ISSA Journal's monthly column Toolsmith, and has written for Information Security, Linux Pro, SysAdmin and other publications, including an OWASP whitepaper. Prior speaking engagements include the 20th Annual FIRST Conference, SecureWorld Expo, ISSA Northwest Regional, WSA SIG, RAID 2005, and Linuxfest Northwest. Russ has been a board member of ISSA Puget Sound, and is a member of PACCISO, InfraGard and CCSA. Russ maintains holisticinfosec.org and blog.holisticinfosec.org. |
|
|
|
