Ruxmon June Meeting

Posted by Ruxcon on 30 June 2010

As most of you probably know we've been running Ruxcon Monthly Meetups in Melbourne.

For those unfamiliar, the format is a group of volunteer presenters from the local security community jumping up in front of the room to give a 5 to 20 minute talk on any security-related topic. Following the talks everyone usually makes their way over to one of the local bars for a beer and a chat.

So far we've had a host of great speakers covering a range interesting topics from source code auditing and vulnerability identification, OpenSSH privilege separation to a question and an answer panel with Wikileak's founder Julian Assange.

The most recent event was held on Friday, June 25.

First up was Sash telling us some stories from his experience as a security consultant. Sash has been around the trenches for a while, has had some interesting clients in that time. He gave some insight into various things that he's witnessed over the years.

Second up was Tim with his talk on PHP web application security. Tim gave a solid introduction to various bug classes that arise in poorly written (and even properly written?) PHP applications. The talk covered the usual XSS, CSRF and file include vectors we've all come to know and love and backed them up with some solid examples as well providing countermeasures and techniques to avoid these problems in your own code.

Finally, Eldar presented his hobby tool called Graudit, which he developed to do a quick assessment of source code to identify vulnerabilities using a library of regular expressions. The talk was a good example of what can be achieved using only simple techniques. Eldar even threw in a 0day his tool found for good measure.

The three sets of slides from this month's presenters can be found at the end of the post.

If you have a project or an idea and you think you would like to present, please let us know. The format is informal and we welcome people from the community to present.

We look forward to seeing you all next month!

Pownage Coquillage: Real World Tales From The Trenches - Sash Biskup (Stratsec)
Unsanitary Web Activities - Tim Noise (MovingData)
Static analysis with Graudit - Eldar Marcussen