[Owasp-london] DeveloperDeveloperDeveloper 3 voting has begun
Dinis Cruz
dinis at ddplus.net
Tue Mar 21 19:09:10 EST 2006
Hello,
The voting for DDD3 has begun (DDD is the DeveloperDeveloperDeveloper
event) and this year the number of potential presentations is ever higher.
You can see them here http://www.developerday.co.uk/ddd/votesessions.asp
and you can vote for the ones that you want to see.
I proposed two talks:
- Rooting the CLR (Style: Presentation - Level: 400) - In this
presentation Dinis Cruz will show how the .Net Framework can be modified
in real-time using Rootkit-like techniques. This is possible due to the
fundamental security design flaw within the .Net framework where the
entire Framework (i.e. all dlls) are loaded into the .Net process. This
creates a scenario where there is nothing stopping a malicious Full
Trust .Net assembly or unmanaged code ...
- Attacking Web and Windows Applications (Style: Presentation -
Level: 400) - In this session (a variation of the one delivered in DDD2)
multiple attack vectors will be shown covering a wide variety of
vulnerabilities and exploits: Sql Injection (basic and advanced), XSS
(session hijacking and remote command execution), Elevation of
Privilege, Web Services exploitation, AJAX exploitation, Rootkits (user
and kernel level), attacking fat-clients by hooking into windows functi...
So you can vote for me if you want to see them (they are recorded and
posted on the website)
Dinis Cruz
Owasp .Net Project
www.owasp.net
More information about the Owasp-london
mailing list