Black Hat //Webcast Series
security research in real time
Black Hat Webcast No. 5
Clickjacking and Browser Security
Thursday, November 20 1:00 pm PST/4:00 pm ET • FREE
- Jeff Moss, Founder and Director of Black Hat
- Jeremiah Grossman, Founder and CTO of WhiteHat Security
- Eric Lawrence, Security Program Manager on the Internet Explorer 8 team, Microsoft
"Clickjacking" is all over the news lately. For the uninitiated, it's a set of techniques discovered by Jeremiah Grossman and Robert Hansen that allows an attacker to transparently capture a user's clicks, forcing the user to do all manner of unpleasant things ranging from adjusting security settings to unwittingly visiting websites with malicious code.
The vectors for this attack include all the major browsers and Flash. In co-operation with Adobe, the discoverers delayed public discussion to allow a patch to be created. In the intervening time, other researchers have made partial disclosures, but this is your chance to join co-discoverer Jeremiah Grossman for a Black Hat webcast that deals with the attack from all sides. Bring your questions - we'll have a Q&A session after the presentation.
Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a world-renowned expert
in Web security, co-founder of the Web Application Security Consortium, and named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is
a frequent speaker at major industry events around the globe, a Black Hat veteran, and has been invited to present at a number of
large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack
and defensive techniques; and is a co-author of XSS Attacks. Mr. Grossman is frequently quoted in major media publications such as
InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, Cnet, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat
he was an information security officer at Yahoo!
Eric Lawrence is a Security Program Manager on the Internet Explorer 8 team. He recently spoke at Hack in the Box 2008 and the O'Reilly Velocity Conference. Prior to his current role, Eric was responsible for networking and HTTPS improvements in IE7. Outside of Microsoft, Eric is best known as the developer of the Fiddler web debugging platform, used by security and web professionals worldwide.
WhiteHat Security is the leading provider of SaaS-based website security solutions. WhiteHat enables companies to secure valuable customer data from attack, attain compliance and safeguard brand integrity. WhiteHat Sentinel, the company’s flagship solution, combines WhiteHat’s proprietary vulnerability assessment technology with expert oversight to ensure total, worry-free website security.