This presentation was by Jason Macy and Mamoon Yunus of Crosscheck Networks – Forum Systems. It wins the award (the one I just made up) for being the most vendor-oriented presentation at the conference. Not that it wasn’t an interesting presentation, but their solution to defend against most of the attacks was “Use an XML […]
This presentation was by Chris Wysopal, the CTO of Veracode. My notes are below: “To measure is to know.” – James Clerk Maxwell “Measurement motivates.” – John Kenneth Galbraith Metrics do Matter Metrics quantify the otherwise unquantifiable Metrics can show trends and trends matter more than measurements do Metrics can show if we are doing […]
For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the “Anatomy of an Attack: From Incident to Expedient Resolution” talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how […]
This presentation on the w3af (Web Application Attack and Audit Framework) was by Andres Riancho (ariancho@cybsec.com) who is the project leader. w3af is an Open Source project (GPLv2). A script that evolved into a serious project. A vulnerability scanner. An exploitation tool. Found that the commercial tools were too pricey so developed a tool to […]
