Two of GuidePoint Security’s consultants will be among the featured instructors and presenters at this bsidesbos_est1year’s Security BSides Boston Conference, on May 20-21, 2016. The event, which is being held at the Microsoft NERD Building, at 1 Memorial Drive, Cambridge, MA, includes key speakers, presentations and training sessions. GuidePoint will also be a participating exhibitor on Saturday, May 21.

David Bressler and Casey Dunham, both members of the GuidePoint Application Security Team, will be leading an “Advanced Web Hacking,” all-day training session on May 20 for a sold-out audience. The pair will also be heading up a presentation titled, “Advanced XSS and Injection Attacks,” slated for May 21.

The Security BSides Boston Conference includes Friday training sessions running from 10 a.m. – 5:30 p.m., while the Conference discussions and presentations will be held from 9 a.m. – 6 p.m. on Saturday, May 21, 2016.

If you are unable to attend the events with Bressler and Dunham, be sure to stop by the GuidePoint Security table on Saturday.

About the Advanced Web Hacking Session

The all-day session involves hands-on learning through an instructor-led, simulated web application assessment against a proprietary web application that was built specifically for this course. The course moves beyond the basic OWASP Top 10 Web Application Vulnerabilities by introducing advanced forms of these common vulnerabilities, built from our own penetration testing experience. Focus is also placed on creating realistic proof of concepts to show higher impact, as well as what an attacker could do if the vulnerabilities were exposed.

About the Advanced XSS and Injection Attacks Presentation

In this presentation, Bressler and Dunham will review advanced forms of Cross Site Scripting (XSS) in the AngularJS framework through improper usage of the AngularJS templating language and injection attacks through the Hibernate Query Language (HQL), as well as breaking the HQL Lexer to run arbitrary SQL commands. They will also be presenting methods of auditing applications for these issues and preventing the vulnerabilities.

About GuidePoint Security LLC

GuidePoint Security LLC provides customized, innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.