User contributions

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

• 00:06, 4 August 2009 (diff | hist) . . (+2,301)‎ . . N Techniques in Attacking and Defending XML/Web Services ‎ (Created page with '== The presentation == rightWeb Services-based application integration pulls corporations towards "opening up" internal systems for other system…') (current)
• 00:02, 4 August 2009 (diff | hist) . . (+1,786)‎ . . N Malicious Developers and Enterprise Java Rootkits ‎ (Created page with '== The presentation == rightHow much would it cost to convince a developer to insert a few special lines of Java in your application? Would you …')
• 00:01, 4 August 2009 (diff | hist) . . (-1)‎ . . m Defend Yourself: Integrating Real Time Defenses into Online Applications ‎
• 00:01, 4 August 2009 (diff | hist) . . (+1,623)‎ . . N DISA's Application Security and Development STIG: How OWASP Can Help You ‎ (Created page with '== The presentation == rightIn July 2008, the Defense Information Systems Agency (DISA) released the first enforceable version of its Applicatio…')
• 23:55, 3 August 2009 (diff | hist) . . (+2,715)‎ . . N OWASP Live CD: An open environment for Web Application Security. ‎ (Created page with '== The presentation == rightThe OWASP Live CD is a project that collects some of the best open source security projects in a single environment.…') (current)
• 23:54, 3 August 2009 (diff | hist) . . (-2)‎ . . m When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies ‎ (current)
• 23:53, 3 August 2009 (diff | hist) . . (+1,759)‎ . . N When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies ‎ (Created page with '== The presentation == rightWeb 2.0 - love it or hate it, the technology driving the highly interactive web experience is in your browser and co…')
• 23:51, 3 August 2009 (diff | hist) . . (+3)‎ . . SANS Dshield Webhoneypot Project ‎
• 23:50, 3 August 2009 (diff | hist) . . (+1,458)‎ . . N SANS Dshield Webhoneypot Project ‎ (Created page with '== The presentation == rightThe DShield project has been providing the information security industry with early attack warning data for over 8 y…')
• 23:49, 3 August 2009 (diff | hist) . . (-1)‎ . . m Software Assurance Maturity Model (SAMM) ‎
• 23:48, 3 August 2009 (diff | hist) . . (+2,034)‎ . . N Vulnerability Management in an Application Security World ‎ (Created page with '== The presentation == rightIdentifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actua…')
• 21:50, 3 August 2009 (diff | hist) . . (+1,930)‎ . . N The essential role of infosec in secure software development ‎ (Created page with '== The presentation == rightSecure software development won't succeed without substantial collaboration among the infosec teams in an organizati…') (current)
• 21:49, 3 August 2009 (diff | hist) . . (+1,898)‎ . . N The Entrepreneur's Guide to Career Management ‎ (Created page with '== The presentation == rightAs the Information Security profession continue to mature, the competition for highly sought after positions will co…') (current)
• 21:48, 3 August 2009 (diff | hist) . . (+2,063)‎ . . N Finding the Hotspots: Web-security testing with the Watcher tool ‎ (Created page with '== The presentation == rightPen-testers like to find bugs. Auditors like to find issues. Developers wish they would all go away. And what's ever…')
• 21:47, 3 August 2009 (diff | hist) . . (+1,817)‎ . . N Building an in-house application security assessment team ‎ (Created page with '== The presentation == rightLike many companies, Boeing historically relied on contracted security vendors to provide various IT security assess…')
• 21:46, 3 August 2009 (diff | hist) . . (+1,516)‎ . . N The OWASP Security Spending Benchmarks Project ‎ (Created page with '== The presentation == rightHow much security spending is enough when developing web applications? There are few, if any, industry standard benc…') (current)
• 21:45, 3 August 2009 (diff | hist) . . (+2,726)‎ . . N Securing the Core JEE Patterns ‎ (Created page with '== The presentation == rightThe demand to integrate security into early development activities has accelerated in recent years. The Core J2EE De…') (current)
• 21:44, 3 August 2009 (diff | hist) . . (+2,046)‎ . . N Secure SDLC: The Good, The Bad, and The Ugly ‎ (Created page with '== The presentation == rightThis isn't your father's Secure SDLC talk folks! Join Joey Peloquin, Director of Application Security at FishNet Se…')
• 21:39, 3 August 2009 (diff | hist) . . (+2,041)‎ . . N SCAP: Automating our way out of the Vulnerability Wheel of Pain ‎ (Created page with '== The presentation == rightThe harsh economic climate has hit us all in some way. Budgets are trimmed and spending is down. We are continuously…')
• 20:43, 3 August 2009 (diff | hist) . . (+1,626)‎ . . N Unicode Transformations: Finding Elusive Vulnerabilities ‎ (Created page with '== The presentation == rightThe complex landscape of Unicode provides many angles for exploiting software and end users. We've known about some …') (current)
• 20:41, 3 August 2009 (diff | hist) . . (+812)‎ . . N OWASP ESAPI ‎ (Created page with '== The presentation == rightPresentation on the OWASP Enterprise Security API. == The speakers == Jeff has specialized in information securit…')
• 20:39, 3 August 2009 (diff | hist) . . (+2,375)‎ . . N Understanding the Implications of Cloud Computing on Application Security ‎ (Created page with '== The presentation == rightCloud Computing paradigms spell fundamental changes for where your applications run, the platforms on which they run…')
• 20:35, 3 August 2009 (diff | hist) . . (0)‎ . . m Automated vs. Manual Security: You can't filter The Stupid ‎
• 20:34, 3 August 2009 (diff | hist) . . (+1,718)‎ . . N Automated vs. Manual Security: You can't filter The Stupid ‎ (Created page with '== The presentation == rightEveryone wants to stretch their security budget, and automated application security tools are an appealing choice fo…')
• 20:33, 3 August 2009 (diff | hist) . . (+2,023)‎ . . N Development Issues Within AJAX Applications: How to Divert Threats ‎ (Created page with '== The presentation == rightAJAX has rapidly emerged as a prominent enabling technology in the movement to improve the Web as a software platfor…')
• 20:31, 3 August 2009 (diff | hist) . . (+2,033)‎ . . N Is your organization secured against internal threats? ‎ (Created page with '== The presentation == rightAccording to some industry statistics, as much as 70% of all cyberattacks could be related to insiders. While organi…')
• 20:30, 3 August 2009 (diff | hist) . . (+1,447)‎ . . N Application security metrics from the organization on down to the vulnerabilities ‎ (Created page with '== The presentation == rightApplication security metrics are valuable today yet are still evolving. The best place to start is organizational me…')
• 20:28, 3 August 2009 (diff | hist) . . (+1,971)‎ . . N Improving application security after an incident ‎ (Created page with '== The presentation == rightWhen an enterprise suffers an application security incident, a whirlwind of activity takes place to triage the immed…') (current)
• 20:26, 3 August 2009 (diff | hist) . . (-1)‎ . . Transparent Proxy Abuse ‎
• 20:25, 3 August 2009 (diff | hist) . . (-1)‎ . . Advanced SQL Injection ‎
• 20:25, 3 August 2009 (diff | hist) . . (-1)‎ . . Threat Modeling by John Steven ‎ (current)
• 20:24, 3 August 2009 (diff | hist) . . (-1)‎ . . Secure Software Updates: Update Like Conficker ‎ (current)
• 20:24, 3 August 2009 (diff | hist) . . (+106)‎ . . The Big Picture: Web Risks and Assessments Beyond Scanning ‎
• 20:21, 3 August 2009 (diff | hist) . . (+3,143)‎ . . N Social Zombies: Your Friends Want to Eat Your Brains ‎ (Created page with '== The presentation == rightIn Social Zombies: Your Friends want to eat Your Brains, Tom Eston and Kevin Johnson explore the various concerns re…')
• 20:19, 3 August 2009 (diff | hist) . . (+2,544)‎ . . N Threat Modeling by John Steven ‎ (Created page with '== The presentation == rightHow will attackers break your web application? How much security testing is enough? Do I have to worry about insider…')
• 20:07, 3 August 2009 (diff | hist) . . (+2,266)‎ . . N Secure Software Updates: Update Like Conficker ‎ (Created page with '== The presentation == rightSoftware updates are an often forgotten backbone of modern software. The one constant for a piece of deployed softwa…')
• 20:04, 3 August 2009 (diff | hist) . . (+1,306)‎ . . N Advanced SQL Injection ‎ (Created page with '== The presentation == rightSQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability…')
• 20:04, 3 August 2009 (diff | hist) . . (+1,169)‎ . . N Transparent Proxy Abuse ‎ (Created page with '== The presentation == rightTransparent proxies allow organizations to influence and monitor the traffic from its users without their knowledge …')
• 19:41, 3 August 2009 (diff | hist) . . (+1,896)‎ . . N Manipulating Web Application Interfaces, a new approach to input validation ‎ (Created page with '== The presentation == rightThis talk will suggest a new approach for web application input validation testing and introduce Groundspeed, an ope…')
• 19:40, 3 August 2009 (diff | hist) . . (+1,596)‎ . . N The Web Hacking Incidents Database ‎ (Created page with '== The presentation == rightThe web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a…')
• 19:38, 3 August 2009 (diff | hist) . . (+1,938)‎ . . N OWASP ModSecurity Core Rule Set Project ‎ (Created page with '== The presentation == rightThe ModSecurity Core Rule Set (CRS) is a free, generic set of web application firewall rules that provide valuable p…')
• 19:35, 3 August 2009 (diff | hist) . . (+1,628)‎ . . N Defend Yourself: Integrating Real Time Defenses into Online Applications ‎ (Created page with '== The presentation == rightAsk any attacker how many attempts it takes them to successfully exploit a vulnerability - two attempts, three, five…')
• 19:30, 3 August 2009 (diff | hist) . . (+2,330)‎ . . N Fracturing Flex For Fun- An Alliterative Attackers Approach ‎ (Created page with '== The presentation == rightAs Flash has evolved over the last several years, the programming paradigm has shifted from timeline-based movies to…') (current)
• 19:27, 3 August 2009 (diff | hist) . . (+2,144)‎ . . N Software Assurance Maturity Model (SAMM) ‎ (Created page with '== The presentation == rightThe Software Assurance Maturity Model (SAMM) (http://www.opensamm.org) is a flexible and prescriptive framework for …')
• 02:21, 31 July 2009 (diff | hist) . . (+38)‎ . . Cloudy with a chance of 0-day ‎ (current)
• 02:14, 31 July 2009 (diff | hist) . . (-43)‎ . . m Cloudy with a chance of 0-day ‎
• 01:57, 31 July 2009 (diff | hist) . . (+55)‎ . . Cloudy with a chance of 0-day ‎
• 01:49, 31 July 2009 (diff | hist) . . (+2,372)‎ . . N Cloudy with a chance of 0-day ‎ (Created page with '== The presentation == This talk provides a brief overview of cloud computing, and reveals the security risks of moving into the clouds. The concept behind cloud computing is si…')
• 11:08, 26 June 2006 (diff | hist) . . (+2)‎ . . Code Review Introduction ‎ (→‎Introduction)
• 11:31, 5 June 2006 (diff | hist) . . (+1)‎ . . Data Validation (Code Review) ‎

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)