Westin Fort Lauderdale Beach Resort
321 North Fort Lauderdale Beach Boulevard
Fort Lauderdale, FL 33304
Map »

Platinum Sponsors

The Rich Web Experience 2011 Brochure - Download

Johannes Ullrich

Chief Research Officer of SANS Technology Institute

Dr. Johannes Ullrich is Dean of Faculty, Chief Research Officer and a faculty member of SANS Technology Institute. Johannes also serves on the following SANS Technology Institute committees: Faculty and Administration, Curriculum and Long Range Planning. As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida.

Presentations

Security Impact of HTML5

HTML 5 does more then add a couple new and nifty tags to the venerable HTML markup language. It has to be seen as part of the new dynamic web which no longer delivers static documents but dynamic applications that interact with backend web services.

This talk will discuss some of the more prominent and complex features of HTML and explore how a developer can use these features securely. We will demonstrate some attacks and walk through how different defenses mitigate these attacks. One of the focus areas will also be privacy and how the user data can be protected within HTML 5 applications.

Measuring Compromise: techniques to detect and quantify large scale automated web application exploits

About ten years ago, collecting firewall logs and aggregated analysis of rejected packets was a good measure of prevalent automated attacks originating from worms, and later bots. However, over time attacks moved up the stack and Firewall logs became less interesting. Currently, most attacks against servers use open ports and attack the applications listening on these ports. In some ways, web applications have become the new firewall, and collecting data about web application attacks has become an important research topic. However, collecting web application attack logs from live networks has proven itself to be a lot harder then collecting firewall logs. Privacy, log formats and data volume are just some of the topics that need to be considered.

We will discuss the different approaches used to collect web application attack data and present some results from our new 404 project.

Featured Sessions

Featured Speakers

Estelle Weyl

Open Web Standardista

Estelle Weyl started her professional life in architecture, then managed teen health programs. In 2000, she took the natural step of becoming a web standardista. She has consulted for Kodakgallery, Yahoo! and Apple, among others. Estelle shares esoteric tidbits learned while programming CSS, JavaScript and XHTML in her blog at http://evotech.net/blog and provides tutorials and detailed grids of CSS3 and HTML5 browser..More »

Brian Sam-Bodden

Java author, Ruby geek and Open Source Advocate

Brian Sam-Bodden is an author, instructor, speaker and hacker that has spent over fifteen years crafting software systems. He holds dual bachelor degrees from Ohio Wesleyan University in computer science and physics and heads Integrallis http://www.integrallis.com. He is a frequent speaker at user groups and conferences nationally and abroad. Brian is the author of "Beginning POJOs: Spring, Hibernate, JBoss and Tapes..More »

Nathaniel Schutta

Author, speaker, software engineer focused on user interface design.

Nathaniel T. Schutta is a senior software engineer focussed on making usable applications. A proponent of polyglot programming, Nate has written two books on Ajax and speaks regularly at various worldwide conferences, No Fluff Just Stuff symposia, universities, and Java user groups. In addition to his day job, Nate is an adjunct professor at the University of Minnesota where he teaches students to embrace dynamic lan..More »

Tim Berglund

Developer, Consultant, Author

Tim is a full-stack generalist and passionate teacher who loves coding, presenting, and working with people. He believes the best developer is one who is well-informed of specifics and can also make deep connections between software development and the broader world. He has recently been exploring non-relational data stores, continuous deployment, and how software architecture should resemble an ant colony. His fi..More »

Dan Allen

Principal Software Engineer - JBoss by Red Hat, Author, Open Source Advocate

As Principal Software Engineer at JBoss, by Red Hat, Dan serves as the JBoss Community liaison, leads the JBoss Testing Initiative and is a member of the Seam, Weld, Arquillian and ShrinkWrap projects. He authored Seam in Action (Manning), served as a representative for Red Hat on the JSR-314 Expert Group (JSF 2.0), writes for IBM developerWorks and NFJS magazine and is an internationally recognized speaker. He's app..More »

Blogs

Location

Westin Fort Lauderdale Beach Resort
321 North Fort Lauderdale Beach Boulevard
Fort Lauderdale, FL 33304
View Map

Stay Informed

Not ready to register yet? Enter your email here to receive update notifications about this event.

Name:
Email: