Corporate Site
Home
Advisories
Articles
White Papers
Presentations
Tools
Blog
Search
Contact us

Presentations

Overview

Because of our ability to communicate complicated concepts in straightforward terms, we have been invited to present for a number leading institutions. This section includes only a selection of our published presentations.

Security Assessing Java RMI

By Adam Boulton, September, 2008, OWASP NYC AppSec Conference, USA

The talk will describe the process for performing a security assessment on Java RMI services, including identifying and making unauthorised calls to the service. There are currently no available tools to perform object and method identification. The techniques described in this talk will be used together with an innovative prototype for an RMI assessment tool to demonstrate how an RMI service can be interrogated and manipulated from a zero knowledge perspective.

Assessing Financial Applications

By Daniel Cuthbert, September, 2008, OWASP NYC AppSec Conference, USA

The rewards for compromising a financial application are just too irresistible for an attacker. Often the consumer is led to believe that financial applications are more secure than normal applications, but this isn't often the case. This presentation's aim is to help those responsible for securing financial applications - managers, assessors, auditors and developers. Attendees will learn how to improve the quality of their security assessments and therefore to reduce the risk of compromise. Topics covered will address information gathering, business logic vulnerabilities, authentication and authorisation vulnerabilities, mathematical operation manipulation, bypassing validation routines and logging and attack detection.

Web Application Security; Where is it going wrong?

By Daniel Cuthbert, May, 2008, Web Security Summit, Johannesburg, South Africa

The adoption of a Secure Development Lifecycle by Microsoft has changed the way traditional development is undertaken.No longer is security a last stage consideration; it is now key to the whole structure of developing applications and ensuring they are robust and secure to withstand attacks. Microsoft is leading the way with this drastic move,yet others are yet to adopt the approach. Daniel has been researching, and involved, with web application security since the late 90’s, and has worked on a wide range of projects to ensure that the development life cycle is secure and the overall application can withstand today’s hackers. This presentation explores where development projects and teams are still going wrong.

Evolution of Phishing and Social Engineering - Who's winning?

By Daniel Cuthbert, September 2007, ISACA / BCS IRMA Joint Event - Computer Crime Update, London, UK

Phishing attempts are on the increase and the sophistication of spam and other malicious activity has risen higher than ever before. Is this due to more people adopting the digital lifestyle or have the rewards for criminals grown bigger. This presentation concentrates on the new direction that the phishing/spam community has taken and what’s changed in the past three years.

Software Security – Where are today's development projects going wrong?

By Daniel Cuthbert, May 2007, AusCert 2007, Sydney, Australia

The adoption of a Secure Development Lifecycle by Microsoft has changed the way traditional development is undertaken. No longer is security a last stage consideration; it is now key to the whole structure of developing applications and ensuring they are robust and secure to withstand attacks. Microsoft is leading the way with this drastic move, yet others are yet to adopt the approach. This presentation explores where development projects and teams are still going wrong.

Security Sins and their Solutions

By Stephen de Vries, December 2006, JavaPolis 2006, Antwerp, Belgium

The presentation covers the most insidious security vulnerabilities in Java Web and EE applications through practical demonstration of how to exploit these vulnerabilities and recommendations on how to prevent them. The threat posed by each vulnerability is explained, first in theory, then through demonstration and finally strategies for mitigating the flaw are introduced. The presentation concludes with a discussion about integrating security at every step of the development life cycle.

Security Testing Web Applications through Unit Tests

By Stephen de Vries, May 2006, 4th OWASP AppSec Conference, Leuven, Belgium

Testing software during the development phase has become an important part of the development lifecycle and is key to agile methodologies. Code quality and maintainability is increased by adopting an integrated testing strategy that stresses unit tests, integration tests and acceptance tests throughout the project. But these tests are typically only focused on the functional requirements of the application, and rarely include security tests. Implementing security in the unit testing cycle means investing more in developer awareness of security and how to test for security issues, and less in specialised external resources. This is a long- term investment that can vastly improve the overall quality of software, and reduce the number of vulnerabilities in web applications, and consequently, the associated risks.

Software Security – Changing the status quo?

By Daniel Cuthbert, March 2006, IET Crime and Security Conference, London,UK

This presentation looks at why the current development model is flawed, how to introduce security into the development lifecycle and how to persuade management and developers that security is important.

The Evolution of Web Application Penetration Testing

By Daniel Cuthbert, October 2005, 3rd OWASP AppSec Conference, Washington DC, USA

This presentation examines how web application testing is being approached differently with web 2.0.

© Corsaire Limited. All rights reserved. Legal & Privacy notices.