[OWASP-HongKong] Seminar held with HKJUG

Anthony, Cheuk Tung, LAI anthonylai at owasp.org
Wed Mar 16 12:45:37 EST 2005 

Dear all,

Here is the reply from HKJUG, in fact, I plan to hold a seminar with HKJUG
on 25 June about web appl. security in J2EE, any ideas for that? In
addition, Willie from HKJUG has mentioned some content whether we could
cover. Let us discuss over it in the next meeting.

Regards,
Anthony
----------------------------------------------



Dear Anthony,


> Dear Willie,
>
> I believe that it should be fine to me, but I need to discuss with the
> members, it may be better we put to 25 June.
>

25 June is fine with us.

> The outline will be:
> * Top 10 Web Application Vulnerability

Great topic.

> * Hacking demonstation with WebGoat

For the hacking demonstration, I suppose it got to hack a
Tomcat/Jboss/WebLogic/WebSphere.  Will this demo focus on firewall, and
web server infrastructure or the Java technologies?

> * Request/Response intercept with using WebScarab

JAAS, JCE, J2EE Security, Java Authorization Contract for Containers
(JACC, JSR115)
etc. are more relevant to HKJUG members.  Will this topic be in the
context of Java?

> * Web Application Security applied with BS7799 standard (International
> information security management standard)
>

This is great.

Another area may be single sign-on related security issues.  What do
developers have
to beware of?

Regards,


--

- Hide quoted text -
Willie Vu

HKJUG - http://hkjug.dev.java.net

Regards,
Anthony

--------------------

Dear Anthony,

Happy Chinese New Year!

--- "Anthony Cheuk Tung, LAI, CISSP, CISA" <anthonation at gmail.com> wrote:

> Dear Willie,
>
> It is readily good indeed because I would like to
> conduct a session of
> talking about Web Appl. security and I could provide
> a demo on how to
> hack a J2EE web appl  indeed, do you feel it is
> possible?
>
> The aim is to promote security awareness to public
> and I have talked
> about it to William before indeed.
>
> Please feel free to let me know your idea and you
> could read OWASP web
> site for those available resources. If possible, we
> could go ahead to
> plan for the seminar.
>

It will be great if we can have you come over and hold a seminar on
security.  A presentation that focuses on how to develop secured
applications and areas our members should beware will definitely be
beneficial to them.  In addition, intrusion instances or examples of
implication of security ignorance will help illustrate the importance of
security.

We are in the process of planning presentations for this year.  Please let
me know your availability and I'll work out a date at your
convenience.

--
Willie Vu

HKJUG - http://hkjug.dev.java.netin web development



--------------
Regards,
Anthony LAI, CISSP, CISA, OCP, SCWCD
Chapter Leader
OWASP (Hong Kong Chapter)
Web: http://www.owasp.org
Web(HK Chapter): http://www.owasp.org/local/hongkong.html

Aim to promote security awareness to professionals in web development

More information about the Owasp-hongkong mailing list