Application Security USA 2013 – live blog index

Main menu:

Topics

Recent Posts

Feeds

RSS Feed RSS - Posts

November 2013
M T W T F S S
« Oct   Dec »
 123
45678910
11121314151617
18192021222324
252627282930  

Past Posts

Java/Java EE

JDBC

Other

Archive for November, 2013

Application Security USA 2013 – live blog index

November 24th, 2013 by Jeanne Boyarsky

I attended the Application Security USA conference this year. Similar to The Server Side Symposium two years ago, ago, I blogged about it.  This post a link to all of those blog posts.  For readers in the New York City area, OWASP has a quarterly meetup.  I’ve gone to the last three or so and […]

csrf defenses at app sec usa

November 21st, 2013 by Jeanne Boyarsky

speaker: Ari Elias-Bachrach Overview Most defenses work 80% of the time. Does your app fall into the 80%? CSRF sometimes pronounced c-surf CSRF attack uses browser to perform action without user consent Vulnerable if all params predictable. Then can put url in image tag. Or use JavaScript to submit (need for post) If have multiple […]

application risk and components at app sec usa – jeff williams’ part

November 21st, 2013 by Jeanne Boyarsky

Thesis: Need to rethink how things work so they happen real time. Aspect does a lot of code review and manual testing. That’s why they don’t have XSS and System.out.println() as the leading items. Static analysis tools are good at finding that. Stats 98% of apps have at least one vulnerability On average, Apsect uncovers […]