Last night I presented at the local OWASP chapter titled "Your Client-Side Security Sucks: STOP USING IT (as your only method of security)" and the turn-out was great. I met some really awesome people and the subject matter, while not cutting-edge research, appeared to hit home.
We, as Web Application people, are still making some simple mistakes. This presentation highlighted three REAL WORLD examples of client-side security done incorrectly.
The PDF slides are available here and soon I'll have a QuickTime video with a voiceover. I LOOOOOVE Keynote now! It has such useless transformations that you must pull back or else the content will be lost. How awesome is that? Plus exporting to a QuickTime so others can enjoy your ego-boosting flame build-in!
The second presenter, as luck would have it, is working on a tool exactly like I had done for NTLM relay attacks! We had a good chat about where we both saw our tools going in the future. It has renewed my energy in completing the PokeHashBall tools
at least. Thanks, eric!
Post a Comment