[NBLUG/Announce] General Meeting 2009-11-10: Web Attacks 101: Cross Site Scripting, Cross Site Forgery and SQL Injection
Kyle Rankin
kyle at nblug.org
Wed Nov 4 07:28:24 PST 2009
Start: 2009/11/10 - 7:30pm
End: 2009/11/10 - 9:00pm
Location:
O'Reilly, Sebastopol, CA
http://nblug.org/genloc
Speaker: Doug Bierer
Description:
Cross Site Scripting is the #1 form of attack used in the web world
today. The attack vector usually comes in the form of some sort of
enticement in a forum posting with a bogus link, or a bogus email which
fools the victim into thinking they're doing something to protect
themselves (i.e. changing their online banking password, etc.).
Cross Site Forgery is in the Top 10 but is insidious in that the victim
is the website. This form of attack hijacks valid user credentials and,
unknown to the user, performs actions in their name which benefit the
attacker.
SQL Injection is also in the Top 10. In this form of attack the cracker
exploits vulnerabilities in how the input statements are formed to gain,
first of all, detailed knowledge of a database, and secondly, the
ability to extract sensitive information, or even to corrupt the
database.
--
Kyle Rankin
NBLUG President
The North Bay Linux Users' Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug
kyle at nblug.org
More information about the announce
mailing list