no one is safe ...

Invasion of the Browser Snatchers: The Art of Combining Web Pen Testing Techniques Part III

Core Security organisiert regelmäßig unterschiedlichste Security Webcasts. Dieses mal steht der lange ersehnte dritte Teil von “Invasion of the Browser Snatchers: The Art of Combining Web Pen Testing Techniques Part III” – with Ed Skoudis and Kevin Johnson of InGuardians an.

Please join us for the last of three webcasts focused on combining a variety of different web application attacks for greater success in penetration tests.

Date: Thursday, December 3, 2009
Time: 2pm EST / 11am PST (GMT -5:00, New York)

*** A recording of the webcast will be sent to everyone who registers, so be sure to sign up even if you can’t make the live session. ***

The most effective web application pen testers expose the risks that vulnerabilities pose to the business, rather than just to the application itself. The “Invasion of the Browser Snatchers” series explores the art of replicating web attacks that take advantage of multiple vulnerabilities, revealing greater business risks than would be possible by simply analyzing vulnerabilities on an individual basis.

> Register here:

In the final installment of this epic webcast trilogy, Ed Skoudis and Kevin Johnson of InGuardians will explore how you can further enhance your web application penetration tests using Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF).

During the presentation, you’ll learn how to build self-propagating attack code that demonstrates the risks posed by XSS and XSRF threats in the wild. Ed and Kevin will walk through a variety of real-world penetration testing scenarios, including:

• Using Durzosploit to obfuscate XSS attacks and bypass controls
• Leveraging MonkeyFist to automate XSRF attack and exploitation
• Demonstrating how attacks that combine XSS and XSRF present elevated risks

> Register here:

We look forward to seeing you there!

> Bonus: Register now and you’ll also get on-demand access to the original recording and slides for Parts I and II of this webcast series.

Best Regards,