This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 29 • 11:15am - 12:30pm
Nathan Hamiel & Shawn Moyer: Weaponizing the Web

Sign up or log in to save this to your schedule and see who's attending!

Ultimately, basing the value proposition of your site on user-generated and external content is a kind of variant on Russian Roulette, where in every turn the gun is pointed at your head, regardless of the number of players. You may win most of the time, but eventually a bullet is going to find its way into the chamber with your name on it.
We spent some time last year looking at this problem as it related specifically to Social Networks, but that left a lot of the territory unexplored. This time around we'll be talking about a previously unnoticed attack vector for lots and lots of web applications with user-generated content, and releasing a handy tool to exploit it. Bundled in are some thoughts on Web 2.0 attack surface, a few new exploitation techniques, and as in last year, a hefty helping of lulz, ridicule, and demos-of-shame at the expense of a few of your and (our) favorite sites.

Wednesday July 29, 2009 11:15am - 12:30pm
Augustus Ballroom 5-6

Attendees (130)