Front Range OWASP Conference 2013

Wow time goes fast. It’s been a while since I have updated my blog. I will be making an concentrated effort to get content out faster and on a more regular schedule.

At the end of March (28,29) I will be speaking and attending Front Range OWASP Conference 2013. I will be speaking on “A Demo of and Preventing XSS in .NET Applications”. This presentation will cover a variety of approaches toward preventing XSS vulnerabilities in .NET applications, including: (Microsoft's Web Protection Library/AntiXSS and OWASP's AntiSamy.NET project) and discovering XSS with CAT.Net and code reviews.

While XSS is not one of the most sophisticated exploits it is still one of the most common exploits found on the web today and can have real consequences. Meraki, a division of Cisco found that out from an analysis done by Nibble Security on one of Meraki’s  devices using the splash screen. Nibble Security realized the splash screen was designed to take HTML5 so each customer could customize it. This particular vulnerability revels how a trivial XSS flaw can be abused to subvert an entire network infrastructure (http://blog.nibblesec.org/2013/03/subverting-cloud-based-infrastructure.html). 

Resources:

https://www.owasp.org/index.php/Front_Range_OWASP_Conference_2013

http://blog.nibblesec.org/2013/03/subverting-cloud-based-infrastructure.html

http://beefproject.com

http://www.meraki.com