tssci security

Blog Announcements

I have one ShmooCon ticket available for $300. Contact me if you are interested.

Why do I have one ShmooCon ticket for sale? I bought it in case we didn't get accepted to ShmooCon, but we did! Dre, Tom Stracener of Cenzic (and formerly nCircle), and I will be giving a talk on:

Path X: Explosive Security Testing Tools Using XPath We will cover what XPath is, how it is used to parse XML in web applications in order to aid security testing tools, and why XPath expressions are good locators in comparison to other methods such as DOM or CSS selectors. We will attempt to demonstrate how XPath can be used for good instead of being targeted with injection or blind XPath injection attacks.

Check the ShmooCon Speakers list for all the talks. If you're going to ShmooCon as well and want to hang out, post a comment. We can't wait for this years Podcasters Meetup -- last years totally rocked. There is going to be a lot happening and it's all going to be a lot of fun.

New Look

We have changed our look slightly and have a new theme. You might not notice much of a difference if all you read is our RSS. We hope that the new theme makes it easier for those who come to our site be able to read longer posts more easily. Not to mention, it's faster, simpler, and cleaner... and I had it validating XHTML 1.0 Strict on my staging server, but not anymore. If anyone can help me out that'd be great, getting 100% Strict validation was pretty cool for those 15 minutes. :/

Research

Dre and I have been pouring a ton of research into web testing tools and using those tools to find vulnerabilities in web applications. Some coincides with the information we have put into our talk, which we will be publishing soon.

Posted by Marcin on Monday, January 28, 2008 in Conferences, Other and Security.

blog comments powered by Disqus
blog comments powered by Disqus