Show 032 - An Interview with Jeremiah Grossman
The 32nd episode of The Silver Bullet Security Podcast features founder and Chief Technology Officer of WhiteHat Security, Jeremiah Grossman. Gary and Jeremiah discuss clickjacking, cross-site request forgery, why 50% of web problems can’t be discovered reliably automatically, and which conferences Jeremiah most enjoyed on his 2008 world tour.
- Transcript of this episode [PDF]
- Jeremiah Grossman
- Clickjacking
- Adobe 0-day Browser Exploit
- Cross-Site Request Forgeries: Exploitation and Prevention [PDF]
- Web Spoofing: An Internet Con Game by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach.
- Web application scan-o-meter
- The “Wall of Fame”
November 14th, 2008 at 12:43 pm
[...] Episode 32 of the Silver Bullet Security Podcast features a chat with Web security guru Jeremiah Grossman. Among other things, we talk about the relationship between Web app security and software security. [...]
November 17th, 2008 at 12:40 pm
My interview with Jeremiah prompted me to write a column about the relationship between Web app security and software security. The result is here:
http://www.informit.com/articles/article.aspx?p=1309290
gem
November 24th, 2008 at 11:16 am
[...] at the level where they can be used to find even most of the issues in an application. Myself and others don’t think it will ever get that far. For that reason, I don’t think we can [...]
November 25th, 2008 at 3:57 pm
Re: the carry over of traditional timing attacks to web applications, checkout our 2007 paper/ppt from BlacHat-USA [It's all about the Timing] ((http://www.sensepost.com/research/squeeza) or (http://www.sensepost.com/research_conferences.html))