[HGI-News-de] Wednesday at 4 PM (ID 03/445) - HackPra: "Defending the Indefensible - The Unsung Battles and Legacy of NoScript"

[Newsletter des Horst Görtz Instituts]

HackPra: 
=======

As a part of the practical course Offensive Security (HackPra), organized by
the Horst Görtz Institute for IT-Security, Giorgio Maone will give the
following talk:

== Defending the Indefensible - The Unsung Battles and Legacy of NoScript ==

== Abstract ==
The NoScript browser add-on is mainly known as a script blocker, for having
popularized basic security concepts such as default deny and whitelisting
applied to JavaScript and other active Web content, e.g.
plugins. But over the time, NoScript has introduced dozens of distinct
protective mechanisms, closely mirroring the history of Web (in)security
research: as soon as new ways the Web was "fundamentally broken" were
announced, NoScript tried to "fix" it, for its users at least. Some of the
countermeasures initially pioneered by NoScript have later been adopted, in
a form or another, inside mainstream browsers, or are even on their way to
formal standardization by the W3C. This talk will reveal the untold story of
NoScript, running through anedoctes, secrets, undocumented features, forgot
discoveries and surprising affinities.

== About the speaker ==
Giorgio Maone is a software developer and security researcher born and
living in Palermo, Italy. He's member of the Mozilla Security Group and
invited expert in the W3C's Web Application Security Working Group.
In 2005 he created the NoScript browser security add-on, which still today
absorbs most of the time and energy left by his main job:
parenting 3 little children.

More information:
http://www.nds.ruhr-uni-bochum.de/teaching/hackpra/