I'm theoretically interested in theoretical papers, but as an engineer, I'm continually frustrated that most of the focus in security seems to be on exploits and breaking things, rather than on techniques and tools that can be used for hardening and preventing attacks.
I'm moving around my security website at http://hardenwebapps.com/ to be more focused on tools and techniques vs just listing out the attacks and "how to get pwned" exploits, but I don't find XSS attacks or fuzzing intrinsically interesting. I'd be more interested in a tool that made XSS / fuzzing attacks impossible. Will. On Fri, Nov 22, 2013 at 12:22 AM, Sashank Dara <[email protected]>wrote: > just my 2 cents . > > Recently i gave a talk on langsec internally for big room of engineers . > frankly teaching science to engineers is difficult . I lost my audience > the moment i showed them chomsky hierarcy and talking stuff like grammars > and rules . they sounded more theoretical . Usually engineers want to see > more concrete things , things in action . I did mention libdejector and > Haskell based IP Stack that comes close to langsec . I did mention that > fuzzing based testing is not enough. > > So if possible some tools developed based on langsec principles to hack > popular protocols as demos might get more interest . > making them available as open source might further help to people play > around with them . > > > > Regards, > Sashank > http://lnkd.in/88sgfr > > > On Fri, Nov 22, 2013 at 8:13 AM, Sergey Bratus <[email protected]>wrote: > >> Hi Will, >> >> We are soliciting papers on research and/or case studies as per the >> CFP, will have the Program Committee review them, and have the accepted >> papers presented by the authors at the workshop, with audience >> participation. We will have an invited keynote or two. We will also hold a >> discussion on the directions of the field in some form. >> >> We are very open to suggestions of how to make it interesting to >> attend for all researchers, programmers, and hackers interested in the >> topic! >> >> Thank you, >> >> --Sergey >> >> >> On Thu, 21 Nov 2013, Will Sargent wrote: >> >> What happens at the workshop? >>> >>> Will. >>> >>> >>> On Wed, Nov 20, 2013 at 8:56 PM, Sergey Bratus <[email protected]> >>> wrote: >>> >>> Dear All, >>>> >>>> We will hold a LangSec workshop as a part of the IEEE CS Security and >>>> Privacy Workshops (http://www.ieee-security.org/TC/SPW2014/index.html), >>>> co-located with the Symposium on Security and Privacy at the Fairmont >>>> San >>>> Jose Hotel. Our workshop will be a full-day workshop on Sunday May 18, >>>> 2014. >>>> >>>> The CFP and other info is now posted at http://spw14.langsec.org/ . >>>> Please feel free to advertise and suggest it to potential sponsors! We >>>> would like to work out a way to waive or reduce the registration fees >>>> for >>>> industry programmers, students, hackers and enthusiasts. >>>> >>>> Needless to say, please do submit your research or case study papers! >>>> >>>> Thank you very much & hoping to see you at the workshop, >>>> >>>> --Sergey >>>> _______________________________________________ >>>> langsec-discuss mailing list >>>> [email protected] >>>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >>>> >>>> >>> _______________________________________________ >> langsec-discuss mailing list >> [email protected] >> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >> > >
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
