I continued the first day by listening to Roberto Suggi Liverani discuss using browser automation frameworks and web proxy APIs to assist the assessment of client-side applications. He demonstrated the use of an extension for Burp Suite called the CSJ extension that combines the use of Crawljax JUnit and Selenium web driver. [video]
With the unfortunate absence of Gareth Heyes, Erlend Oftedal stepped in to provide a presentation about implementing and testing RESTful web services. He described common difficulties such as session timeout, third party authentication, anti CSRF tokens, cryptography, access control, replay attacks, and XML attacks. He presented a series of recommendations to avoid common pitfalls. [video]
Throughout both conference days an open source security showcase was running, with each project having a dedicated room and expert available for discussion, assistance and hands-on demonstration. These proved to be very popular due to the quality of the topics and facilitators.
Florian Stahl and Johannes Stroeher jointly presented a methodical approach for texting mobile applications that included information gathering, threat modelling, enumeration, code and component review and dynamic testing. [video]
Two locations were provided for refreshment and food breaks, one on each conference level. These were heavily used by the delegates and were also where there was an opportunity to meet with the various conference sponsors and other supporters.
To conclude the first day, I listened to the final talk on the HackPra track by the track's enigmatic co-organiser Mario Heiderich. He discussed XSS attacks and how it is normally possible to bypass any form of filtering, especially when there are bugs in the web browsers themselves, unless strict whitelist approach is utilised. He reiterated that it is important to be extremely wary of user-generated CSS. [video]
On the Thursday evening, we were treated to the conference dinner on board the museum cargo ship Cap San Diego. And some beers. Pre-dinner drinks were available on the deck, dinner was on two levels within the extensive cargo hold, and there was an opportunity to have a guided tour of the vessel afterwards with one of the former sailors.
Posted on: 06 September 2013 at 10:31 hrs