This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Netherlands May 14, 2013"
(Created page with "= May 14, 2013 = "In this Chapter meeting we will not REST until we have designed an access control mechanism to protect your web services..." ==Programme== :18:30 - 19:15 R...") |
|||
| Line 13: | Line 13: | ||
Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts. | Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts. | ||
| − | === | + | ===Discovering flaws using JS-Enabled crawlers=== |
| + | Automated testing of security faults on a web page is common practice these days. However, most modern web application aren't a set of pages anymore. They load their content dynamically using AJAX and tailor the results to the user's needs using JavaScript. Running the automated tools on these applications is much harder, if not impossible. Using Crawljax, a JavaScript enabled Crawler, testing all pages and states of such web applications becomes possible again. In this presentation, I will give an overview of the possibilities Crawljax offers. | ||
| + | |||
==Speakers== | ==Speakers== | ||
===Dennis Andriesse=== | ===Dennis Andriesse=== | ||
Dennis Andriesse is a Ph.D. candidate in the System and Network Security Group at VU University Amsterdam. His research focuses on binary code (de)obfuscation and reverse engineering techniques. Next to that, he is also interested in advanced malware, particularly in the resilience of peer-to-peer botnets. | Dennis Andriesse is a Ph.D. candidate in the System and Network Security Group at VU University Amsterdam. His research focuses on binary code (de)obfuscation and reverse engineering techniques. Next to that, he is also interested in advanced malware, particularly in the resilience of peer-to-peer botnets. | ||
| − | === | + | ===Alex Nederlof=== |
| + | Alex Nederlof is a Msc student in Compute Science, Software Engineering. Active in web application development for 4 years at E.Novation BTC. Now working on Crawljax, a JavaScript-enabled Crawler. | ||
| + | |||
| + | ==Venue== | ||
| + | Avans Hogeschool | ||
| + | Room: OB007 | ||
| + | Onderwijsboulevard 215 | ||
| + | 5223 DE 's-Hertogenbosch | ||
Revision as of 15:45, 15 April 2013
May 14, 2013
"In this Chapter meeting we will not REST until we have designed an access control mechanism to protect your web services..."
Programme
- 18:30 - 19:15 Registration & Pizza
- 19:15 - 20:00
- 20:00 - 20:15 Break
- 20:15 - 21:00
- 21:00 - 21:30 Networking
Presentations
Neutralizing Peer-to-Peer Botnets
This presentation is a case study on our takedown efforts against state-of-the-art peer-to-peer botnets. Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts.
Discovering flaws using JS-Enabled crawlers
Automated testing of security faults on a web page is common practice these days. However, most modern web application aren't a set of pages anymore. They load their content dynamically using AJAX and tailor the results to the user's needs using JavaScript. Running the automated tools on these applications is much harder, if not impossible. Using Crawljax, a JavaScript enabled Crawler, testing all pages and states of such web applications becomes possible again. In this presentation, I will give an overview of the possibilities Crawljax offers.
Speakers
Dennis Andriesse
Dennis Andriesse is a Ph.D. candidate in the System and Network Security Group at VU University Amsterdam. His research focuses on binary code (de)obfuscation and reverse engineering techniques. Next to that, he is also interested in advanced malware, particularly in the resilience of peer-to-peer botnets.
Alex Nederlof
Alex Nederlof is a Msc student in Compute Science, Software Engineering. Active in web application development for 4 years at E.Novation BTC. Now working on Crawljax, a JavaScript-enabled Crawler.
Venue
Avans Hogeschool Room: OB007 Onderwijsboulevard 215 5223 DE 's-Hertogenbosch
