[OWASP-HongKong] Seminar held with HKJUG
Anthony, Cheuk Tung, LAI
anthonylai at owasp.org
Wed Mar 16 12:45:37 EST 2005
Here is the reply from HKJUG, in fact, I plan to hold a seminar with HKJUG
on 25 June about web appl. security in J2EE, any ideas for that? In
addition, Willie from HKJUG has mentioned some content whether we could
cover. Let us discuss over it in the next meeting.
> Dear Willie,
> I believe that it should be fine to me, but I need to discuss with the
> members, it may be better we put to 25 June.
25 June is fine with us.
> The outline will be:
> * Top 10 Web Application Vulnerability
> * Hacking demonstation with WebGoat
For the hacking demonstration, I suppose it got to hack a
Tomcat/Jboss/WebLogic/WebSphere. Will this demo focus on firewall, and
web server infrastructure or the Java technologies?
> * Request/Response intercept with using WebScarab
JAAS, JCE, J2EE Security, Java Authorization Contract for Containers
etc. are more relevant to HKJUG members. Will this topic be in the
context of Java?
> * Web Application Security applied with BS7799 standard (International
> information security management standard)
This is great.
Another area may be single sign-on related security issues. What do
to beware of?
- Hide quoted text -
HKJUG - http://hkjug.dev.java.net
Happy Chinese New Year!
--- "Anthony Cheuk Tung, LAI, CISSP, CISA" <anthonation at gmail.com> wrote:
> Dear Willie,
> It is readily good indeed because I would like to
> conduct a session of
> talking about Web Appl. security and I could provide
> a demo on how to
> hack a J2EE web appl indeed, do you feel it is
> The aim is to promote security awareness to public
> and I have talked
> about it to William before indeed.
> Please feel free to let me know your idea and you
> could read OWASP web
> site for those available resources. If possible, we
> could go ahead to
> plan for the seminar.
It will be great if we can have you come over and hold a seminar on
security. A presentation that focuses on how to develop secured
applications and areas our members should beware will definitely be
beneficial to them. In addition, intrusion instances or examples of
implication of security ignorance will help illustrate the importance of
We are in the process of planning presentations for this year. Please let
me know your availability and I'll work out a date at your
HKJUG - http://hkjug.dev.java.netin web development
Anthony LAI, CISSP, CISA, OCP, SCWCD
OWASP (Hong Kong Chapter)
Web(HK Chapter): http://www.owasp.org/local/hongkong.html
Aim to promote security awareness to professionals in web development
More information about the Owasp-hongkong