March 2007

This month's meeting was at SPARTA's office in Columbia and had 13 attendees.

Matt Fisher presented his talk entitled "Mistakes to Lure Hackers: Vulnerability 2.0". Matt introduced the audience to modern web application vulnerabilities including cross-site scripting, SQL injection and even "blind" SQL injection.

Cross-Site-Scripting and SQL Injection are now the most commonly reported vulnerabilities in the CVE. We will examine the entire genre of web application security and the unique security paradigm required, while zooming in on XSS and SQL Injection. Think Web 2.0 sites are neat? So do the bad guys and we'll examine some of the factors going into the "new web" that makes them so vulnerable to script attacks.

Jason's comment: "I personally saw this talk in NYC and am very grateful Matt was able to present it again for our group. This was the first MetaBUG video recording/streaming, and the quality suffers a bit. We have learned quite a bit from just our first session and expect that future presentations will be much improved in both video and audio quality."

As part of MetaBUG, Matt's talk is available an an MP4 download (95 MB) or via Google Video.

Thank you to Matt for donating his time to share his presentation with our BUG. Thank you to Jason for providing the live video and archive video for the meeting. We'll be planning next month's meeting soon, so stay tuned.