Presentation 1: Path Relative Style Sheet Injection: Strange but True
Abstract: Originally discussed by Gareth Heyes, PRSSI is a type of reflected
cross site scripting that takes advantage of the difference in path parsing
between browsers and web application servers. PRSSI allows cascading style sheet
scripts to be injected via the URL path in a most interesting way.
Presentation 2: Introduction to the Mutillidae II Web Application Security
Training Environment
Abstract: OWASP Mutillidae II is a free, open source, deliberately vulnerable
web-application that can be installed on Linux and Windows. With dozens of
vulnerabilities and hints to help the user; this is an easy-to-use web hacking
environment designed for labs, security enthusiast, classrooms, CTF, and
vulnerability assessment tool targets.
Bio: Jeremy Druin GISF, GSEC, GPEN, GXPN, GWAPT, GMOB, Sec+ Email: jeremy@ellipsisinfosec.com
Twitter: @webpwnized Jeremy works as a internal pen-tester, application security
consultant, and defect-remediation expert for a multi-national transportation
logistic company. Jeremy is also the owner of Ellipsis Information Security
assisting the community with these security services. Additionally Jeremy
develops the open-source Mutillidae 2.x training environment and teaches on
security topics. As a Director of Education for the Kentucky ISSA chapter,
Jeremy presents on web application pentesting and remediation along with
operating the "webpwnized" YouTube video channel. Jeremy has a Bachelors in
Computer Science from Indiana University and is a GIAC-certified Web
Application, Mobile and Network Pen-Tester.
Printable version of this article