Yesterday was iSEC’s Open Security Forum. It is an informal and open venue to present and discuss security related research and tools. The last meeting was in October of 2007, and I believe they are aiming for quarterly meetings. There were four presentations, and here are my notes from them.

Rich Cannings – Cross Site Scripting and Common ActionScript Coding Practices

Seth David Schoen – Comcast P2P Traffic Analysis

Nate Lawson – Recent Attacks on SSL/TLS

Fred Bret-Mounet – ASP.NET Application Firewall

  • Homebrewed application firewall using ASP.NET’s pipeline model
  • 10-15% overhead

I really liked the variety of topics that were discussed. Between the four talks, I felt like there was something for everyone. iSEC did a great job hosting the event. The next meetup might have to be at a different venue though, as the meeting room was packed. But that’s a good thing right? Also, thanks to Peter Kim for providing his feedback and notes on the event.

Update: I only took a few pictures at the event, but they can be found here.