This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

User:Michael Brooks

From OWASP
Revision as of 00:20, 16 May 2010 by KateHartmann (talk | contribs) (Creating user page with biography of new user.)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

I have spoken at Defcon and Blackhat multiple times, and I'm looking forward to speaking at the Phoenix OWASP chapter in July. I write exploit code (http://milw0rm.com/author/677). According to the Department Of Homeland Security I have found the most dangerous CSRF vulnerability ever found (https://www.kb.cert.org/vuls/id/643049), and it is in the top 1000 most dangerous vulnerabilities ever discovered. I am also the top security expert on StackOverflow.com (The Rook: http://stackoverflow.com/questions/tagged?tagnames=security&sort=stats&pagesize=50).

The reason why I am signing up for an account right now is becuase the CSRF page has a rather serious typo. XSS can be used to bypass referer checks as easily as it can be used to bypass token checks. The Sammy worm used an XHR to obtain the token to forge reqeusts, I have also written an exploit to do this (http://milw0rm.com/exploits/7922). I would also like to contribute to OWASP in other ways.

Retrieved from "https://wiki.owasp.org/index.php?title=User:Michael_Brooks&oldid=83558"