Next Meeting: October 9th, 2008 at 7pm

Date: October 9th, 2008
Time: 7pm
Place: EE1 Building (Electrical Engineering)
Room 403
University of Washington Campus
Subject: Identifying, attacking, and limiting attack points on your
Presenter: Tom Gallagher

Finding security bugs is often regarded as an activity requiring secret powers or extremely specialized knowledge. Some security bugs are difficult to uncover and require deep knowledge. However, with basic knowledge many areas can be tested without much effort. This presentation shows how identify and limit attack surface (both application and network layer), perform basic security testing using simple tools, and the difference in effort between finding a bug and exploiting it. A live demo will be given on how to identify and exploit a previously unknown security bug across the network.


Tom Gallagher has been intrigued with both physical and computer security from a young age. He is currently the lead of the Microsoft Office Security Test team. This team is primarily focused on penetration testing, writing security testing tools, and educating program managers, developers, and testers about security issues. Tom co-authored the MSPress title “Hunting Security Bugs” and has presented at OWASP (Seattle), Black Hat, and the TechEd conferences.