[Owasp-austin] OWASP Austin: September chapter meeting and other things -- reminder

Kyle Smith kyle.smith at owasp.org
Thu Sep 25 14:25:22 UTC 2014

Howdy OWASPers!

We are rapidly coming to the end of this years OWASP chapter activities!
September was the last of the years Happy Hours and it will also be last
chapter meeting till January.  But we are going out with a bang again this
year with LASCON!  Don't forget to register for the greatest event put on
by our chapter -- go learn more about it and register at lascon.org


OWASP Monthly Meeting on September 30th

Next Week!

When: 11:30AM to 1PM CST -- food socializing first, meeting starts around
Location: National Instruments, 11500 N. Mopac Building C

Title: Account Entrapment

Abstract: This talk covers two ways to force a victim into an attacker's
account (Account Entrapment): Login Cross-Site Request Forgery and
Cookie-based or Session Entrapment. This is a commonly overlooked
vulnerability despite high-profile exploits including Youtube.com. Because
it is often disregarded, this talk begins with an in-depth look at attack
scenarios and what an attacker can actually gain. It then describes how the
two attacks work and how to defend against them. Finally, though these
attacks are prevalent across the internet, it will show why state agencies
(with domains ending in .state.**.us) and large organizations with many
subdomains face special problems when building defenses against these

Speaker: Ben Broussard

About: Ben Broussard has been involved in the Austin Appsec scene since
2008, helping to plan the first LASCON and running the OWASP study group
for a time. After doing subcontracting work for a number of security shops
and gaining a breadth of experience on both the threatscape and the
security organizations that attempt to address it, he took a position with
San Antonio based Denim Group (now with an Austin office). When not
researching appsec, Ben is a hobbyist in Human Physiology, Acrobatics,
Human Evolution, Brazilian Jiu Jitsu, and toddler wrangling. He also runs
Hot Lava Obstacle Course located on Burnet road.

Food: Its a surprise! Please RSVP so we'll be sure to have enough for all!
Only those who RSVP will be eligible for any drawings/giveaways that may
take place!

Location: National Instruments, 11500 N. Mopac.Building C

RSVP: https://owasp-austin-2014-september.eventbrite.com

Or if you can not attend we should be broadcasting the meeting GoToMeeting
-- https://www3.gotomeeting.com/register/617936438


OWASP Study Group

It is never too late to come to the study group.  Even if you missed a
meeting or two or just want to start, the study group is a great place to
learn security related materials like the latest book -- The Practice of
Network Security Monitoring: Understanding Incident Detection and Response
by Richard Bejtlich

Weekly meetings are every Thursday from 12:00 - 1:00 PM at National
Instruments, Building A, Room 217.
See the MyOWASP Ning site for more information --



Registration is open for the conference on October 23rd and 24th!  Early
bird rate ended on July 31st, but this conference is one of the best in the
area.  Register today at   http://lascon.org/register/

Speaker schedule and training schedule are available  --

Do you want to volunteer your time or expertise for OWASP?  We are always
on the lookout for volunteers for local events.

Josh Sokol is leading the effort for the UT Cyber Security Awareness
conference on October 21st.  Please contact him directly at
josh.sokol at owasp.org if you want to volunteer.

David Hughes is currently leading the effort for all things LASCON.  Please
contact him directly at david.hughes at owasp.org if you want to volunteer for
the conference.

As always, more chapter information can be found at:
and study group information at:
If you missed any of the monthly presentations, you can find them online in
our Vimeo channel: *https://vimeo.com/channels/owaspaustin

If there are any questions about the chapter, its activities, or general
ideas please email off list.

Till next time!
kyle.smith at owasp.org
OWASP Austin, chapter leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20140925/3b20a028/attachment-0001.html>

More information about the Owasp-austin mailing list