Speakers
- Venkat Subramaniam
- Matt Stine
- Brian Sletten
- Ken Sipe
- Nathaniel Schutta
- Pratik Patel
- Matthew McCullough
- Neal Ford
- Tim Berglund
- Peter Bell
- Craig Walls
- Kris Zyp
- Nicholas C. Zakas
- Andrew Wirick
- Chris Wilson
- James Williams
- Greg Wilkins
- Mike Wilcox
- Dustin Whittle
- Estelle Weyl
- Johnny Wey
- Eric Wendelin
- Rich Waters
- David Verba
- Tom Valletta
- Johannes Ullrich
- Tenni Theurer
- Etienne Studer
- Steve Souders
- Deryk Sinotte
- Scott Shattuck
- Bill Scott
- Matt Schmidt
- Dylan Schiemann
- Christian Schalk
- Brian Sam-Bodden
- Terry Ryan
- Alex Russell
- Rob Rusher
- Rick Ross
- Tom Robinson
- Torrey Rice
- Aza Raskin
- Nandini Ramani
- Matt Raible
- Vic Patterson
- Noah Paci
- Aaron Newton
- Mark Murphy
- Rebecca Murphey
- William Morris
- Eric Miraglia
- Eric Miller
- Steffen Meschkat
- Dustin Machi
- Kevin Lynch
- Andrew Lombardi
- Howard Lewis Ship
- Brian Leroux
- Nik Krimm
- Dave Klein
- Sean Kane
- Tim Kadlec
- Bruce Johnson
- Denise Jacobs
- Bob Ippolito
- Kevin Hoyt
- Molly Holzschlag
- Josh Holmes
- Mike Heath
- Erik Hatcher
- Patrick Haney
- Clint Hall
- Kevin Hakman
- Aaron Gustafson
- Arun Gupta
- Nate Grover
- Mike Girouard
- Jesse James Garrett
- Thomas Fuchs
- Jon Ferraiolo
- Szczepan Faber
- Cal Evans
- Ben Ellingson
- Nicholas Eddy
- Scott Dietzen
- Gabriel Dayley
- Luke Daley
- Patrick Chanezon
- David Chandler
- Ludovic Champenois
- Max Carlson
- Bob Byron
- Thomas Burleson
- Ryan Breen
- David Boloker
- David Bock
- Rey Bango
- Tom Ball
- Dan Allen
- Brad Abrams
Johannes Ullrich
Chief Research Officer of SANS Technology Institute
Dr. Johannes Ullrich is Dean of Faculty, Chief Research Officer and a faculty member of SANS Technology Institute. Johannes also serves on the following SANS Technology Institute committees: Faculty and Administration, Curriculum and Long Range Planning. As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida.
Presentations
Security Impact of HTML5
HTML 5 does more then add a couple new and nifty tags to the venerable HTML markup language. It has to be seen as part of the new dynamic web which no longer delivers static documents but dynamic applications that interact with backend web services.
This talk will discuss some of the more prominent and complex features of HTML and explore how a developer can use these features securely. We will demonstrate some attacks and walk through how different defenses mitigate these attacks. One of the focus areas will also be privacy and how the user data can be protected within HTML 5 applications.
Measuring Compromise: techniques to detect and quantify large scale automated web application exploits
About ten years ago, collecting firewall logs and aggregated analysis of rejected packets was a good measure of prevalent automated attacks originating from worms, and later bots. However, over time attacks moved up the stack and Firewall logs became less interesting. Currently, most attacks against servers use open ports and attack the applications listening on these ports. In some ways, web applications have become the new firewall, and collecting data about web application attacks has become an important research topic. However, collecting web application attack logs from live networks has proven itself to be a lot harder then collecting firewall logs. Privacy, log formats and data volume are just some of the topics that need to be considered.
We will discuss the different approaches used to collect web application attack data and present some results from our new 404 project.