|Click here for more of Dark Reading's Black Hat articles.|
There will be a lot of new things to see and do at Black Hat this year -- but one of the concepts we’re bringing is a blast from the past: the Turbo Talk. We’re particularly excited about the no-nonsense, no-stories, no-fluff 25-minute format, during which you’ll see content from almost every corner of security space in these high-speed sessions. For a preview of the breadth you’ll see, check out the talks below.
-- Clickjacking attacks are no longer new, and there are claims of adequate protection. However, as you’ll see, there is still a lot more work to be done. In "Clickjacking Revisited: A Perceptual View of UI Security," Devdatta Akhawe will revisit UI security attacks from a perceptual POV and highlight novel new attacks made possible through a thorough understanding of human perception. Some of these are 100% successful, yet still only scratch the surface of what's possible. Defending against such attacks will be nearly as complex as human perception itself.
-- Users demand seamless mobile app experiences, but this comes at the expense of security, with fewer forms of checking and validation built into the APIs that facilitate the magic. Of course, this leaves the APIs wide open to exploitation, as Daniel Peck will show in his Turbo Talk, "Abusing Web APIs Through Scripted Android Applications." He'll use JRuby to run code from targeted APKs in an easily scriptable way, and show how to use the Burp suite to probe APIs for weaknesses, wrapping up with several case studies that demonstrate popular apps being seriously compromised.
-- Big data is not just a buzzword, despite its current overexposure in the media. But how can it be used to improve the security posture of an application? In the Turbo Talk "Big Data for Web Application Security," Mike Arpaia will explore the pros and cons of big data as they pertain to app security. One of the most important steps is separating the problems that can and should be solved by big data from those that are not so applicable. Upon establishing an understanding of the proper problem domain, his talk will finish with several specific examples of how one security team uses big data daily to solve hard, interesting problems and provide a safer user experience.
More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- and online registration, at a reduced rate from onsite, is open until July 24th.