Members of Trustwave's SpiderLabs to Deliver Briefings at Black Hat DC

CHICAGO (January 18, 2011) - Trustwave, a leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, announces that four of the company's information security experts will deliver briefings at Black Hat DC, January 18-19, 2010. The presentations will be delivered by members of SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing, application security and security research.

Session:XSS Street Fight: The Only Rule is There are No Rules
Speaker:Ryan Barnett, Senior Security Researcher, SpiderLabs
Date:Tuesday, January 18, 1:15 p.m.
Description:This session will give an overview of various cross-site scripting (XSS) attacks and defense or evasion lessons learned while working with Trustwave's Web application firewall (WAF) customers. XSS is a type of computer vulnerability usually found in Web applications and an exploited XSS vulnerability can be used by attackers to bypass access controls. Cutting-edge XSS protection methods will be highlighted during this session.


Session:Checkmate with Denial of Service
Speakers:Ryan Barnett, Senior Security Researcher, SpiderLabs
Tom Brennan, Director, SpiderLabs
Date:Tuesday, January 18, 4:45 p.m.
Description:Denial of service (DOS) attacks attempt to make computer resources unavailable to users and can, for instance, be used to take websites offline for days. This session will examine a more malicious form of the DOS attack uncovered in 2009; the history and details of this attack will be featured during the presentation.


Session:Hacking the Fast Lane: Security Issues with 802.11p, DSRC and WAVE
Speakers:Rob Havelt, SpiderLabs Director of Penetration Testing
Bruno Goncalves de Oliveira, SpiderLabs Security Consultant
Date:Wednesday, January 19, 4:45 p.m.
Description:This session focuses on the new 802.11p standards that define functions and services required by Wireless Access in Vehicular Environments (WAVE) stations. This talk will not only analyze the new protocol but will also identify potential security issues relative to the protocol in practical environments, such as toll road implementations.

The findings highlighted by SpiderLabs demonstrate that while old vulnerabilities are still a problem, new threats continue to emerge," says Robert J. McCullen, chairman and CEO of Trustwave. "Security best practices are implemented to prevent the exploitation of known threats, as well as the yet-unknown. With these types of exploitation, impact is enormously decreased for those following best practices."

A press conference with Nicholas Percoco, Senior Vice President and Head of Trustwave's SpiderLabs, and Brennan, will take place January 19, at 10:00 a.m. in the on-site press room at Black Hat. All media are invited to ask questions about the presentations given by SpiderLabs team members as well as Trustwave's Global Security Report 2011, which will be released on January 19.

About Trustwave 
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM, WAF, EV SSL certificates and secure digital certificates. Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit