Friday 5th July, 2013
3:00pm to 3:45pm
The vulnerable nature of Web applications was found out to apply even
to security conferences.
After finding a severe security issue in a particular conference's
Web system, it was discovered that the issue in fact wasn't local
to that conference. Moreover, while investigating the issue, other
security issues were found, being a mix of programming choices/errors, insecure application defaults, and server configuration issues.
What followed was a journey into the world of Web security: HTTP sessions and its management, cookies, cookie sniffing possibilities, cookie manipulation and replaying, HTTPS failures, session hijacking and fixation scenarios, and the combined knowledge of the above: the potential of becoming admin in several conferences' Web systems.
This talk will cover the aspects above, include a practical demonstration of them, and explain how things were (hopefully?) fixed. It also includes some thoughts on secure programming and risks involved in code forking.
4pm Remote Exploits für die Briefwahl in Deutschland by Arnim Rupp
Sign in to add slides, notes or videos to this session