Saturday, September 02, 2006

google tech talks

my latest search of google tech talks revealed a little seminar on how to break web software - a look at security vulnerabilities in web software I Haven't finished downloading it yet, but the last few lectures I have watched form google tech talks have been superb. kev - let me know how this one is. I read some of the comments at google video (you can view comments on a vid) and some people thought it was pretty basic... so maybe its 'not-so-good'


forkev said...

37 minutes it he modifyies the html form before submitting it. the firefox developer toolbar allowing you to unhide forms elements and revise their values before submit is much faster to accomplish the same thing - notepad works, but it's just slower.
this is great news if no one has ever played with it before, but i'm gonna have to say it is on the basic side, at least 40 minutes in. lets see what else he comes up with. oh, he's gonna do session hijacking. cool.

forkev said...

validate your input, validate your output. and the hacker triangle - asset, attacker, vulrnabilty; take away one of the three and the threat goes away.

it was a good video.