[Owasp-portland] What are you more interested in learning about?

Timothy D. Morgan tmorgan-owasp at vsecurity.com
Wed May 5 11:32:37 EDT 2010

I'd like to give more OWASP talks, but I'm not sure what folks are
most interested in.  Here are a few ideas I had:

Breaking Cryptography in Practice

This would cover how cryptography is commonly used in custom
applications, what mistakes are often made and how to exploit these

Why You Should Place All of Your Websites Under HTTPS

Here I would cover two serious recent threats to web security:
HTML/HTTP/SSL downgrade attacks (a.k.a sslstrip attacks) and DNS

Short Series on Browser Security

I thought it might be fun to give a series of short talks (read: with
few slides/materials) on browser security which would cover some or
all of the following topics:

- Same-origin policy (SOP) basics

- Cross-site scripting (a.k.a. A decade of SOP bypass)

- Cross-site request forgery (a.k.a. how SOP is broken to begin with)

- DNS rebinding (a.k.a. Not your Momma's SOP bypass)

- Click-jacking (a.k.a. the GUI is not your friend)

- Overview of attacks on browsers

- Writing secure Java Web Start applications

Let me know what you're most interested in and I'll try to get a few
presentations put together.


More information about the Owasp-portland mailing list