SPI Dynamics to Highlight the Latest in Web Application Security Hacking Trends at Black Hat 2006

July 28, 2006; 04:20 AM
S.P.I. Dynamics, Inc. (www.spidynamics.com), expert in Web application security, announced three of the company's leading researchers will highlight the latest hacking trends at the upcoming Black Hat 2006 in Las Vegas, Nevada, August 2 and 3, 2006. This year's Black Hat includes a significant number of talks focused on Web application security - a clear indicator of the impact Web applications are having on future trends in security.

Bob Auger, Research & Development Engineer for SPI Dynamics, will present alongside the Company's Co-founder and CTO, Caleb Sima, on the use of RSS and Atom feeds as methods of hacking client systems. The talk is titled "Zero Day Subscriptions: Using RSS and Atom Feeds as Attack Delivery Systems," and is scheduled during the Black Hat conference Thursday, August 3rd from 9:00 a.m. until 9:50 a.m. PT. RSS (Really Simple Syndication) is an XML format designed for sharing Web content. The talk will focus on:

     - How Web-based feeds (RSS and Atom formats) can be used as an attacker
       vector.
     - New vulnerabilities and concepts discovered through SPI Dynamics' SPI
       Labs' research.
     - How feeds can be used as hacking vectors for known vulnerability
       deployment, as well as for unknown, zero-day attacks.
     - Expansion of Cross-Site Scripting (XSS) to perform more malicious
       attacks, and, in some cases, command execution.
     - How hacking that utilizes feeds can exploit large scale audiences.
     - Exploitation of Web sites that provide content from feeds on their
       sites.
     - The impact of an application vulnerable to attacks via Web feeds.

In addition Billy Hoffman, Lead SPI Labs Research Engineer, will present two talks at Black Hat focused on hacking, the latest in Ajax threats, and Web application worms and viruses. Mr. Hoffman's first talk entitled, "Ajax (in)security" scheduled for Thursday, August 3rd from 11:15 a.m. until 12:30 p.m. PT, will comprehensively discuss the fundamental security issues of Ajax, which include browser/server interaction issues, application design issues, vulnerabilities in work-arounds like Ajax bridges, and how the hype surrounding Web 2.0 applications is actually increasing security risk. The discussion will examine the different hacking techniques used against Ajax applications, and how to properly design an Ajax application to avoid these security issues. It will also include a demonstration of how to secure existing applications.

Mr. Hoffman, will also present "Analysis of Web Application Worms and Viruses" scheduled at the Black Hat conference Thursday, August 3rd from 4:45 p.m. until 6:00 p.m. PT. The presentation will analyze the scope of new application-level hacking threats by examining how Web worms and viruses operate with regard to propagation methods, execution paths, payload threats and limitations, and design features. Mr. Hoffman will closely dissect source code of recent Web application worms such as the Perl.Sanity worm and the MySpace.com virus to better understand how these programs function in the wild, as well as take a look at hypothetical situations of future worm programs. The talk will conclude with guidelines for implementing Web application security pre and post production.

In addition, SPI Dynamics will host a book signing at Black Hat for Caleb Sima's publishing debut in the newly released book titled, Hacking Exposed Web Applications: Web Security Secrets & Solutions, Second Edition, published by McGraw-Hill/Osborne and co-authored by renowned Web application security specialists Joel Scambray and Mike Shema, at the company's Black Hat booth on Wednesday, August 2nd from 6:00 p.m. until 6:30 p.m. PT. For more information on Hacking Exposed Web Applications: Web Security Secrets & Solutions, Second Edition, please visit http://www.webhackingexposed.com/.

    For more information on SPI Dynamics, please visit www.spidynamics.com.

    About S.P.I. Dynamics Incorporated
    Start Secure. Stay Secure.
    Security Assurance Throughout the Application Lifecycle

SPI Dynamics delivers a comprehensive suite of products and services (http://www.spidynamics.com/products/index.html) that help to identify and remediate Web application and Web services security vulnerabilities found at key stages throughout the Web Application Lifecycle. SPI Dynamics solutions enable security professionals, QA testers, and developers to work together to assess, analyze, and remediate Web applications and Web services for security vulnerabilities, and verify compliance with over 20 security policies like SOX, HIPAA and PCI. The Company's unique approach of patent-pending Intelligent Engines(TM) technology combined with the largest Web application security vulnerability knowledgebase in the industry delivers unparalleled speed and accuracy. SPI Dynamics' research and development team, SPI Labs, is widely recognized as one of the world's leading authorities on Web application security and risk management. The Company has over 750 customers among Global 2000 enterprises, including over 70 U.S. Federal accounts, and has strategic partnerships with Microsoft, IBM, Mercury, CSC and Visa with Visa investing in the Company in 2005. SPI Dynamics is privately held with headquarters in Atlanta, Georgia. For more information on Web application security, visit www.spidynamics.com or call (866) 774-2700.