[Owasp-alabama] OWASP Meeting September 4th, 2012

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Fri Aug 31 00:04:01 UTC 2012

After a long break I have re-organized the OWASP chapter a bit. We now have a consistent place to meet for the time being. Special thanks to Alan Jones and Layer 3 Communications. 

The new meeting formats will include focus on theory and application of application security weaknesses. (Primarily web based vulnerabilities, but this naturally extends to all application platforms etc). 

Each meeting there will be introductions and time for networking but the primary focus of each meeting will be on the theory and application of vulnerability discovery, exploitation, and proactive remediation of the vulnerability class covered. 

The Theory:
There will be time explaining a vulnerability class (eg SQL Injection), what it is, what it isn't, what it looks like in various languages and how it can be discovered through source code analysis or blackbox / fuzzing analysis. 

The Application:
During the meeting a common web application will be shared and members will be expected to perform analysis of the software application to discover the vulnerability class covered in the meeting. Members will expand their knowledge on identifying vulnerabilities, exploiting vulnerabilities and remediating and validating vulnerability impact. 

I want to get away from the standard group meeting where it centers around a few people bringing presentations. My hope is that at the beginning of a new meeting those that attended the last meeting will be able to share their findings from the last meetings assignments (those being the apps assessed). What they discovered, stumbling blocks, what type of tools they might want to develop to help with discovery, what type of tools they might want to develop for documentation and remediation. 

At the end of a meeting one volunteer (or team) will be asked to help be the subject matter expert for the next meeting to introduce the next vulnerability class to be discussed as well as the application to be assessed. Members and attendants will be expected to share knowledge and to interact.

This week I cover SQL Injection and bring an application we can all learn to break and fix. 

216 Aquarius Drive, Suite 312
Homewood, AL 35209

Tuesday, September 4th, 2012. 
9:30AM - 10:30AM

Special Thanks to:
Alan Jones from Layer 3 Communications for providing a location for the meeting. 

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"

More information about the Owasp-alabama mailing list