iSEC Open Security Forum

About the iSEC Open Security Forum

The iSEC Open Security Forum is an informal and open venue for the discussion and presentation of security related research and tools, and an opportunity for Bay Area security researchers from all fields to get together and share work and ideas. The Forum will meet quarterly in the San Francisco Bay Area. Forum agendas will be crafted with the specific needs/interests of its members in mind and will consist of brief 20-30 minute talks. Talks will not be product pitches or strongly vendor preferential. Attendance is by invite only and will be limited to engineers and technical managers. Any area of security is welcome including reversing, secure development, new techniques or tools, application security, cryptography, etc.

Upcoming Meetings:

Date: Thursday, January 10
Time: 6pm
Location: 115 Sansome Street (at Bush), 15th Floor, San Francisco

Meeting Agenda:

Rich Cannings “Cross Site Scripting and Common ActionScript Coding Practices”
Many common coding practices used by Flash developers introduce Cross Site Scripting (XSS) vulnerabilities. In this talk, We will discuss the Flash security model, two common Flash coding practices, how to find them, and how to fix them. Our examples will use SWFs generated by web authoring tools where a single XSS can affect thousands of websites.

Fred Bret-Mounet
"How to use asp.net's pipeline model to insert an application firewall in front of your web server. This talk will cover the requirements, options, lessons learnt and areas of improvement."

Nate Lawson - "Recent Attacks on SSL/TLS"
Analysis of a couple flaws in SSL/TLS that were addressed in the recent TLS 1.1 release. A very brief overview of the SSL protocol will be provided for background.

Seth David Schoen
"Pcapdiff is a tool developed by the EFF to compare two packet captures and identify potentially forged, dropped, or mangled packets. Two technically-inclined friends can set up packet captures (e.g. tcpdump or Wireshark) on their own computers and produce network traffic between their two computers over the Internet. Later, they can run pcapdiff on the two packet capture files to identify suspicious packets for further investigation." http://www.eff.org/testyourisp/

If you are interested in presenting a short 20-30 minute talk at an upcoming Forum meeting, please email a short abstract and bio to forum@isecpartners.com

Attendance is by invite only and is limited to technical managers and engineers. Please rsvp to: rsvp@isecpartners.com

Past Meetings:

Date: Thursday, October 18

Meeting Agenda:

"RF Wireless Vulnerabilities"
Luis Miras, Reverse Engineer, Ring Zero

"Fenum: a tool to enumerate HTML filtering in web applications"
Josha Bronson, Security Researcher, iSEC Partners, Inc.

"Point, Click, RTPInject"
Zane Lackey and Alex Garbutt, Security Researchers, iSEC Partners, Inc.

WORK WITH iSEC PARTNERS

iSEC Partners is always looking to expand its team of experienced technical professionals and continue to provide best-of-breed security solutions to its Fortune-100 customers.

If you are an experienced security researcher, developer, or consultant, please send an ASCII, PDF, or HTML resume to:

careers@isecpartners.com