|
02/15/2007, 10:15 AM - 11:15 AM
Speaker:
Matt Fisher, Senior Security Engineer, Spi Dynamics.
Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat ? So do the bad guys and we'll examine some of the factors going into the "new web" that makes them so vulnerable to script attacks. Think you can't do much harm with Javascript ? Think again. But don't forget about SQL Injection; come learn the basics in a clearly articulated format, advanced techniques and some more advanced exploits. Many people know the basics of SQL Injection, but they don't necessarily understand all it's nuances, and few even understand the real fix for it (hint, it's not input validation, nor is it even stored procedures)
|
