For those planning to attend LDC this year, I am giving a couple of talks
on security and wanted to see if there is anything in particular that would
be valuable.

It was suggested to me to make one talk about new/interesting/biggest
exploits for 2014.

Other possible topics:

* OWASP Top 10 - either a repeat of last year, or I can focus on a
couple of them and go deep.

* Security testing with Burp Proxy - using a browser proxy to test a
webapp for common vulns (XSS, SQLi, CSRF).

* Clickjacking - go over the attack, the impact, and how to protect
against it.

* Security Web Headers - discuss CSP, XFO, STS headers and why/when to
use them

* Cookie security - discuss security issues of cookies, such as domain
scoping, HTTPOnly and SECURE flags, cookie eviction, cookie jar limits,
oversize cookies = DoS, etc.

* <insert your topic here>


Also, I noticed the morning of October 1 is open, for those arriving a day
sooner. If it's of interest, we can find a spot to sit and have an open
discussion about security topics or discuss your particular situation. Or
I can demonstrate using a browser proxy to perform security testing and/or
I can show a rudimentary method to break CAPTCHAs and/or how to manually
de-obfuscate JavaScript. Anyhow, just a thought to make that morning
interesting.

Replies on- or off-list welcomed.

Thanks,

- Bil
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>