is there any English version of this site available --Hakuna
On 3/16/07, Gadi Evron <[EMAIL PROTECTED]> wrote: > TAUSEC - The Security Forum, hosted by Tel-Aviv University, next meeting > will take place on: Sunday, March 18, at 18:30. > > Location: Tel-Aviv University, Lev Auditorium > Map: http://www2.tau.ac.il/map/unimapl1.asp > > Attendance is free, light refreshments will be served > > Schedule: > --------- > 18:30 - A taxonomy & tool for automated vulnerability chaining and path > discovery Topic Synopsis > - Toby Kohlenberg > > Level: Technical/High > Language: English > > Abstract: > > ----------------- > > Vulnerabilities are occurring with increasing frequency and the > resources required to manage mitigation are increasing in parallel. > > Unfortunately, current best practices still evaluate the majority of > vulnerabilities as unique unrelated events. This method of evaluation is > an understandable choice but does not accurately reflect how the > vulnerabilities may be used by attackers. In this project we attempted > to find a way to evaluate combinations of vulnerabilities in an > automated fashion. > > We created a taxonomy that allows us to describe vulnerabilities and > their connections to each other. We then used these descriptions to > create a graph showing the interconnections between the vulnerabilities > and used that to find pathways to complete system compromise. > > The system we used to judge the effectiveness of this approach is a > feature rich web application which allows a user to quickly and easily > describe a vulnerability and its interactions and then explore its > relationship to other vulnerabilities. > > ----------------- > > > Sicne the lecture begins late, we will have only one speaker. > > More details and past lectures can be seen at: > http://www.cs.tau.ac.il/tausec/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
