Security Group

From Noisebridge
Jump to navigation Jump to search

Meeting notes from October 22, 2009:

I figured I should post this before I forget.

We covered the fundamentals.... what is input validation, the basic relationship between a client and a server.

Next, showed how HTML forms work, and how you can use server response from forms to manipulate data. Used this to explain cross site scripting.

Then went over what happens when you bring javascript into the mix, gave some scary (or funny) examples of stuff that really happened.

Covered basic security resolutions: whitelisting (hash tables, regex, dictionaries...), NoScript, and a few other things.

A few good resources for those who attended (or those who missed):

Tools of the trade: LiveHTTPHeaders, NoScript, Web Developer Toolkit, Paros Proxy, Burpsuite Names to follow: Jeremiah Grossman, Billy Hoffmann, RSnake Sites to check out: gnucitizen.org, ha.ckers.org