• United States



RSA preview: Drive-by downloads: How to avoid getting a cap popped in your app speaker

Feb 09, 20112 mins
Data and Information Security

I’ve been looking over the agenda for RSA Conference 2011, and I’m starting to wonder which talks I’ll go to.

I usually decide such things a couple minutes beforehand, because I like to live security conferences on the edge. But the description of a talk Neil Daswani and Lars Ewe plan to give could be interesting.

Read and judge for yourselves:

Session Code: HT2-203Session Title: Drive By Downloads: How to Avoid Getting a Cap Popped in Your AppSpeaker: Neil Daswani, Co-Founder and Chief Technology Officer of Dasient Inc. and Lars Ewe, Chief Technology Officer and Vice President of Engineering at Cenzic, Inc.

Scheduled Date(s)/Time(s): Wednesday, February 16 11:10 AM

Red Room 104Session Length: 50 minutes

Session Abstract: This talk will present state-of-the-art web-based malware attacks and describe how the techniques used have evolved over time. Learn how today’s attackers use additional mechanisms to inject malicious code, conduct multiple injections into a single web page, use multi-DOM node injections, foil first generation web-based malware scanners and rely on social engineering technologies.Prerequisite knowledge Attendees should have a general understanding of web application security and malware threats.Session learning objectives

Attendees will gain increased awareness of drive-by-downloads, and how they have morphed over time, as well as an understanding of modern drive-by-download techniques. To support this, we will provide code samples of new, modern-day drive-by-download attacks and highly technical information. We will also provide pointers to freely available resources, including a Twitter data feed that can be used by attendees and webmaster to stay on top of the newest drive-by-download infection types.

I’ll highlight more of these as I dig deeper.

–Bill Brenner