[Owasp-losangeles] IMPORTANT: OWASP LA meeting moved to Wednesday 17th
cassio.goldschmidt at gmail.com
Mon Sep 15 18:33:59 EDT 2008
*OWASP LA meeting will take place* *Wednesday 17th, *6:30 PM at Symantec.
- If you already confirmed your presence there is no need to confirm it
- If you have not confirm your presence, please take the opportunity to
reply to me confirming.
Here is the abstract for our main presentation:
*The Web Hacking Incidents Database (WHID) 2007 Report *
The web hacking incident database (WHID) is a Web Application Security
Consortium project dedicated to maintaining a list of web applications
related security incidents. The database classifies each reported attack by,
among other criteria, the method used, the outcome of the attack and the
industry and the country of the attacked organization. Based on the database
Breach Labs which sponsors WHID issues a periodical report on trends in Web
By providing answers to questions such as:
- The drivers behind Web hacking.
- The technology hackers use.
- The types of organizations attacked most often.
- The common outcomes
The presentation will discuss WHID statistics, focusing on rising trends in
Web Attacks in the 1st half of 2008. As the WHID enables research into the
business model behind hacking, the presentation goes beyond discussing the
technical aspects of attacks such as SQL injection crawlers and Web Site
herding, to discussing the business model common to all of the attacks:
Economy of scale.
*Ryan C. Barnett* is a recognized security thought leader and evangelist who
frequently speaks with the media and industry groups.
He is the director of application security at Breach Security. He is also a
faculty member for the SANS Institute, where his duties include
instructor/courseware developer for Apache Security/Building a Web
Application Firewall Workshop, Top 20 Vulnerabilities Team Member and Local
Mentor for the SANS Track 4, "Hacker Techniques, Exploits and Incident
Handling" course. He holds six SANS Global Information Assurance
Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor
(GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security
Administrator (GCUX) and Security Essentials (GSEC).
Mr. Barnett also serves as the team lead for the Center for Internet
Security Apache Benchmark Project and is a member of the Web Application
Security Consortium. His web security book, "Preventing Web Attacks with
Apache," was published by Addison/Wesley in 2006.
See you Wednesday,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-losangeles