addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartrashtriangle-downtriangle-uptwitteruseryahoo

The Singapore Linux October Meetup

  • Oct 17, 2007 · 7:00 PM
  • This location is no longer available

Hi all,

Ok, the special dish that we are whipping up this week is Web Security - served by Mr Deeþan Chakravarthy:

Synopses of Talk:
XSS (Cross Site Scripting), CSRF (Cross Site Reverse Forgery), CRLF(Carriage Return, Line Feed), RFI(Remote File Injection, SQL injection are some of the generally techniques used by attackers to evade web security. I will explain each type of attack with a POC (proof of concept) and also explain some of the famous tools WebScarab, XSS-Proxy, Yahoo pipes, Google Mashup editor, Cal9000 that are very useful for security professionals. Will also analyze the source code Samy's cross site scripting worm, in detail and the techniques he used to breach Myspace security. Will also touch upon the general techniques people use to evade default filters uses by websites to scan for javascript and other malicious code in user input. Using google code search is another way to hunt down software with security holes. For example searching for searching for the PATH_INFO in the code. Will touch upon how Fragment identifier (#sign) can be used to inject long
JS strings into user inputs with very limited length.

See ya all!


Join or login to comment.

  • Buddha

    excellent show

    November 22, 2007

  • A former member
    A former member

    Great talk this month!

    October 22, 2007

  • Lim Kin C.

    Very good presentation. Very informative, especially on loop holes in many Websites. Speaker has also given many references for follow-up.

    October 18, 2007

  • Rudel S.

    It would have been better if not from the technical glitches. They should have provided a wired connection if WIFI is not available (although there is a signal). I will attend future sessions if the topic interest me....

    October 17, 2007

  • A former member
    A former member

    A wonderful presentation on a topic that I can relate to. The content will come in useful in my work.

    The speaker was fantastic and very willingly to share.

    October 17, 2007

  • P.V.Anthony

    we need more of these talks

    October 17, 2007

38 went

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy