August 17, 2008 - 14:53 UTC - Tags:
This year I attended Blackhat USA for the first time, and it was also my first trip to Las Vegas.
The training
I attended the "Hacking by Numbers: Web 2.0" training by Sensepost, and unfortunately was a bit disappointed. No doubt Haroon Meer has tons of knowledge about web security and does well in presenting it, but I don't feel the content fit the title. I would expect a lot more focus on web 2.0. Yes, I know the Web 2.0 security issues are mostly the same as Web 1.0 (injection attacks, XSS etc.), but I would at least expect the tasks to focus on those errors from a Web 2.0 perspective. I was also a bit disappointed that they skipped the foil on javascript hijacking. All in all I would say that this is a good training, but not if you allready know quite a lot about Web 1.0 security.
The briefings
There were a lot of great talks. Jeremiah Grossman and Arian Evans, from Whitehat Security, presented some interesting finds in their "Get Rich or Die Trying - Making Money on the Web, the Black Hat Way" talk. Also RSnake and Tom Stracener's talk on "Xploiting Google Gadgets: Gmalware and Beyond" was quite interesting. Scary how Google treated some of their finds. Haroon Meer and Marco Slaviero's "Pushing the Camel Through the Eye of a Needle" also included some weird but cool attacks.
The people and party
In the drinks area I had a chat with Marcus Pinto and Dafydd Stuttard of NGS Software. Always great to meet those guys. I attended the Breach sponsored OWASP party at the Shadow bar where I had a small chat with RSnake as well. There were 41 people from Norway (!), and this was also noted by Jeff Moss in his opening speak. Great to meet you guys.
The town and hotel
Just crazy...
Comments closed for this post
The training
I attended the "Hacking by Numbers: Web 2.0" training by Sensepost, and unfortunately was a bit disappointed. No doubt Haroon Meer has tons of knowledge about web security and does well in presenting it, but I don't feel the content fit the title. I would expect a lot more focus on web 2.0. Yes, I know the Web 2.0 security issues are mostly the same as Web 1.0 (injection attacks, XSS etc.), but I would at least expect the tasks to focus on those errors from a Web 2.0 perspective. I was also a bit disappointed that they skipped the foil on javascript hijacking. All in all I would say that this is a good training, but not if you allready know quite a lot about Web 1.0 security.
The briefings
There were a lot of great talks. Jeremiah Grossman and Arian Evans, from Whitehat Security, presented some interesting finds in their "Get Rich or Die Trying - Making Money on the Web, the Black Hat Way" talk. Also RSnake and Tom Stracener's talk on "Xploiting Google Gadgets: Gmalware and Beyond" was quite interesting. Scary how Google treated some of their finds. Haroon Meer and Marco Slaviero's "Pushing the Camel Through the Eye of a Needle" also included some weird but cool attacks.
The people and party
In the drinks area I had a chat with Marcus Pinto and Dafydd Stuttard of NGS Software. Always great to meet those guys. I attended the Breach sponsored OWASP party at the Shadow bar where I had a small chat with RSnake as well. There were 41 people from Norway (!), and this was also noted by Jeff Moss in his opening speak. Great to meet you guys.
The town and hotel
Just crazy...
About Erlend
Security guy with some thoughts on secure development.
Tag cloud
Categories
Blogroll
