SPI Dynamics Expert Researchers to Demonstrate Hacking Ajax Web Applications and the Latest in Hybrid Web Application Worm Threats at Black Hat USA 2007
(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)
115 Perimeter Center Place, N.E.
Atlanta, GA, 30346
Press release date: July 23, 2007
Company's Security Evangelist, Michael Sutton, Will Take Part in Book Signing for the Release of, "Fuzzing: Brute Force Vulnerability Discovery"
ATLANTA, July 23 / -- S.P.I. Dynamics, Inc. (http://www.spidynamics.com/ ), the leading provider of web application security, today announced two of the company's expert researchers will highlight the latest in hacking web applications at the upcoming Black Hat USA 2007 conference at Caesar's Palace in Las Vegas, Nevada, August 1-2. Similar to last year's successful event, this year's Black Hat includes a significant number of talks focused specifically on web application security, underscoring the critical impact aggressively evolving application development technologies such as Ajax are having on today's security industry.
The popularity of Ajax is growing exponentially due to its ability to make web applications much more usable. Unfortunately, far too many people rush into Ajax development without giving proper consideration to the overwhelming possibility of security ramifications that stem from its ability to greatly amplify the same types of common vulnerabilities found in more traditional web applications. Bryan Sullivan, Ajax expert and Senior Security Researcher for SPI Dynamics' SPI Labs research division, will present alongside the Lead SPI Labs Security Researcher and Ajax expert, Billy Hoffman, on Ajax security. The talk titled, "Premature Ajax-ulation" is scheduled during the Black Hat conference on Wednesday, August 1st from 3:15 to 4:30 p.m. PT.
Messrs. Sullivan and Hoffman will also debut a portion of their soon-to- be-released book titled Ajax Security published by Addison-Wesley Professional during Black Hat that will be available to conference attendees in the SPI Dynamics booth (# 9).
Hoffman will co-present another talk at the conference with John Terrill, Executive Vice President and Co-founder of Enterprise Management Technology LLC, focused on the latest in web application hybrid worms. The talk titled, "The Little Hybrid Web Worm that Could" is scheduled for Thursday, August 2nd from 11:15 a.m. to 12:30 p.m. PT. The presentation will discuss the rise in sophisticated web worm attacks over the past year with a look at some of the basic limitations in their methods, including the ability to detect these worms using signatures, making them annoying but ultimately controllable. The presentation will examine the possible evolution of web worms to overcome these limitations, with a description of a hybrid web worm combining both server-side and client side languages to exploit both the web server and the web browser to aid in its propagation across multiple hosts. The presentation will also take a look at how a hybrid web worm could upgrade its infection methods while in the wild by fetching and parsing new web vulnerability information from public security sites, preventing a single silver bullet fix from stopping its propagation, and how web worms could implement polymorphism and source code mutation to evade signature detection systems.
In addition, SPI Dynamics' Security Evangelist, Michael Sutton, will participate in a book signing at Black Hat for the new release of his book titled, Fuzzing: Brute Force Vulnerability Discovery, published by Addison Wesley Professional and co-authored by Pedram Amini and Adam Greene. The signing will take place on Wednesday, August 1st from 3:00 p.m. to 3:15 p.m. PT. For more information on Fuzzing: Brute Force Vulnerability Discovery, please visit http://www.awprofessional.com/bookstore/product.asp?isbn=0321446119&rl=1 .
For more information on SPI Dynamics, please visit http://www.spidynamics.com/ .
About S.P.I. Dynamics, Inc.
SPI Dynamics' comprehensive suite of products and services identify and remediate web application and web services security vulnerabilities throughout the application development lifecycle. These award-winning solutions also enable security professionals, QA testers, and developers to work together to verify compliance with 22 security policies such as SOX, HIPAA and PCI. SPI Dynamics has the most application security testing customers worldwide - over 1,000 clients among Global 2000 enterprises, including four out of five of the world's largest banks and nine out of 10 of the largest banks in the U.S., four out of five of the largest software companies, three out of four of the largest aerospace and defense companies, the four largest accounting firms, the five largest telecommunications companies in the U.S., six out of eight of the largest technology hardware and equipment companies, two out of three of the largest healthcare companies, and over 90 U.S. Federal agencies. The Company is one of the fastest growing in the security industry, ranked 83rd on Deloitte's "Fast 500" list of growing technology companies nationwide and 220th on the Inc. 500. SPI Dynamics has strategic partnerships with Microsoft, IBM, HP and Visa. The Company's R&D team, SPI Labs, is widely recognized as one of the leading authorities on web application security and risk management. For more information, visit www.spidynamics.com or call (866) 774-2700.
Source: S.P.I. Dynamics, Inc.
CONTACT: Michelle Schafer of Merritt Group +1-703-390-1525 cell: +1-703-403-6377 email@example.com or Ashley Vandiver of SPI Dynamics +1-678-781-4841 cell: +1-404-432-8657 firstname.lastname@example.org
Web site: http://www.spidynamics.com/