Ryan Barnett from Breach security came to Minneapolis to give a talk on application and web security.
The Web Hacking Incidents Database (WHID) (MSNBC news segment with WHID splash here) is a Web Application Security Consortium project dedicated to maintaining a list of web application related security incidents. The goal of WHID is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web application security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from the first half of 2009 (January - June) and provide insight into categories such as: 1) Top Attack Methods, 2) Top Compromise Outcomes, 3) Top Target Geographic Region, and 4) Top Vertical Markets Hit. The presenter will also provide some in depth analysis for emerging threats/attack techniques such as planting of malware on websites and reflected cross-site scripting through SQL injection.
Ryan Barnett is the Director of Application Security Research at Breach Security where he leads Breach Security Labs. He is a Member of the Web Application Security Consortium (WASC) where he leads the Distributed Open Proxy Honeypot Project. He is also the leader of the OWASP ModSecurity Core Rule Set (CRS) Project (Category:OWASP ModSecurity Core Rule Set Project) which provides web application firewall rules to the public. Mr. Barnett is a frequent speaker at industry conferences such as Black Hat and he has also authored a web security book for Pearson Publishing titled Preventing Web Attacks with Apache.
Loading more stuff…
Hmm…it looks like things are taking a while to load. Try again?