| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <253e13910703152146m29e10172w64aac611b5c54739@mail.gmail.com> Date: Fri, 16 Mar 2007 10:16:26 +0530 From: "Hakuna Matata" <narender.hooda@...il.com> To: "Gadi Evron" <ge@...uxbox.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Tel Aviv University Security Forum - 18th of March is there any English version of this site available --Hakuna On 3/16/07, Gadi Evron <ge@...uxbox.org> wrote: > TAUSEC - The Security Forum, hosted by Tel-Aviv University, next meeting > will take place on: Sunday, March 18, at 18:30. > > Location: Tel-Aviv University, Lev Auditorium > Map: http://www2.tau.ac.il/map/unimapl1.asp > > Attendance is free, light refreshments will be served > > Schedule: > --------- > 18:30 - A taxonomy & tool for automated vulnerability chaining and path > discovery Topic Synopsis > - Toby Kohlenberg > > Level: Technical/High > Language: English > > Abstract: > > ----------------- > > Vulnerabilities are occurring with increasing frequency and the > resources required to manage mitigation are increasing in parallel. > > Unfortunately, current best practices still evaluate the majority of > vulnerabilities as unique unrelated events. This method of evaluation is > an understandable choice but does not accurately reflect how the > vulnerabilities may be used by attackers. In this project we attempted > to find a way to evaluate combinations of vulnerabilities in an > automated fashion. > > We created a taxonomy that allows us to describe vulnerabilities and > their connections to each other. We then used these descriptions to > create a graph showing the interconnections between the vulnerabilities > and used that to find pathways to complete system compromise. > > The system we used to judge the effectiveness of this approach is a > feature rich web application which allows a user to quickly and easily > describe a vulnerability and its interactions and then explore its > relationship to other vulnerabilities. > > ----------------- > > > Sicne the lecture begins late, we will have only one speaker. > > More details and past lectures can be seen at: > http://www.cs.tau.ac.il/tausec/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists