John’s presentation is entitled “Office 2.0: Software as a Service, Security on the Sidelines?” Click here to read the abstract.

About OWASP

“The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under an open source license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.”

David’s presentation is entitled “A Discussion on Memory-Resident Backdoors in Oracle“.

“Oracle “rootkits”, in other words backdoors, have been discussed in the past but none that merit any serious concern. So far, those that have been presented are simple and trivial to spot. This presentation will look at memory-resident backdoors that are considerably harder to find, delivery mechanisms and potential defences. A working example will be demonstrated.”

Further details can be found here.

David’s talk was entitled “Database Security: a Christmas Carol“.

“In 2006 there were 335 publicized data breaches in the United States. With the 5th anniversary of SQL Slammer worm drawing near, now is as good a time as any to look back on the past for database security and ask how far have we come since then and is our data any more secure today? And what of tomorrow - how will our database systems fare in a world of emerging threats? Have we learnt our lesson or will we be consigned to the graveyard of statistics?”

A PDF verision of the Slides can be downloaded here.

David’s talk is entitled “Database Security: a Christmas Carol“.

“In 2006 there were 335 publicized data breaches in the United States. With the 5th anniversary of SQL Slammer worm drawing near, now is as good a time as any to look back on the past for database security and ask how far have we come since then and is our data any more secure today? And what of tomorrow - how will our database systems fare in a world of emerging threats? Have we learnt our lesson or will we be consigned to the graveyard of statistics?”

A PDF verision of the Slides can be downloaded here.

The conference is being held at the ExCeL London Exhibition & Conference Centre, Royal Victoria Dock and runs from the 26th November 2007 - 5th December 2007. Further details can be found here.

Members of NGSSoftware offered 5 training courses this year, including “Web Application (In)Security” and “Microsoft Ninjitsu: Black Belt Edition“.

Briefings (1st-2nd August 2007)

Members of NGSSoftware presented the following briefings:

David Litchfield Jnr - “Database Forensics”

Barrie Dempster - “VoIP Security: Methodology and Results” - Download the presentation here

Jonathan Lindsay - “Attacking the Windows Kernel” - Download the whitepaper here

John Heasman - “Hacking the Extensible Firmware Interface” - Download the presentation here

For further information, please visit the main Black Hat USA 2007 website.

“LayerOne is a computer security conference located in Pasadena, California. We are currently in our third year of operation. We are featuring speakers from all across the globe and on topics ranging from shellcoding and VoIP Security to Reponsible Disclosure and SCADA Systems. Our speakers come from a diverse background and include a focus not just on the nuts and bolts of technology but the social impact as well. Our event is located at the Pasadena Hilton and is just a few minutes walk from historic Old Town Pasadena.“