Black Hat: Apps security main focus

Black Hat kicks off this week in Las Vegas with a big shift in focus from internet viruses to application security.


The shift mirrors the change in threats on the security landscape; with malware attacks morphing from generic internet viruses into targeted attacks aimed at vulnerabilities in proprietary business IT systems.

Security researchers gathered at Caesar's Palace on Monday to undergo training in the latest hacking and malware-authoring techniques, following an initial set of classes held over the weekend.

The conference transitions on Tuesday from its training stage into it briefings mode, as the media, software vendors, and other interested parties - including law enforcement officials - join in the action to see noted security experts present their latest discoveries.

The even edgier Defcon "underground" hacker show will kick off at the Las Vegas Riviera on Wednesday, with a fair share of computer-based pranks sure to be mixed in with the event's annual mix of security research and system-cracking tricks.

As threats have evolved and hackers have broadened their focus on finding and exploiting vulnerabilities - as opposed to focusing almost solely on Microsoft's Windows platform in years past - the 2007 Black Hat briefings schedule is weighted heavily toward applications security.

At least four scheduled sessions specifically highlight Windows flaws and other Microsoft-based hacks on botnets, and other so-called mass market threats that are designed to take advantage of consumers and other unsuspecting Web users.

Many of the breakout sessions, however, are aimed specifically at detailing attacks that can be carried out on software applications.

One such presentation will be hosted by research experts employed by SPI Dynamics, the applications security testing software maker acquired by Hewlett-Packard in June to help coders using the company's Mercury Interactive development platform to drive flaws out of their work.

Billy Hoffman, lead researcher in SPI's Labs group, and Bryan Sullivan, one of the Atlanta-based company's development managers, will share their latest findings regarding common vulnerabilities found in AJAX-based applications.

"Recommended For You"

Black Hat 2009 promises news of major security flaw Plans to reveal software flaw stopped by vendor concerns