[Owasp-austin] OWASP Austin Meeting - Tuesday, January 27th - Cross Site Request Forgery and XSS

James Wickett wickett at gmail.com
Mon Jan 26 11:33:21 EST 2009


*When:* January 27, 2009, 11:30am - 1:00pm

*Topic: * Cross-Site Request Forgery attacks and mitigation in domain
vulnerable to Cross-Site Scripting.

The presentation will include the following topics in addition to a hands-on
demonstration for each portion of the talk:

1. The statelessness of the internet

2. How the naive attack works

3. A mitigation strategy against this naive attack

4. An combined CSRF/XSS attack that defeats this mitigation strategy

5. And finally suggestions for mitigation of the combined attack


*Who:* Ben L Broussard

I am new in the world of Web App security; my passion started when I took a
continuing education class related to Web App security. My background is in
Number Theory with an emphasis in Cryptography and especially Cryptanalysis.
I am an avid puzzler, taking 2nd place (along with my teammates) at UT in
this year's Microsoft College Puzzle Challenge. I am currently a developer
(database and web apps) for the Accounting department of The University of
Texas at Austin.

*Where:* National Instruments, 11500 N Mopac, Building C which is the
tallest building on campus (8 levels). There will be signs posted in the
lobby to direct you where to go and the receptionists will be able to assist
you as well. See directions to National
Instruments<http://maps.google.com/maps?f=q&hl=en&q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&ie=UTF8&ll=30.406377,-97.726135&spn=0.017211,0.036778&om=1>.


*Cost:* Always Free

*Questions or help with Directions...* call: Scott Foster 512-637-9824.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20090126/ac6a4b94/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3037 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090126/ac6a4b94/attachment-0002.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite20090127T113000.ics
Type: application/ics
Size: 3091 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-austin/attachments/20090126/ac6a4b94/attachment-0003.bin 


More information about the Owasp-austin mailing list