Recording December 20, 2008
- Stephen Craig Evans - Jim Manico is a Web Application Architect and Security Instructor for Aspect Security.
- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model - December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution - December 8, 2008 - 4 XSS flaws hit Facebook
Interview withStephen Craig Evans
- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
arshan: http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html also looks like crazy news running native code over the web if your code passes a static analysis check is the static analyzer using whitelist or blacklist rules? bypass = arbitrary native code, by design fukami had some interesting findings in bypassing binary analysis (in flash, but still interesting) http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html thats big news michael zalewski dumped core
Sent at 4:50 PM on Wednesday jim: one sec, brb
Sent at 4:50 PM on Wednesday jim: have you seed https://www.owasp.org/index.php/Podcast_2 seen... edit it man edit it its crying to be edited
arshan: you want me to put my zings up there? it will be lame - we don't even need nodes notes* imho
arshan: why listen when you can read the notes
jim: bring on the magic arshan juice dont hold back
arshan: makes it look so pre planned
jim: first, you need to goto owasp.org and press the "login" button in the upper right