A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Whitelist is the New Black — Damian Profancik (Circle City Con 2014 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Whitelist is the New Black — Damian Profancik
Circle City Con 2014
http://circlecitycon.com

Abstract: Blacklists are all too commonly seen as a defense against all kinds of attacks. I’ll be discussing the perils of using blacklists and how easily they can be bypassed for attacks such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and File Uploads. I’ll share some of the techniques I’ve used to bypass clients’ blacklists. I will also cover why whitelists should be favored over blacklists and some techniques for proper implementation.

Author Bio: Damian Profancik is a Principal Security Consultant in the Application Security Group of Trustwave’s SpiderLabs. He has worked as a server/network infrastructure and security consultant for over 12 years with the last 4 years solely focused on information security. His main focus has been on application security and vulnerability research. He has worked in this capacity both independently and for a number of companies ranging from small businesses to fortune 100 enterprises. His work has included network penetration testing, application penetration testing, reverse engineering, exploit development, architectural design analysis, code review, and forensics. He is actively involved in the Information Security community through speaking engagements at events DerbyCon, ShmooCon, OWASP, and ISSA, and he is a co-leader for the local OWASP chapter.

Back to Circle City Con 2014 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast