START |
END |
TOPIC |
SPEAKER |
| 09:00 |
09:30 |
Opening and Welcome Address |
Thomas Lim
CEO, COSEINC Organiser, SyScan'09 |
| 09:30 |
10:30 |
Microsoft Products' Vulnerabilities -
Then, Now and the Future
Security vulnerabilities in Microsoft products have evolved over the years, as have vulnerability researcher's techniques and tool-sets. Immunity reviews all public vulnerabilities, and the updates that fix them. This data provides a platform for the development of new analysis tools such as Immunity Debugger, and it allows Immunity's researchers to continue to evolve new attack strategies. Immunity presents this process, discussing how vulnerability countermeasures evolve over time and the directions vulnerability researchers have to follow as a result. |
|
Kostya Kortchinsky
Immunity |
| 10:30 |
11:00 |
Coffee and Tea Break |
|
| 11:00 |
12:00 |
Finding Microsoft Office Vulnerabilities by
Fuzzing Binary Files with Ruby
While a lot of public material is available that _mentions_ fuzzing Office files, there is very little detail. While I have been dealing mainly with Word, the bulk of the techniques are applicable to any Office application. I plan to cover:
- Reading and writing "streams" in the OLE "compound binary file" format
- Recognising and parsing interesting structures in the Word Binary Fileformat
- Highlights / 'errors' from the specification documents
- Instrumenting Word with Win32OLE to automate the testing - Did it crash? Is the document sitting there open, wasting testing time?
- Lightweight and totally flexible runtime monitoring by automating CDB with ruby (what good's a crash without the details?)
- Dialog Boxes You Will Meet that will hang your fuzzer thread and How to Eliminate Them
- Turning off annoying Word 2007 Resiliency features and other ways to reduce registry bloat
- Where Word stores its bizarre, invisible temp files (which don't get deleted if it crashes)
- Dealing with hangs and memory eaters.
- Wrapping the whole lot up in a distributed fuzzing framework to spread the fuzzing load over as many client machines (or VMs) as you like, save all the results in a DB and even use other frameworks or languages to create test cases
- Doing the whole lot in Ruby, because nobody else has, yet. (at least nobody who has released their code) |
|
Ben Nagy
Senior Researcher, COSEINC |
| 12:00 |
13:00 |
Lunch |
|
| 13:00 |
14:00 |
Web Applications and Database – A Security Analysis |
Frank Fan
CTO,
杭州安恒信息技术有限公司 |
| 14:00 |
14:15 |
Break |
|
| 1415: |
15:15 |
Securing Applications at Gateway with Web Application Firewalls
New attack vectors are emerging on the horizon after introduction of Web
2.0 technologies and components. Web Application Firewall can help in
protecting applications by filtering traffic going over HTTP(S). There
are different approaches for it and in this talk we are going to discuss
several key aspects of WAF as mentioned below.
* Building WAF for your corporate environment using IIS
* Architecture and Event Model for WAF
* Modular approach – better performance
* Advanced attacks over WEB 2.0 and defense using WAF
* Protecting JSON and XML streams
* PCI-DSS compliance and WAF
WAF is a tactical defense for corporate environment to provide faster
response to discovered vulnerabilities. We are going to discuss topic in
detail along with live attacks, defense, tools and cases. We are going
to release prototype for WAF as part of the talk so you can try it in
your environment. |
|
Shreeraj Shah
CEO, Blueinfy |
| 15:15 |
15:45 |
Coffee Break |
|
| 15:45 |
16:45 |
Living in the Rich Internet Applications (RIA) World
This talk gives an overview of the security of emerging Rich Internet
Application (RIA) technologies. Because these technologies are so new, little information is currently available on their security or lack
thereof. This talk will provide attendees with an in-depth look into
the security of leading RIA technologies, as well as the security
concerns presented by the RIA paradigm itself. |
|
David Thiel
Principal Security Consultant, iSecPartners |
| |
|
End of Day 1 |
|
