Black Hat: Apps security main focus

Black Hat: Apps security main focus


Article comments

The shift mirrors the change in threats on the security landscape; with malware attacks morphing from generic internet viruses into targeted attacks aimed at vulnerabilities in proprietary business IT systems.

Security researchers gathered at Caesar's Palace on Monday to undergo training in the latest hacking and malware-authoring techniques, following an initial set of classes held over the weekend.

The conference transitions on Tuesday from its training stage into it briefings mode, as the media, software vendors, and other interested parties - including law enforcement officials - join in the action to see noted security experts present their latest discoveries.

The even edgier Defcon "underground" hacker show will kick off at the Las Vegas Riviera on Wednesday, with a fair share of computer-based pranks sure to be mixed in with the event's annual mix of security research and system-cracking tricks.

As threats have evolved and hackers have broadened their focus on finding and exploiting vulnerabilities - as opposed to focusing almost solely on Microsoft's Windows platform in years past - the 2007 Black Hat briefings schedule is weighted heavily toward applications security.

At least four scheduled sessions specifically highlight Windows flaws and other Microsoft-based hacks on botnets, and other so-called mass market threats that are designed to take advantage of consumers and other unsuspecting Web users.

Many of the breakout sessions, however, are aimed specifically at detailing attacks that can be carried out on software applications.

One such presentation will be hosted by research experts employed by SPI Dynamics, the applications security testing software maker acquired by Hewlett-Packard in June to help coders using the company's Mercury Interactive development platform to drive flaws out of their work.

Billy Hoffman, lead researcher in SPI's Labs group, and Bryan Sullivan, one of the Atlanta-based company's development managers, will share their latest findings regarding common vulnerabilities found in AJAX-based applications.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *