-
US Denies Halvar Flake from presenting at blackhat
"I've been denied entry to the US essentially for carrying my trainings material. Wow. It appears I can't attend Blackhat this year. I was denied entry to the US for carrying trainings materials for the Blackhat trainings, and intending to hold these trainings as a private citizen instead of as a company. After a 9-hour…
-
Announcement: WASC and OWASP Joint Blackhat Vegas Party
This year OWASP and WASC have decided to have a joint party at Blackhat vegas. I’ll be there with many of the other appsec industry people. RSVP if you want to attend!
-
Hackers on a Plane
"2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in: The Hacker Foundation has…
-
WASC Meetup at JavaOne (San Francisco 2007)
WASC is organizing a Meet-Up during the JavaOne Conference (May 8-11 @ San Francisco Moscone Center). As usual this will be an informal gathering. No agenda, slide-ware, or sponsors. We’re expecting maybe 10-20 like minded webappsec people to share some food, drinks, and stimulating conversation. Everyone is welcome and it should be a really fun…
-
My Visit to the RSA Conference
I really enjoyed going to the RSA conference this year and meeting up with some old friends and seeing some good talks. I only got to attend for two days one of which was for ‘The Web Application Security Consortium‘ (I’m a co founder) get together (pictures available at the links below). I was frankly…
-
WASC RSA Meet-up
This years RSA Conference is being held at the San Francisco Moscone Center [2] (February 5 � 9) and every year, for the past couple years, we�ve coordinated an informal WASC Meet-Up. Usually about 20 or so people in the web application security community show up to have some fun sharing drinks, appetizers, conversation, and…
-
Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
I will be giving a talk at Blackhat this year entitled "Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems". I'll also be available at the 'Web Application Security Consortium' Meet-up for those who want to chat. This presentation will discuss the use of RSS and Atom feeds as method of delivering…
-
WASC Beerfest in Silicon Valley
Jeremiah Grossman sent this out to the web security mailing list today. "Normally we hold WASC Meet-Ups during large conferences (RSA/ BlackHat) where a lot of web application security people are at same place at the same time. Around the S.F. Bay Area there’s enough webappsec people that we we no longer need that excuse.…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack