Web application security highlighted at Black Hat
Researchers will shine a light on Web application security at this year's Black Hat USA 2006 gathering.
Microsoft hopes to convince attendees that Windows Vista is the most secure operating system ever, with an entire track of presentations scheduled on the subject. Security researchers will also unveil 15 new exploits, including two targeting NAC and VoIP vulnerabilities in products from Cisco Systems Inc. and other vendors. Database security, particularly regarding Oracle Corp., will also come under scrutiny.
Also at Black Hat, which will be held at Caesars Palace:
David Litchfield, managing director at UK-based Next Generation Security Software Ltd., has unveiled mountains of Oracle flaws at past Black Hat appearances. He will be presenting again this year, though details of this year's presentation were not immediately available.
This year's Black Hat is expected to have a different flavor from recent years for a few reasons. For starters, this will be Microsoft's first appearance at the hacker-oriented gathering. Microsoft security program manager Stephen Toulouse said recently that the idea is to provide deeply technical presentations on Windows Vista security to the hacker community and demonstrate how it's the most secure operating system Microsoft has ever developed.
John Lambert, group manager in Microsoft's Security Engineering and Communications Group, will also be on hand to discuss the security engineering process behind Vista. Specifically, he will show how Vista's engineering process differs from that of Windows XP, and he'll display new features designed to blunt memory-overwrite flaws.
Some attendees may be curious to learn whether the tone of the event will be different from previous years, since the conference is now organized by CMP Media LLC. Black Hat Briefings Director and Founder Jeff Moss sold it to CMP last year.
In a statement, Moss also noted that this is the first year entire tracks will be focused on topics such as databases, VoIP, rootkits, Microsoft and forums.
Last year's confab was dominated by the controversy caused by researcher Michael Lynn's Black Hat demonstration of a Cisco router exploit. Lynn isn't scheduled as a presenter at this year's proceedings, which take place Aug. 2 and 3, but Cisco's products may be under the microscope again as researchers discuss the weaknesses in NAC and VoIP.
Black Hat and Cisco settled a lawsuit about the Lynn affair after conference organizers promised not to proliferate Lynn's findings. A Cisco lawsuit regarding any potential disclosures at this week's conference is considered unlikely because the NAC and VoIP exploits being featured are said to be related to underlying technologies used in many products, not just those offered by Cisco.
This year's conference is expected to attract more than 3,000 technically advanced computer security experts, bringing together a unique mix of federal agents, corporate security professionals and the best underground hackers, CMP said in a press release.
"Highlights include new rootkit tools, new VoIP exploits, a dozen high-level feds, exciting zero-days, new contests, and some secret golden eggs," Moss said.
This article originally appeared on SearchSecurity.com.