Title: Web Security Overview

Speaker: Kishor Datar

Start Date: Wednesday, April 01, 2009, 10:00AM

End Date: Wednesday, April 01, 2009, 11:30AM

Location: ITE 325

Abstract: Since all organizations have web presence today, security of the web applications is important. There is a variety of attacks (Cross Site Scripting (XSS), SQL injection, Command Injections, Forced Browsing etc.) that can be launched against web applications which we need to be aware of. In this talk, I will cover Cross Site Scripting. I will also cover a slightly advanced version of XSS, tools you could use to learn more about XSS, tools that you can use to test your web applications for vulnerabilities. I will also briefly talk about PHPIDS, an IDS written in PHP that helps prevent some of these attacks. Later in the talk, I will cover few interesting hacking techniques that have been newly discovered.

http://en.wikipedia.org/wiki/Cross-site_scripting

http://ha.ckers.org/xss.html

http://h4k.in/xssinexcess

http://php-ids.org/

http://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques- of-2008.html

The talk will be available live online at http://www.ustream.tv/channel/umbc-ebiquity-meeting

Web Site: http://ebiquity.umbc.edu/

Tags: web security, xss

Assertions:

1. (Event) Web Security Overview has (Resource) Web Security - Overview.