Cross-site scripting, Windows registry

Name: Cross-site scripting, Windows registry
Start: 2013-11-07T18:15:00-05:00
End: 2013-11-07T20:00:00-05:00
Location: Google

Hosted By

Lucy M. and 4 others

Details

Talk 1. Beating XSS with CSP

Cross-site scripting is a vulnerability that has plagued web applications since their existence. A technology known as content-security-policy (CSP), when implemented correctly, can mitigate cross-site scripting vulnerabilities and also force better development practices. This talk discusses what CSP is, how it works, and some challenges in the adoption of this technology.

About

Patrick Thomas is a Security Consultant with over eight years of software development experience spanning multiple technologies and domains. Patrick has spoken on web application security, web malware, exploit kits, and physical security at various conferences including Black Hat USA, Defcon, SecTor and BayThreat, and is the creator of BlindElephant, a remote web application fingerprinting tool.

LinkedIn. Patrick Thomas (https://www.linkedin.com/in/patricksthomas)

Talk 2. Advancements in Windows Registry Forensics

The Registry is a complex database containing valuable information related to hardware, software, and users on Microsoft Windows systems. For far too long the digital forensics and incident response community has been merely scratching the Registry's surface by using outdated tools and methodologies. In this presentation, Mark Spencer, president of Arsenal Recon, will discuss the current state of Windows Registry forensics and the development of Arsenal's Registry Recon.

About

Mark is President of Arsenal Consulting, where he leads engagements involving computer forensics for law firms, corporations, and government agencies. He is also President of Arsenal Recon, where he leads development of computer forensics tools. Mark has more than a decade's worth of law-enforcement and private-sector computer forensics experience and has taught at both Bunker Hill Community College in Boston and the Computer Security Institute.

LinkedIn. Mark Spencer (https://www.linkedin.com/in/markspencer)

Tool of the month by Dawn Carroll
Demo of Zmap. ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies.

Schedule

6:15 - 6:30: Pizza

6:30 - 6:35: Cybersecurity Opener by Akshat

6:35 - 7:00: Beating Cross-site Scripting with Content-Security-Policy

7:05 - 7:15: Tool of the Month by Dawn

7:20 - 7:45: Advancements in Windows Registry Forensics

7:50 - 8:00: Lulzy News by Lucy

8:00+ Wat do?

How to find us (https://www.meetup.com/boston-security-meetup/pages/how_to_find_us/)

Events in Cambridge, MA