1. # vimeo.com/53819083 Uploaded 451 Plays 0 Comments
  2. # vimeo.com/54875590 Uploaded 505 Plays 0 Comments
  3. Title: Building a Web Attacker Dashboard with ModSecurity and BeEF

    Abstract

    The Browser Exploit Framework (BeEF) Project is extremely popular with application pentesters as it is a powerful tool for demonstrating the impacts of leveraging XSS vulnerabilities to achieve wider compromise into an organization. What if, however, we flipped the BeEF use-case around and instead put it in the hands of web application defenders? By using the open source ModSecurity WAF, we can dynamically hook web attackers with BeEF and monitor their activities and initiate various counter-meseasures.

    *****

    Speaker: Ryan Barnett, Lead Security Researcher, Trustwave SpiderLabs, Metro DC

    Ryan C. Barnett is renowned in the web application security industry for his unique expertise. After a decade of experience defending government and commercial websites, Ryan joined Trustwave SpiderLabs Research Team. He specializes in application defense research and leads the open source ModSecurity web application firewall project.

    In addition to his commercial work at Trustwave, Ryan is also an active contributor to many community-based security projects. He serves as the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set project leader and contributor on the OWASP Top Ten and AppSensor projects. He is a Web Application Security Consortium Board Member and leads the Web Hacking Incident Database and the Distributed Web Honeypot projects. At the SANS Institute, he is a certified instructor and contributor on the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors projects.

    Ryan is regularly consulted by news outlets who are seeking his insights and analysis on emerging web application attacks, trends and defensive techniques. Ryan is a frequent speaker and trainer at key industry events including Blackhat, SANS AppSec Summit and OWASP AppSecUSA.

    Ryan has authored two web security books with titles such as: "Preventing Web Attacks with Apache" from Pearson Publishing and the forthcoming "Web Application Defender's Cookbook: Battling Hackers and Protecting Users" from Wiley Brothers Publishing.

    *****

    Date: Thursday October 25, 2012 11:00am - 11:45am

    Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel, NTObjectives Room

    Track: Attack

    # vimeo.com/54087884 Uploaded 1,164 Plays 0 Comments
  4. Title: Securing Javascript

    Abstract

    The Web platform is hopelessly insecure, yet surprisingly, JavaScript can be transformed into a secure programming language by the subtraction of a small set of features. The design of JavaScript was influenced by Scheme. JavaScript's schemishness is the key to its salvation.

    *****

    Speaker: Douglas Crockford

    The Boss of You, PayPal
    Douglas Crockford was born in the wilds of Minnesota, but left when he was only six months old because it was just too damn cold. He is best known for having discovered that there are good parts in JavaScript. This was an important and completely unexpected discovery. He also discovered JSON, the world's best loved data interchange format.

    *****

    Date: Thursday October 25, 2012 1:00pm - 1:45pm

    Location: Location - AppSecUSA, Austin, TX. Hyatt Regency Hotel. Texas Ballroom

    # vimeo.com/54087885 Uploaded 2,398 Plays 2 Comments

Information Security

Rudy Ruiz

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.