[Owasp-austin] Invitation: JavaScript Hijacking and DNS Rebinding - OWASP Meeting (May 25 11:30 AM CDT in National Instruments - Building C - Conference Room 1S13)

Josh Sokol josh.sokol at ni.com
Tue May 11 09:35:46 EDT 2010


                                                                                                                                                
               Invitation: JavaScript Hijacking and DNS Rebinding - OWASP Meeting                                                               
                                                                                                                                                
               05/25/2010 -                                                                                                                     
                                                                                                                                                
                                                                                                                                                
                                                                                                                                                
               Chair:                                                                                                                           
                        Josh Sokol/AUS/NIC                                                                                                      
               Sent By:                                                                                                                         
                        josh.sokol at ni.com                                                                                                       
                                                                                                                                                
                                                                                                                                                
               Location:                                                                                                                        
                        National Instruments - Building C - Conference Room 1S13                                                                
                                                                                                                                                
                                                                                                                                                
                                                                                                                                                



                                                                            
                                                                            
                                                                            
                                                                            
  josh.sokol                                                                
                       Josh Sokol has invited you to a meeting.  You have   
                       not yet responded.                                   
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
  FYI:                                                                      
                                                                            
                                                                            
                                                                            


                                                                            
                                                                            
                                                                            
                                                                            
   When: May 25, 2010, 11:30am - 1:00pm                                     
                                                                            
                                                                            
  Topic: Javascript Hijacking                                               
                                                                            
                                                                            
  This attack is an offshoot of Cross-Site Request Forgery (CSRF) and is    
  common when AJAX is involved. It was well publicized in 2007 when the     
  gmail contact list was found by Jeremiah Grossman to be vulnerable to it. 
  This presentation will include a technical explanation of the attack, a   
  demonstration, and a discussion.                                          
                                                                            
                                                                            
  Who: Ben Broussard (UT Austin)                                            
                                                                            
                                                                            
  Ben Broussard is a developer for the University of Texas at Austin with   
  an academic background in mathematics, specifically cryptography. At UT   
  he has translated and prioritized web application attacks in relation to  
  the environment that the developers are working in. Ben is currently      
  leading a web application security focused team of developers from        
  different departments around campus.                                      
                                                                            
                                                                            
  Topic: Attacking Intranets from the Web Using DNS Rebinding               
                                                                            
                                                                            
  DNS Rebinding works by implementing code that circumvents the web         
  browser's same-origin policy and penetrates your private network. The     
  exploit was popularized by RSnake in 2009. This presentation will explore 
  how DNS Rebinding works, a walk-thru of a running demo, and what it means 
  to your organization.                                                     
                                                                            
                                                                            
  Who: James Wickett (National Instruments)                                 
                                                                            
                                                                            
  James is the current Vice President of the Austin OWASP chapter and the   
  former President. He works for National Instruments as a Web Systems      
  Engineer in the R&D department. Current certifications: CISSP, GCFW, GWAS 
                                                                            
                                                                            
  Where: National Instruments, 11500 N Mopac, Building C which is the       
  tallest building on campus (8 levels). There will be signs posted in the  
  lobby to direct you where to go and the receptionists will be able to     
  assist you as well. See directions to National Instruments.               
                                                                            
                                                                            
  Cost: Always Free                                                         
                                                                            
                                                                            
  Questions or help with Directions... call: Josh Sokol (512) 619-6716.     
                                                                            
                                                                            
  RSVP on the Austin OWASP Ning Site                                        
                                                                            
                                                                            
                                                                            

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100511/0e2957e2/attachment-0002.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3205 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100511/0e2957e2/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100511/0e2957e2/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic11116.gif
Type: image/gif
Size: 2430 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100511/0e2957e2/attachment-0003.gif 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100511/0e2957e2/attachment-0003.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c083546.ics
Type: application/octet-stream
Size: 3205 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20100511/0e2957e2/attachment-0001.obj 


More information about the Owasp-austin mailing list