https://wiki.owasp.org/index.php?action=history&feed=atom&title=Los_Angeles%2F2008_Meetings%2FNovember_19Los Angeles/2008 Meetings/November 19 - Revision history2026-04-26T14:51:51ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Los_Angeles/2008_Meetings/November_19&diff=111316&oldid=prevSarah Baso: Created page with "== Topic: A new web attack vector: [http://www.eweek.com/c/a/Security/Security-Researcher-to-Reveal-New-Web-Attack-Vector/ Script Fragmentation] == == Speaker: Stephan Chenett..."2011-05-31T19:56:15Z<p>Created page with "== Topic: A new web attack vector: [http://www.eweek.com/c/a/Security/Security-Researcher-to-Reveal-New-Web-Attack-Vector/ Script Fragmentation] == == Speaker: Stephan Chenett..."</p>
<p><b>New page</b></p><div>== Topic: A new web attack vector: [http://www.eweek.com/c/a/Security/Security-Researcher-to-Reveal-New-Web-Attack-Vector/ Script Fragmentation] ==<br />
<br />
<br />
<br />
== Speaker: Stephan Chenette ==<br />
Stephan Chenette is a Senior Security Researcher who helps lead Websense Security<br />
Labs working on malcode detection techniques. Mr. Chenette specializes<br />
in research tools ranging from kernel-land sandboxes, to static<br />
analysis scanners. He has released public analyses on various<br />
vulnerabilities and malware. Prior to joining Websense, Stephan was a<br />
security software engineer for 4 years working in research and product<br />
development at eEye Digital Security.<br><br><br />
<br />
== Abstract: A new web attack vector: [http://www.eweek.com/c/a/Security/Security-Researcher-to-Reveal-New-Web-Attack-Vector/ Script Fragmentation] ==<br />
<br />
This presentation will introduce a new web-based attack vector which<br />
utilizes client-side scripting to fragment malicious web content.<br><br />
<br />
This involves distributing web exploits in a asynchronous manner to<br />
evade signature detection. Similar to TCP fragmentation attacks, which<br />
are still an issue in current IDS/IPS products, This attack vector<br />
involves sending any web exploit in fragments and uses the already<br />
existing components within the web browser to reassemble and execute<br />
the exploit.<br><br />
<br />
Our presentation will discuss this attack vector used to evade both<br />
gateway and client side detection. We will show several proof of<br />
concepts containing common readily available web exploits.<br><br></div>Sarah Baso