Dc: /* The Speakers: David Byrne and Rohini Sulatycki, Trustwave */

2010-05-22T18:49:18Z

‎The Speakers: David Byrne and Rohini Sulatycki, Trustwave

Dc: Created page with '==The Presentation: "Beware of Serialized GUI Objects Bearing Data"== A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to acces…'

2010-05-12T21:05:31Z

Created page with '==The Presentation: "Beware of Serialized GUI Objects Bearing Data"== A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to acces…'

New page

==The Presentation: "Beware of Serialized GUI Objects Bearing Data"==

A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to access all server-side session data, as well as some globally-scoped application variables. The technical details of the vulnerabilities will be explained and a live demonstration will be performed. A similar vulnerability will also be demonstrated in Microsoft's ASP.Net.

==The Speakers: David Byrne and Rohini Sulatycki, Trustwave==

[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]

← Older revision		Revision as of 18:49, 22 May 2010
Line 5:		Line 5:

	==The Speakers: David Byrne and Rohini Sulatycki, Trustwave==		==The Speakers: David Byrne and Rohini Sulatycki, Trustwave==
		+	Rohini Sulatycki is a Security Consultant within the Application Security
		+	practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team
		+	responsible for Penetration Testing, Application Security, and Incident
		+	Response testing for Trustwave's clients.
		+
		+	Rohini has been involved in the Information Technology industry for more
		+	than 13 years. Rohini specializes in application security testing and code
		+	review conducting a large number of application tests in her capacity at
		+	Trustwave. Rohini has been a technical reviewer for several books and
		+	publications including Java Security and IEEE Security and Privacy. Rohini
		+	has presented at various security events including Black Hat.
		+
		+	David Byrne is a Senior Security Consultant within the Application Security
		+	practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team
		+	responsible for Penetration Testing, Application Security, and Incident
		+	Response for Trustwave's clients.
		+
		+	David has been involved with information security for a decade. Before
		+	Trustwave, he was the Security Architect at Dish Network. In 2008, he
		+	released Grendel (grendel-scan.com), an open source web application security
		+	scanner. David frequently presents at security events including DEFCON,
		+	Black Hat, Toorcon, SANS, and OWASP AppSec.



	[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]		[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]

FROC2010 Abstract Byrne2 - Revision history

Dc: /* The Speakers: David Byrne and Rohini Sulatycki, Trustwave */

Dc: Created page with '==The Presentation: "Beware of Serialized GUI Objects Bearing Data"== A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to acces…'