[Owasp-losangeles] OWASP LA Chapter meeting

Goldschmidt, Cassio cassio.goldschmidt at gmail.com
Tue Sep 9 01:50:15 EDT 2008 

Our next OWASP LA chapter meeting is *Tuesday September 16th 6:30PM*
at Symantec
Culver City<http://maps.google.com/maps?q=900+Corporate+Pointe,+90230&ie=UTF8&oe=UTF-8&ll=33.988385,-118.387041&spn=0.010284,0.014055&t=h&z=16&iwloc=addr>.
The meetings are free and everyone is welcome.

If you'd like to attend the meeting please send me a message so that I can
leave your name at the front desk.

Below is a summary of the main presentation.

Hope to see you there,
Cassio

The Web Hacking Incidents Database (WHID) 2007 Report


The web hacking incident database (WHID) is a Web Application Security
Consortium project dedicated to maintaining a list of web applications
related security incidents. The database classifies each reported attack by,
among other criteria, the method used, the outcome of the attack and the
industry and the country of the attacked organization. Based on the database
Breach Labs which sponsors WHID issues a periodical report on trends in Web
Application Security.


By providing answers to questions such as:

   - The drivers behind Web hacking.
   - The technology hackers use.
   - The types of organizations attacked most often.
   - The common outcomes


The presentation will discuss WHID statistics, focusing on rising trends in
Web Attacks in the 1st half of 2008. As the WHID enables research into the
business model behind hacking, the presentation goes beyond discussing the
technical aspects of attacks such as SQL injection crawlers and Web Site
herding, to discussing the business model common to all of the attacks:
Economy of scale.

*Ryan C. Barnett* is a recognized security thought leader and evangelist who
frequently speaks with the media and industry groups.


He is the director of application security at Breach Security. He is also a
faculty member for the SANS Institute, where his duties include
instructor/courseware developer for Apache Security/Building a Web
Application Firewall Workshop, Top 20 Vulnerabilities Team Member and Local
Mentor for the SANS Track 4, "Hacker Techniques, Exploits and Incident
Handling" course. He holds six SANS Global Information Assurance
Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor
(GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security
Administrator (GCUX) and Security Essentials (GSEC).


Mr. Barnett also serves as the team lead for the Center for Internet
Security Apache Benchmark Project and is a member of the Web Application
Security Consortium. His web security book, "Preventing Web Attacks with
Apache," was published by Addison/Wesley in 2006.

*Would you like to speak at an OWASP LA meeting?
*

Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming
meeting please submit your BIO and talk abstract via email to Cassio
Goldschmidt <cassio at mail.com>. When accepted it will be required to use the
following powerpoint OWASP
Template<http://www.owasp.org/images/5/54/Presentation_template.ppt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-losangeles/attachments/20080908/44ea7b80/attachment.html

More information about the Owasp-losangeles mailing list