11.22.07
[SecTor Review] Web Application Worms: The Future of Browser Insecurity
SecTor Day #1
Speaker: Mike Shema
Presentation (pdf)
Audio (wmv)
Webapp worms and browser insecurity... exactly what I wanted to hear about. It was actually quite a tough call because at the same time as this talk, Joanna Rutkowska was speaking on 'Security Challenges in Virtualized Environments'. In the end, my interest in web security won out over my interest in VM security.
Mike is a rather bright guy in the web space with several books to his credit... his talk however left me a little on the disappointed side. That being said, I'm not sure that it's Mike's fault... I think that my expectations were a little high. I'm guessing that the presentation was a great overview for those without a background / interest in webapp security... for those that have always wanted to learn more, but weren't sure where to start. The talk did a great job of getting that across.
Essentially Mike did an overview of web security over the last 2 -3 years, where it's been and where it could go. I picked up a few pieces of historic trivia and I'm pretty sure that the majority of the audience was rather pleased by the end.
Mike touched on research from individuals like Jeremiah Grossman, RSnake and pdp. I found the presentation to be like the sports on the 11 o'clock news. If you've come home and missed the games themselves, then it's a great way to inform yourself of what has happened and be prepared for tomorrow, but if you saw the games then you don't really find the update all that interesting. Which is why I think for a lot of people, Mike's talk was quite useful... a lot of people don't follow web app security on a day to day basis.
I had actually wanted to chat with Mike and find out more on his thoughts but unfortunately the jam-packed schedule prevented any post-talk chatting, and I never did track him down during the CheckPoint Reception... so Mike if you're reading this, fire me off an email.
