Only saw a quart of this tutorial (after morning coffee break and before lunch).
Talk mentioned all of the important security issues out there right now and how to fix them.
Unfortunately it was a talk aimed at beginners in the field of WebAppSec and I was hoping for more advanced topics (my fault, it's a 'Crash Course').
Good talk!
Covered pretty much all the basics of web app security, with some nice snippets of more unusual stuff - which was exactly what it was billed as. Very knowledgeable speaker, there were quite a few examples of types of exploits, but maybe could have been something included on the more general process of testing the security of your web apps.
This was advertised as a "crash course" so I was expecting to hear a lot of things I had heard before, whilst keeping my fingers crossed for something new.
I found the parts about UTF-7 and character encoding particularly interesting, along with the union selects (sql injection).
Whilst Stefan didn't come across as an excited or enthusiastic speaker (maybe because of issues on the day) it is very clear that he knows his stuff and it's nice to come away with an "expert" view on the way certain strategies should be implemented.
In my opinion, the "crash course" aspect of security could be left for the standard sessions (one hour talk) and this kind of tutorial day would be better used as an intermediate to advanced session, skipping or skimming over the basics and going straight to the juicy stuff. [My rating won't reflect that comment because the title was clear enough]
Comments
Comments are closed.
Only saw a quart of this tutorial (after morning coffee break and before lunch).
Talk mentioned all of the important security issues out there right now and how to fix them.
Unfortunately it was a talk aimed at beginners in the field of WebAppSec and I was hoping for more advanced topics (my fault, it's a 'Crash Course').
Good talk!
Covered pretty much all the basics of web app security, with some nice snippets of more unusual stuff - which was exactly what it was billed as. Very knowledgeable speaker, there were quite a few examples of types of exploits, but maybe could have been something included on the more general process of testing the security of your web apps.
Good tutorial. Coverd all the basic. If he had put in a bit more examples and maybe some advanced stuff it would hvae been perfect.
This was advertised as a "crash course" so I was expecting to hear a lot of things I had heard before, whilst keeping my fingers crossed for something new.
I found the parts about UTF-7 and character encoding particularly interesting, along with the union selects (sql injection).
Whilst Stefan didn't come across as an excited or enthusiastic speaker (maybe because of issues on the day) it is very clear that he knows his stuff and it's nice to come away with an "expert" view on the way certain strategies should be implemented.
In my opinion, the "crash course" aspect of security could be left for the standard sessions (one hour talk) and this kind of tutorial day would be better used as an intermediate to advanced session, skipping or skimming over the basics and going straight to the juicy stuff. [My rating won't reflect that comment because the title was clear enough]