There will be a lot of new things to see and do at Black Hat this year- but one of the concepts we’re bringing is a blast from the past- the Turbo Talk. We’re particularly excited about the no-nonsense, no stories, no fluff 25 minute format, you’ll see content from almost every corner of security space in these high-speed sessions. For a preview of the breadth you’ll see, check out the talks below.
Clickjacking attacks are no longer new, and there are claims of adequate protection. However, as you’ll see, there is still a lot more work to be done. In Clickjacking Revisited: A Perceptual View of UI Security, Devdatta Akhawe will revisit UI security attacks from a perceptual POV and highlight novel new attacks made possible through a thorough understanding of human perception. Some of these are 100% successful, yet still only scratch the surface of what's possible. Defending against such attacks will be nearly as complex as human perception itself.
Users demand seamless mobile app experiences, but this comes at the expense of security, with fewer forms of checking and validation built into the APIs that facilitate the magic. Of course, this leaves the APIs wide open to exploitation, as Daniel Peck will show in his Turbo Talk, Abusing Web APIs Through Scripted Android Applications. He'll use JRuby to run code from targeted APKs in an easily scriptable way, and show how to use the Burp suite to probe APIs for weaknesses, wrapping up with several case studies that demonstrate popular apps being seriously compromised.
Big data is not just a buzzword, despite its current overexposure in the media. But how can it be used to improve the security posture of an application? In the Turbo Talk Big Data for Web Application Security, Mike Arpaia will explore the pros and cons of big data as they pertain to app security. One of the most important steps is separating the problems that can and should be solved by big data from those that are not so applicable. Upon establishing an understanding of the proper problem domain, his talk will finish with several specific examples of how one security team uses big data daily to solve hard, interesting problems and provide a safer user experience.