[Owasp-sydney] OWASP Sydney Meeting 14th May

christian.heinrich at cmlh.id.au christian.heinrich at cmlh.id.au
Mon Apr 28 23:51:59 EDT 2008


Is the content of this presentation updated from

Christian Heinrich
OWASP Individual Member

-----Original Message-----
From: owasp-sydney-bounces at lists.owasp.org
[mailto:owasp-sydney-bounces at lists.owasp.org] On Behalf Of Paul Theriault
Sent: Tuesday, 29 April 2008 1:23 PM
To: Owasp-sydney at lists.owasp.org
Subject: Re: [Owasp-sydney] OWASP Sydney Meeting 14th May

Hi all,

For those planning on attending on the 14th, I have attached a summary of my
presentation below.
Thanks to Chris for organising and KPMG for hosting - hope to see you all

Detection and Analysis of Flash Based Malware:

A recent series of incidents saw consumers infected with malware after
viewing malicious flash advertisements on high-profile internet sites. The
malicious advertisements existed not as a result of system or application
compromise, but due to attackers paying for advertisements with hidden
functionality to be served by major online advertising organisations.

These events have highlighted a technical challenge to all organisations who
serve third-party flash content: how can you tell if a flash file is
malicious? As organisations increasingly serve dynamic content provided by
third-parties, the risk of these files containing malicious code increases
and the existing technical mitigation controls are currently limited.

This presentation will include a technical analysis of the malware in
question, an analysis of other potential threat vectors with flash content
and an examination of possible technical solutions to this problem.
Ultimately organisations need to find a balance between manual analysis
(large time and expertise requirements) and automated scanning (which face
all the problems associated with the existing anti-virus). Ultimately
contractual protections need to be in place in addition to technical
protections, but there is a lot of room for improvement in terms of the
technical approach to handling flash files and this presentation will
discuss some of those options.


Paul Theriault
Senior Associate
P: +61 2 9236 7276
F: +61 2 9251 6393
M: +61 410 525 685
E: paul.theriault at sift.com.au
Level 6, 62 Pitt Street
Sydney NSW, 2000

---------- Forwarded message ----------
From: Chris Gatford <chris.gatford at purehacking.com>
Date: Tue, Apr 29, 2008 at 12:52 PM
Subject: [Owasp-sydney] OWASP Sydney Meeting 14th May
To: Owasp-sydney at lists.owasp.org

** Upcoming Sydney OWASP Meeting **

Please join us for a FREE networking and learning session:

When: Wednesday, May 14th 2008, 6:00 pm - 8:00 pm
Location:  KPMG
Auditorium (Located on the Ground floor at the rear)
10 Shelley Street (main entrance located on Sussex Street)
Sydney  NSW  2000

6:00 - 6:20 Peer-to-Peer Networking with Tea & Coffee

6:20 - 6:30 Sydney Chapter Update

6:30 - 7:30 Technical Presentation "Flash Application Vulnerabilities"
Paul Theriault, Senior Associate, SIFT

OWASP Sydney is very kindly being supported by KPMG in providing the
venue and refreshments.

RSVP: Chris at penetrationtester.com

Paul's presentation will be an introduction to the detection and
analysis of Flash based malware. Providing technical insights in to
the analysis process and providing examples of deconstructing content
as well as some suggested countermeasures.

Speaker BIO:

Paul is a Senior Associate with SIFT, and has extensive experience in
both technical and policy areas of IT security ranging from
application code review and testing, to business-wide risk assessment
and management. Paul is a proficient security incident handler with
experience in malware and vulnerability analysis, anti-virus
monitoring and patch management.

Paul holds a degree in Computer Science from the University of Sydney,
during the completion of which he was awarded the prize for IT
Security with a perfect score of 100. He is a Member of the Open Web
Application Security Project (OWASP), and has also provided Guest
Lectures at the Communications University of China, Beijing.

Paul has supported SIFT's clients through providing Board-level risk
management guidance, and has completed low-level technical security
testing for systems making up vital parts of Australia's financial
markets critical infrastructure.

Kind Regards
Chris Gatford
Pure Hacking

Toll Free: Australia 1300 884 218
Direct:  +61 2 9231 1134
Fax:     +61 2 9231 1117
Mobile:  +61 420 909 308
Email: chris.gatford at purehacking.com
Web: http://www.purehacking.com
Blog: http://www.penetrationtester.com
Linkedin: http://www.linkedin.com/in/chrisgatford

Martin Place, Suite 304, Level 3, 84 Pitt St, Sydney
Level 50, 101 Collins St, Melbourne

2 Havelock Road #04-08
Apollo Centre Singapore 059763

 Owasp-sydney mailing list
 Owasp-sydney at lists.owasp.org
Owasp-sydney mailing list
Owasp-sydney at lists.owasp.org

More information about the Owasp-sydney mailing list