Monday, March 16, 2009

SOURCE BOSTON experience

I recently came back from Boston were i attended to the SOURCE Conference Boston.

It was really a good conference, an excellent speaker line up, and a great environment to do networking and meet new people from the industry.

The conference had a great balance between technical talks and business talks, addressing all the needs of a security professional.

The conference started with an excellent speech by Peter Kuper, who gave his vision about the security market in these turbulent times. (speech transcript here).

Then during the conference, i attended the followings talks:

How Microsoft fixes security Vulnerabilities, interesting insight about what happens behind the courtain of a security update.

Politically Motivated Denial of Service Attacks, Jose Nazario.

Mac OS Xploitation, Dino Dai Zovi (Dino promised to transform OSX in a first class citizen in Metasploit)

Attacking Layer 8: Client Side penetration testing, Chris Gates and Vince Marvelli. They show how easy is to own the end user.

DNS: Towards the Secure Infrastructure, Dan Kaminsky. This was the same presentation as DC.

Day 2:

L0phtCrack 6 Release

400 apps in 40 days, Sahba Kazerooni. He explained how he faced a weird project of 400 applications in 40 days.

Get rich or Die Trying, Jeremiah Grossman. A cool talk on how to earn money exploiting different application vulnerabilities.

Vulnerabilities in Application Interpreters and Runtimes. Erik showed some vulnerabilities on different widely deployed interpreters and runtimes.

Day 3:

Dissecting Foreign Web Attacks, Val Smith. Val analyzed a web attack from start to end, great info in his talk.

That's all for 3 days.

Greets to Chris Gates, Vince Marvelli, Val Smith, Jose Nazario, Stacy Thayer, Christien Rioux, and everyone that i met at Boston.

Now SOURCE Barcelona is next, in the coming days we will launch the Call for papers, don't miss this great conference in this great city :)


No comments:

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...