This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "2010 BASC Presentations"
Tom Conner (talk | contribs) |
Tom Conner (talk | contribs) |
||
| Line 7: | Line 7: | ||
{{2010_BASC:Presentaton_Info_Template|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky|11|1}} | {{2010_BASC:Presentaton_Info_Template|A Crumple Zone for Service Oriented Architectures|Andrew Gronosky|11|1}} | ||
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design for Java RMI based services and compare it with web application firewalls. | We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design for Java RMI based services and compare it with web application firewalls. | ||
| − | {{2010_BASC:Presentaton_Info_Template| | + | {{2010_BASC:Presentaton_Info_Template|Hacking SAP BusinessObjects|Joshua Abraham and Will Vandevanter|13|1}} |
| − | + | BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research. | |
{{2010_BASC:Presentaton_Info_Template|Another TBD Presentation|To Be Determined|14|1}} | {{2010_BASC:Presentaton_Info_Template|Another TBD Presentation|To Be Determined|14|1}} | ||
abst | abst | ||
{{2010_BASC:Presentaton_Info_Template|Another TBD Presentation|To Be Determined|15|1}} | {{2010_BASC:Presentaton_Info_Template|Another TBD Presentation|To Be Determined|15|1}} | ||
abstr | abstr | ||
| − | {{2010_BASC:Presentaton_Info_Template| | + | {{2010_BASC:Presentaton_Info_Template|The Exploit Arms Race|Christien Rioux|16|1}} |
| − | + | As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time Stack Checking, DEP and ASLR, from attacks like trampolining, | |
| + | return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software. | ||
{{2010_BASC:Presentaton_Info_Template|Another TBD Presentation|To Be Determined|10|2}} | {{2010_BASC:Presentaton_Info_Template|Another TBD Presentation|To Be Determined|10|2}} | ||
abstr | abstr | ||
Revision as of 17:13, 15 November 2010
 |
 |
||
 |
|||
 |
 |
||
We kindly thank our sponsors for their support. Please help us keep future BASCs free by viewing and visiting all of our sponsors.
- 1 Presentations
- 1.1 HTML5 Security
- 1.2 A Crumple Zone for Service Oriented Architectures
- 1.3 Hacking SAP BusinessObjects
- 1.4 Another TBD Presentation
- 1.5 Another TBD Presentation
- 1.6 The Exploit Arms Race
- 1.7 Another TBD Presentation
- 1.8 Another TBD Presentation
- 1.9 Another TBD Presentation
- 1.10 Another TBD Presentation
- 1.11 Another TBD Presentation
- 1.12 Another TBD Presentation
Presentations
We would like to thank our speakers for donating their time and effort to help make this conference successful and free.
HTML5 Security
The power of HTML5 allows developers to create web applications not just structured content, but its new features has increased the attack surface. This presentation will demo and discuss new attack opportunities, particularly on client machines, including abusing the offline application cache and SQL injection via file-based client-side databases.
A Crumple Zone for Service Oriented Architectures
We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design for Java RMI based services and compare it with web application firewalls.
Hacking SAP BusinessObjects
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.
Another TBD Presentation
abst
Another TBD Presentation
abstr
The Exploit Arms Race
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time Stack Checking, DEP and ASLR, from attacks like trampolining, return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.
Another TBD Presentation
abstr
Another TBD Presentation
abstr
Another TBD Presentation
abstr
Another TBD Presentation
abst
Another TBD Presentation
abstr
Another TBD Presentation
abstr
We kindly thank our sponsors for their support.
Please help us keep future BASCs free by viewing and visiting all of our sponsors.
| Gold Sponsors | |||
 |
 |
 |
 |
