comments (not for humans)
I'm just back from the security conference Blackhat Amsterdam 2007. It was a great trip and I met a lot of interesting people.

Blackhat training
I attended the Web application (in)security training held by Marcus Pinto and Dafydd Stuttard from NGS Software. The training was divided into modules covering the different security issues web developers face, and for each module we were given tasks where we could try to exploit security issues in a web site. Marcus and Dafydd are very knowledgable guys, and they sprinkled the lessons with anonymized real-life examples from their work. Overall it was a great course, and I recommend it to any web developer out there.

Blackhat briefings
The briefings had a lot of different presentations on everything from rootkits to web security. Adam Laurie's talk on RFID was one of the best talks. He's just a good presenter and covered a lot of interesting topics (RFID cloning, opening hotel safes(!) etc.). Toshinari Kureha held an interesting presentation on using aspect oriented programming together with automated web scanners to detect security issues like SQL-injection. I also want to mention Billy K. Rios and Raghav Dube's "Kicking Down the Cross Domain Door (One XSS at a Time)", which was an interesting presentation on how an attacker could use Cross site scripting errors to hack other web sites from your browser.

The city
Amsterdam is really beautiful city with a lot of canals and interesting architecture. We made a visit to Bodies - the exhibition which gives a unique look into how your body works and is put together. We also got a feel of the dutch culture when visiting a pub during the soccer match between the Netherlands and Slovenia. Great fun.

Comments closed for this post