Friday, March 21, 2008

Upcoming conference presentations

I'll present The XSS Epidemic: Discovery, Disclosure, and Remediation at the 2008 ISSA NW Regional Security Conference on April 23rd, 2008, in Olympia, WA:
In the same mindset of a "month of browser, Mac OS X, PHP, etc. bugs" I challenged myself to find and report as many XSS (cross site scripting) vulnerabilities as possible in a 30 day period. The result was well more than 100 vulnerabilities in sites ranging from General Motors to George Mason University, 6 Secunia/CVE advisories for weak software, and a raging debate over the value of ScanAlert’s Hacker Safe label.
Our discussion will include a technical dive into this epidemic, including methodology, tools, examples, inherent risks, and the need to aid the Internet community in remediating this issue as well other web application security lapses.

I'll also present Malcode Analysis Techniques for Incident Handlers at the 20th Annual FIRST Conference in Vancouver, B.C. on June 25th, 2008. Details here.

Sunday, March 16, 2008

RAPIER featured in SANS Ask The Expert Webcast

I gave an overview of RAPIER during a SANS Ask The Expert Webcast,
Malcode Analysis and Response: Proficiency vs. Complexity on March 20th, 2008.
"The threat landscape changes constantly, driven in part by the "bot economy" and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover the use of RAPIER, a security tool built to facilitate first response procedures for incident handling. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. From detection and discovery, capture and containment, count on a useful discussion meant to further your incident response practices."
You can listen to the stream and/or view the slides here.

Moving blog to

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...