[Owasp-sacramento] APRIL 3rd MEETING - OWASP Presentation

Mon Mar 24 14:02:56 EDT 2008

This is a reminder that the next OWASP meeting is up a week from this
Thursday, Apr. 3rd.  Please RSVP so we can get an accurate head count
for the room and food/drinks.

Thanks - Matt

-----Original Message-----
From: owasp-sacramento-bounces at lists.owasp.org
[mailto:owasp-sacramento-bounces at lists.owasp.org] On Behalf Of Petteys,
Matthew
Sent: Thursday, March 06, 2008 10:30 AM
To: owasp-sacramento at lists.owasp.org
Subject: [Owasp-sacramento] APRIL 3rd MEETING - OWASP Presentation

The next OWASP Sacramento meeting will be on Thursday Apr. 3rd at 6pm.
The topic of this meeting will be Passive Web Application Defect
Identification. This meeting will be hosted at EDS Medi-Cal in Rancho
Cordova, CA.  Food, beverage, and the presentation will be provided by
Breach.

Please use the online RSVP form below or contact Mpetteys at caiso.com
By 3/26/07 if you plan to attend.

http://fs2.formsite.com/mpetteys/form826893818/index.html

TOPIC

Identifying web application vulnerabilities has traditionally been
achieved by running vulnerability scanners.  While these tools can been
effective, they have some deficiencies, mainly that they are simply
snap-shots in time and they often add network load on the web
application.  Web application firewalls can help to detect application
defects in applications by monitoring the application as it is used. In
this presentation, Ryan Barnett, Director of Application Security at
Breach, will discuss how deploying a web application firewall can
provide more value beyond simply protecting applications from attack.

Due to their strategic placement within the application's communication
stream, web application firewalls, can provide a great deal of
visibility into how an application is used and detect defects by
watching the interaction between the application and a client. 

This presentation will discuss: 
* Real-time application monitoring - unprecedented insight for security
teams into the communication of application's they are responsible for
protecting
* Application defect detection - scanning vs. monitoring usage
* Enhancements for the application development lifecycle - more
comprehensive application assessment than simulated tests

SPEAKER BIO: Ryan Barnett - Director of Application Security Training

Ryan C. Barnett is a recognized security thought leader and evangelist
who frequently speaks with the media and industry groups.  Ryan is the
director of application security at Breach Security. He is also a
faculty member for the SANS Institute, where his duties include
instructor/courseware developer for Apache Security/Building a Web
Application Firewall Workshop, Top 20 Vulnerabilities Team Member and
Local Mentor for the SANS Track 4, "Hacker Techniques, Exploits and
Incident Handling" course. He holds six SANS Global Information
Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and
Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler
(GCIH), Unix Security Administrator (GCUX) and Security Essentials
(GSEC).  Mr. Barnett also serves as the team lead for the Center for
Internet Security Apache Benchmark Project and is a member of the Web
Application Security Consortium. His web security book, "Preventing Web
Attacks with Apache," was published by Addison/Wesley in 2006.

LOCATION INFORMATION:

Upon arriving at the main entrance, please ask for Robert Grill, office:
916-636-4392, cell: 916-997-9892.  Any problems, please contact Matt
Petteys, 916-873-4716

EDS Medi-Cal
3215 Prospect Park Drive
Rancho Cordova, CA 95670 

http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+D
rive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.
753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=1
6&iwloc=addr
_______________________________________________
Owasp-sacramento mailing list
Owasp-sacramento at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-sacramento