Events
Web Application Security Conference
UK and Republic of Ireland (UKRI) Chapter of the IEEE Industrial Electronics Society event, in conjunction with OWASP Cambridge Chapter and Department of Computing & Technology:
The O2 Platform: Exploiting and Fixing Microsoft ASP.net MVC Vulnerabilities.
Wednesday 5 December 2012
The OWASP O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to allow non-security experts to access and consume Security Knowledge. O2 can also be a very powerful prototyping and fast-development tool for .NET (see VisualStudio Extension C# REPL - O2 Platform).
In this presentation, it will be explained how the O2 platform can be used to exploit the overposting vulnerability on top of Microsoft MVC framework. This use case is very important considering that the industry is adopting this framework to build the most efficient and standard compliant applications. In addition it will be illustrated how easy it is to leave the door open in applications and allow attackers to change the behaviour of these products.
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
The O2 Platform: Exploiting and Fixing Microsoft ASP.net MVC Vulnerabilities.
Wednesday 5 December 2012
The OWASP O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to allow non-security experts to access and consume Security Knowledge. O2 can also be a very powerful prototyping and fast-development tool for .NET (see VisualStudio Extension C# REPL - O2 Platform).
In this presentation, it will be explained how the O2 platform can be used to exploit the overposting vulnerability on top of Microsoft MVC framework. This use case is very important considering that the industry is adopting this framework to build the most efficient and standard compliant applications. In addition it will be illustrated how easy it is to leave the door open in applications and allow attackers to change the behaviour of these products.
Guest speaker:
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
Agenda
- 18:00 - 18:15 Welcome from the IEEE IES UKRI and OWASP Cambridge Chapter Leader, Adrian Winckles, Senior Lecturer in Information Security, Anglia Ruskin University
- 18:15 - 19:00 "The O2 Platform: Exploiting and Fixing Microsoft ASP.net MVC Vulnerabilities", Dinis Cruz
- 19:00 - 19:15 OWASP Summer of Code, Future Chapter Events & Conferences
- 19:15 - 20.00 Refreshments & Networking (sandwiches, coffee, tea, juice)
Location
The conference will be held in the Lord Ashcroft Building, Room 003.Please enter through the Helmore Building and ask at reception.
Anglia Ruskin University
Cambridge Campus
East Road
Cambridge
Cambs
CB1 1PT
Get further information on travelling to the university.
-
Facebook
-
Delicious
-
Digg
-
reddit
-
StumbleUpon
© 2013 Anglia Ruskin University
All rights reserved.
Last updated 03 December 2012
All rights reserved.
Last updated 03 December 2012
Cambridge: East Road, CB1 1PT
Chelmsford: Bishop Hall Lane, CM1 1SQ
Peterborough: Guild House, Swain Court,
Oundle Road, PE2 9PW
Chelmsford: Bishop Hall Lane, CM1 1SQ
Peterborough: Guild House, Swain Court,
Oundle Road, PE2 9PW
