Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Contenuto fornito da Black Hat / CMP and Jeff Moss. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat / CMP and Jeff Moss o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Player FM - App Podcast
Vai offline con l'app Player FM !
Vai offline con l'app Player FM !
Alex Stamos and Scott Stender: Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps
Manage episode 155121503 series 1146744
Contenuto fornito da Black Hat / CMP and Jeff Moss. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat / CMP and Jeff Moss o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Web Services represent a new and unexplored set of security-sensitive technologies that have been widely deployed by large companies, governments, financial institutions, and in consumer applications. Unfortunately, the attributes that make web services attractive, such as their ease of use, platform independence, use of HTTP and powerful functionality, also make them a great target for attack. In this talk, we will explain the basic technologies (such as XML, SOAP, and UDDI) upon which web services are built, and explore the innate security weaknesses in each. We will then demonstrate new attacks that exist in web service infrastructures, and show how classic web application attacks (SQL Injection, XSS, etc) can be retooled to work with the next-generation of enterprise applications. The speakers will also demonstrate some of the first publicly available tools for finding and penetrating web service enabled systems. Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization, with several years experience in security and information technology. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught many classes in network and application security. Before he helped form iSEC Partners, Alex spent two years as a Managing Security Architect with @stake. Alex performed as a technical leader on many complex and difficult assignments, including a thorough penetration test and architectural review of a 6 million line enterprise management system, a secure re-design of a multi-thousand host ASP network, and a thorough analysis and code review of a major commercial web server. He was also one of @stake's West Coast trainers, educating select technical audiences in advanced network and application attacks. Before @stake, Alex had operational security responsibility over 50 Fortune-500 web applications. He has also worked at a DoE National Laboratory. He holds a BSEE from the University of California, Berkeley, where he participated in research projects related to distributed secure storage and automatic C code auditing. Scott Stender is a founding partner of iSEC Partners, LLC, a strategic digital security organization. Scott brings with him several years of experience in large-scale software development and security consulting. Prior to iSEC, Scott worked as an application security analyst with @stake where he led and delivered on many of @stake's highest priority clients. Before @stake, Scott worked for Microsoft Corporation where he was responsible for security and reliability analysis for one of Microsoft's distributed enterprise applications. In this role, Scott drew on his technical expertise in platform internals, server infrastructure, and application security, combined with his understanding of effective software development processes to concurrently improve the reliability, performance, and security of a product running on millions of computers worldwide. In his research, Scott focuses on secure software engineering methodology and security analysis of core technologies. Most recently, Scott was published in the January-February 2005 issue of "IEEE Security and Privacy", where he co-authored a paper entitled "Software Penetration Testing". He holds a BS in Computer Engineering from the University of Notre Dame.
…
continue reading
61 episodi
Alex Stamos and Scott Stender: Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
Manage episode 155121503 series 1146744
Contenuto fornito da Black Hat / CMP and Jeff Moss. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat / CMP and Jeff Moss o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Web Services represent a new and unexplored set of security-sensitive technologies that have been widely deployed by large companies, governments, financial institutions, and in consumer applications. Unfortunately, the attributes that make web services attractive, such as their ease of use, platform independence, use of HTTP and powerful functionality, also make them a great target for attack. In this talk, we will explain the basic technologies (such as XML, SOAP, and UDDI) upon which web services are built, and explore the innate security weaknesses in each. We will then demonstrate new attacks that exist in web service infrastructures, and show how classic web application attacks (SQL Injection, XSS, etc) can be retooled to work with the next-generation of enterprise applications. The speakers will also demonstrate some of the first publicly available tools for finding and penetrating web service enabled systems. Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization, with several years experience in security and information technology. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught many classes in network and application security. Before he helped form iSEC Partners, Alex spent two years as a Managing Security Architect with @stake. Alex performed as a technical leader on many complex and difficult assignments, including a thorough penetration test and architectural review of a 6 million line enterprise management system, a secure re-design of a multi-thousand host ASP network, and a thorough analysis and code review of a major commercial web server. He was also one of @stake's West Coast trainers, educating select technical audiences in advanced network and application attacks. Before @stake, Alex had operational security responsibility over 50 Fortune-500 web applications. He has also worked at a DoE National Laboratory. He holds a BSEE from the University of California, Berkeley, where he participated in research projects related to distributed secure storage and automatic C code auditing. Scott Stender is a founding partner of iSEC Partners, LLC, a strategic digital security organization. Scott brings with him several years of experience in large-scale software development and security consulting. Prior to iSEC, Scott worked as an application security analyst with @stake where he led and delivered on many of @stake's highest priority clients. Before @stake, Scott worked for Microsoft Corporation where he was responsible for security and reliability analysis for one of Microsoft's distributed enterprise applications. In this role, Scott drew on his technical expertise in platform internals, server infrastructure, and application security, combined with his understanding of effective software development processes to concurrently improve the reliability, performance, and security of a product running on millions of computers worldwide. In his research, Scott focuses on secure software engineering methodology and security analysis of core technologies. Most recently, Scott was published in the January-February 2005 issue of "IEEE Security and Privacy", where he co-authored a paper entitled "Software Penetration Testing". He holds a BS in Computer Engineering from the University of Notre Dame.
…
continue reading
61 episodi
Tous les épisodes
×Benvenuto su Player FM!
Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.