This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "FROC2010 Abstract Byrne2"
(Created page with '==The Presentation: "Beware of Serialized GUI Objects Bearing Data"== A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to acces…') |
m (→The Speakers: David Byrne and Rohini Sulatycki, Trustwave) |
||
| Line 5: | Line 5: | ||
==The Speakers: David Byrne and Rohini Sulatycki, Trustwave== | ==The Speakers: David Byrne and Rohini Sulatycki, Trustwave== | ||
| + | Rohini Sulatycki is a Security Consultant within the Application Security | ||
| + | practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team | ||
| + | responsible for Penetration Testing, Application Security, and Incident | ||
| + | Response testing for Trustwave's clients. | ||
| + | |||
| + | Rohini has been involved in the Information Technology industry for more | ||
| + | than 13 years. Rohini specializes in application security testing and code | ||
| + | review conducting a large number of application tests in her capacity at | ||
| + | Trustwave. Rohini has been a technical reviewer for several books and | ||
| + | publications including Java Security and IEEE Security and Privacy. Rohini | ||
| + | has presented at various security events including Black Hat. | ||
| + | |||
| + | David Byrne is a Senior Security Consultant within the Application Security | ||
| + | practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team | ||
| + | responsible for Penetration Testing, Application Security, and Incident | ||
| + | Response for Trustwave's clients. | ||
| + | |||
| + | David has been involved with information security for a decade. Before | ||
| + | Trustwave, he was the Security Architect at Dish Network. In 2008, he | ||
| + | released Grendel (grendel-scan.com), an open source web application security | ||
| + | scanner. David frequently presents at security events including DEFCON, | ||
| + | Black Hat, Toorcon, SANS, and OWASP AppSec. | ||
[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda] | [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda] | ||
Latest revision as of 18:49, 22 May 2010
The Presentation: "Beware of Serialized GUI Objects Bearing Data"
A recently discovered view state vulnerability in Apache MyFaces and Sun Mojara allows an attacker to access all server-side session data, as well as some globally-scoped application variables. The technical details of the vulnerabilities will be explained and a live demonstration will be performed. A similar vulnerability will also be demonstrated in Microsoft's ASP.Net.
The Speakers: David Byrne and Rohini Sulatycki, Trustwave
Rohini Sulatycki is a Security Consultant within the Application Security practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team responsible for Penetration Testing, Application Security, and Incident Response testing for Trustwave's clients.
Rohini has been involved in the Information Technology industry for more than 13 years. Rohini specializes in application security testing and code review conducting a large number of application tests in her capacity at Trustwave. Rohini has been a technical reviewer for several books and publications including Java Security and IEEE Security and Privacy. Rohini has presented at various security events including Black Hat.
David Byrne is a Senior Security Consultant within the Application Security practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team responsible for Penetration Testing, Application Security, and Incident Response for Trustwave's clients.
David has been involved with information security for a decade. Before Trustwave, he was the Security Architect at Dish Network. In 2008, he released Grendel (grendel-scan.com), an open source web application security scanner. David frequently presents at security events including DEFCON, Black Hat, Toorcon, SANS, and OWASP AppSec.
