[Owasp-austin] WhiteHat Security founder and CTO presenting in San Antonio and Houston

Foster, Scott sfoster at austinnetworking.com
Thu Oct 4 10:39:09 EDT 2007


	
  

On behalf of the OWASP Houston and San Antonio Chapters, you are
cordially invited to the October meetings featuring WhiteHat Security
founder and CTO, Jeremiah Grossman. 

OWASP Meeting - Houston, TX 
October 10, 2007, 5:30 PM | Microsoft Campus
<http://local.live.com/default.aspx?v=2&cp=29.745134~-95.55198&style=r&l
vl=14&scene=4136079&sp=Point.nyqvw37130x6_2000%20W.%20Sam%20Houston%20Pk
wy.%20S.%2c%20Houston%2c%20TX%2077042%2c%20United%20States___>  |
Register via Email
<mailto:david at icrew.org?subject=OWASP%20HOUSTON%20::%20REGISTRATION>  

Hear Jeremiah Grossman present "Top 10 Web Attack Techniques, their
Potential Impact, and Strategies to Protect Your Company." 

To date, information security has been focused mainly on vulnerabilities
at the network and software levels. However, a new battleground is
quickly developing that poses an even greater threat to companies'
brands/reputations and data. As companies drive more and more business
processes to the Web, vulnerabilities in their custom Web applications
have become the new target for a new class of hackers. And the payoff is
now financial gain, not personal notoriety. 

Jeremiah Grossman will:
- Reveal the top 10 attacks of 2006 by creativity and scope
- Predict what these attacks mean for website vulnerability management
for the rest of 2007
- Present strategies to protect your corporate websites 

OWASP Meeting - San Antonio, TX
October 11, 2007, 11:30 AM
San Antonio Technology Center
<http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+
TX+78229>  | Register Online <mailto:owasprsvp at denimgroup.com> or call
call (210) 572-4400 

Hear Jeremiah Grossman present "Business Logic Flaws." 

Session handling, credit card transactions, and password recovery are
just a few examples of Web-enabled business logic processes that
malicious hackers have abused to compromise major websites. These types
of vulnerabilities are routinely overlooked during QA because the
process is intended to test what a piece of code is supposed to do and
not what it can be made to do. The other problem(s) with business logic
flaws is scanners can't identify them, IDS can't detect them, and Web
application firewalls can't defend them. Hard hitting trifecta. Plus,
the more sophisticated and Web 2.0 feature-rich a website, the more
prone it is to have flaws in business logic. 

As the number of common vulnerabilities such as SQL Injection and
Cross-Site Scripting are reduced, the bad guys will increase their
attacks on business logic flaws. 

This presentation will provide real-world demonstrations of how
pernicious and dangerous business logic flaws are to the security of a
website. He'll also show how best to spot them and provide organizations
with a simple and rational game plan to prevent them. 

Mr. Grossman is a world-renowned expert in Web security, co-founder of
the Web Application Security Consortium, and recently named to
InfoWorld's Top 25 CTOs for 2007. He has authored dozens of articles and
white papers, is credited with the discovery of many cutting-edge attack
and defensive techniques, and co-author of the recently published book,
Cross-Site Scripting Attacks. Mr. Grossman is frequently quoted in
business and technology publications such as InfoWorld, USA Today, PC
World, Dark Reading, SC Magazine, SecurityFocus, CNET, CSO Magazine, and
InformationWeek.     

  

 

 

Scott Foster
Cell: 512-637-9824
Email:sfoster at austinnetworking.com <mailto:sfoster at austinnetworking.com>

LinkedIn <http://www.linkedin.com/in/fostercs12000>     Check out Austin
OWASP <https://www.owasp.org/index.php/Austin>    Check out Austin AITP
<http://www.austinaitp.org/> 
See my web iCal
<https://calendars.office.microsoft.com/pubcalstorage/n401ck4z53129/Fost
er_Scott_Calendar.htm>  Subscribe to my iCal
<webcal://calendars.office.microsoft.com/pubcalstorage/n401ck4z53129/Fos
ter_Scott_Calendar.ics> 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20071004/2be132bd/attachment.html 


More information about the Owasp-austin mailing list