[Owasp-sanfran] OWASP Meeting 12/13 -- Web-Based Malware, Browser Security & More

OWASP - San Francisco Chapter owasp-sanfran at lists.owasp.org
Tue Dec 4 13:09:13 EST 2007

Greetings IT 


OWASP Bay Area will host its next 
meeting at the Stanford University Alumni Association Center on Thursday, December 13.  As usual 
attendance is free and food and beverages will be provided.  This will be an 
awesome event and a great opportunity to network with industry peers.  The event 
is open to the public; please forward this invite to your colleagues and friends 
who are interested in computer and application security. 


Agenda and 
6:00pm - 6:30pm ... Check-in and 
Holiday Reception (food & beverages)
6:30pm - 7:15pm ... Ghosts in the 
Browser – Niels Provos, Google
7:15pm - 8:00pm ... Ph.D. 
Student Presentations – Adam Barth & Collin Jackson, Stanford University
8:00pm - 8:30pm ... 
Networking Session 

Alumni Association Center
326 Galvez 
Stanford, CA  94305
Map and 

Ghosts in the 
by: Niels Provos, Ph.D., Google, 

 As more users are connected to the 
Internet and conduct their daily activities electronically, computer users have 
become the target of an underground economy that infects hosts with malware or 
adware for financial gain. Unfortunately, even a single visit to an infected web 
site enables the attacker to detect vulnerabilities in the user’s applications 
and force the download a multitude of malware binaries. Frequently, this malware 
allows the adversary to gain full control of the compromised systems leading to 
the ex-filtration of sensitive information or installation of utilities that 
facilitate remote control of the host. We believe that such behavior is similar 
to our traditional understanding of botnets. However, the main difference is 
that web-based malware infections are pull-based and that the resulting command 
feedback loop is looser. To characterize the nature of this rising thread, we 
identify the four prevalent mechanisms used to inject malicious content on 
popular web sites: web server security, user contributed content, advertising 
and third-party widgets.  For each of these areas, we present examples of abuse 
found on the Internet. Our aim is to present the state of malware on the Web and 
emphasize the importance of this rising threat.

Bio: Based out 
of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc.  His 
interests include research in Web-Based Malware, Distributed Denial of Service, 
Steganography, Cryptography and Computer and Network Security.  Niels studied 
Physics and Mathematics at University of Hamburg, 
Germany, and attended the 
University of 
Michigan as a graduate 
student where he earned both is Masters in Computer Science and his Ph.D. in 
Computer Science.  He has published countless research papers and recently 
authored the book Virtual Honeypots: From Tracking Botnets to Intrusion 

Ph.D. Student 
Presented by: 
Adam Barth & Collin Jackson, Stanford University

Preview of OWASP Bay Area, Mandeep 
Mandeep will provide an outline of the goals and 
objectives for local OWASP affiliates in 2008.   

Please RSVP by responding to this 
email or visit http://owaspdec2007.eventbrite.com

Special thanks to Stanford 
University Alumni Association for hosting this event and to Cenzic 
and AppSec Consulting for sponsoring.

I hope to see you all there,

Robi Papp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-sanfran/attachments/20071204/558fc1c9/attachment.html 

More information about the Owasp-sanfran mailing list