[Owasp-austin] [Invitation] OWASP Austin Meeting - CSRF and XSS attacks and mitigation @ Tue Jan 27 11:30am – 1pm (owasp-austin at lists.owasp.org)

James Wickett wickett at gmail.com
Mon Jan 26 11:33:21 EST 2009

owasp-austin at lists.owasp.org, you are invited to

Title: OWASP Austin Meeting - CSRF and XSS attacks and mitigation
Time: Tue Jan 27 11:30am – 1pm (Timezone: Central Time)
Where: National Instruments, 11500 N Mopac, Building C, Austin, TX
Calendar: owasp-austin at lists.owasp.org
Owner/Creator: wickett at gmail.com

Description: When: January 27, 2009, 11:30am - 1:00pm

Topic:  Cross-Site Request Forgery attacks and mitigation in domain  
vulnerable to Cross-Site Scripting.
The presentation will include the following topics in addition to a  
hands-on demonstration for each portion of the talk:
1. The statelessness of the internet
2. How the naive attack works
3. A mitigation strategy against this naive attack
4. An combined CSRF/XSS attack that defeats this mitigation strategy
5. And finally suggestions for mitigation of the combined attack

Who: Ben L Broussard
I am new in the world of Web App security; my passion started
when I took a continuing education class related to Web App security.
My background is in Number Theory with an emphasis in Cryptography and
especially Cryptanalysis. I am an avid puzzler, taking 2nd place (along
with my teammates) at UT in this year's Microsoft College Puzzle
Challenge. I am currently a developer (database and web apps) for the
Accounting department of The University of Texas at Austin.
Where: National Instruments, 11500 N Mopac, Building C
which is the tallest building on campus (8 levels). There will be signs
posted in the lobby to direct you where to go and the receptionists
will be able to assist you as well. See directions to National Instruments.
Cost: Always Free
Questions or help with Directions... call: Scott Foster 512-637-9824.

You can view this event at  

You are receiving this courtesy email at the account  
owasp-austin at lists.owasp.org because you are an attendee of this event.

To stop receiving future notifications for this event, decline this event.  
Alternatively you can sign up for a Google account at  
http://www.google.com/calendar/ and control your notification settings for  
your entire calendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20090126/4cbc2845/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3201 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090126/4cbc2845/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite.ics
Type: application/ics
Size: 3257 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090126/4cbc2845/attachment-0001.bin 

More information about the Owasp-austin mailing list