FYI - Reminder message about the Singapore Linux October Meetup on this
Wednesday:
http://linux.meetup.com/5/calendar/6388157/
--
Hi all,
Ok, the special dish that we are whipping up this week is Web Security -
served by Mr Deeþan Chakravarthy:
Synopses of Talk:
*****************************************
XSS (Cross Site Scripting), CSRF (Cross Site Reverse Forgery),
CRLF(Carriage Return, Line Feed), RFI(Remote File Injection, SQL
injection are some of the generally techniques used by attackers to
evade web security. I will explain each type of attack with a POC (proof
of concept) and also explain some of the famous tools WebScarab,
XSS-Proxy, Yahoo pipes, Google Mashup editor, Cal9000 that are very
useful for security professionals. Will also analyze the source code
Samy's cross site scripting worm, in detail and the techniques he used
to breach Myspace security. Will also touch upon the general techniques
people use to evade default filters uses by websites to scan for
javascript and other malicious code in user input. Using google code
search is another way to hunt down software with security holes. For
example searching for searching for the PATH_INFO in the code. Will
touch upon how Fragment identifier (#sign) can be used to inject long JS
strings into user inputs with very limited length.
************************************
See ya all!
regards,
Darrel
_______________________________________________
Slugnet mailing list
[email protected]
http://www.lugs.org.sg/mailman/listinfo/slugnet
