<div style="padding:10px 7px; font-size:12px; line-height:1.4 font-family:Arial,Sans-serif; text-align:center;"><div><a href="http://www.google.com/calendar/"><img style="border-width:0" src="http://www.google.com/calendar/images/blue_beta_en.gif" alt="Google Calendar"></a></div>
<div style="width:370px; background:#D2E6D2; border-style:solid;       border-color:#ccc; border-width:1px 1px 0 1px; padding:15px 15px 5px 15px;       margin:0 auto"><p style="margin:0;color:#000">owasp-austin@lists.owasp.org,
you are invited to</p>
<h2 style="margin:5px 0; font-size:18px; line-height:1.4;color:#000">OWASP Austin Meeting - CSRF and XSS attacks and mitigation</h2>
<p style="margin:0 0 .5em;"><span style="color:#000">Tue Jan 27 11:30am &ndash; 1pm</span>
<br>
<span style="color:#676;">(Timezone:
Central Time)</span>
<br>
<span style="color:#000">National Instruments, 11500 N Mopac, Building C, Austin, TX (<a href="http://maps.google.com/maps?q=National+Instruments%2C+11500+N+Mopac%2C+Building+C%2C+Austin%2C+TX&amp;hl=en">map</a>)</span>
<br>
<span style="color:#000">Calendar:
owasp-austin@lists.owasp.org</span>
<br>
<br>
<span style="color:#000">Owner/Creator:
<a href="mailto:wickett@gmail.com?subject=Re%3A%20OWASP%20Austin%20Meeting%20-%20CSRF%20and%20XSS%20attacks%20and%20mitigation">wickett@gmail.com</a></span>
</p>
<p style="margin:0 0 1em;color:#000; white-space:pre-wrap !important; white-space:-moz-pre-wrap !important; white-space:-pre-wrap !important; white-space:-o-pre-wrap !important; white-space:pre; word-wrap:break-word;">&lt;b&gt;When:&lt;/b&gt; January 27, 2009, 11:30am - 1:00pm 
<br>&lt;p&gt;
<br>&lt;b&gt;Topic: &lt;/b&gt; Cross-Site Request Forgery attacks and mitigation in domain vulnerable to Cross-Site Scripting.
<br>&lt;/p&gt;&lt;p&gt;The presentation will include the following topics in addition to a hands-on demonstration for each portion of the talk:
<br>&lt;/p&gt;&lt;p&gt;1. The statelessness of the internet
<br>&lt;/p&gt;&lt;p&gt;2. How the naive attack works
<br>&lt;/p&gt;&lt;p&gt;3. A mitigation strategy against this naive attack
<br>&lt;/p&gt;&lt;p&gt;4. An combined CSRF/XSS attack that defeats this mitigation strategy
<br>&lt;/p&gt;&lt;p&gt;5. And finally suggestions for mitigation of the combined attack
<br>&lt;/p&gt;&lt;p&gt;&lt;br&gt;
<br>&lt;b&gt;Who:&lt;/b&gt; Ben L Broussard
<br>&lt;/p&gt;&lt;p&gt;I am new in the world of Web App security; my passion started
<br>when I took a continuing education class related to Web App security.
<br>My background is in Number Theory with an emphasis in Cryptography and
<br>especially Cryptanalysis. I am an avid puzzler, taking 2nd place (along
<br>with my teammates) at UT in this year&#39;s Microsoft College Puzzle
<br>Challenge. I am currently a developer (database and web apps) for the
<br>Accounting department of The University of Texas at Austin.
<br>&lt;/p&gt;&lt;p&gt;&lt;b&gt;Where:&lt;/b&gt; National Instruments, 11500 N Mopac, Building C
<br>which is the tallest building on campus (8 levels). There will be signs
<br>posted in the lobby to direct you where to go and the receptionists
<br>will be able to assist you as well. See &lt;a href=&quot;<a href="http://maps.google.com/maps?f=q&amp;amp;hl=en&amp;amp;q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&amp;amp;ie=UTF8&amp;amp;ll=30.406377,-97.726135&amp;amp;spn=0.017211,0.036778&amp;amp;om=1">http://maps.google.com/maps?f=q&amp;amp;hl=en&amp;amp;q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&amp;amp;ie=UTF8&amp;amp;ll=30.406377,-97.726135&amp;amp;spn=0.017211,0.036778&amp;amp;om=1</a>&quot; class=&quot;external text&quot; title=&quot;<a href="http://maps.google.com/maps?f=q&amp;amp;hl=en&amp;amp;q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&amp;amp;ie=UTF8&amp;amp;ll=30.406377,-97.726135&amp;amp;spn=0.017211,0.036778&amp;amp;om=1">http://maps.google.com/maps?f=q&amp;amp;hl=en&amp;amp;q=11500+N+Mo-Pac+Expy,+Austin,+TX+78759&amp;amp;ie=UTF8&amp;amp;ll=30.406377,-97.726135&amp;amp;spn=0.017211,0.036778&amp;amp;om=1</a>&quot; rel=&quot;nofollow&quot;&gt;directions to National Instruments&lt;/a&gt;.
<br>&lt;/p&gt;&lt;p&gt;&lt;b&gt;Cost:&lt;/b&gt; Always Free
<br>&lt;/p&gt;&lt;p&gt;&lt;b&gt;Questions or help with Directions...&lt;/b&gt; call: Scott Foster 512-637-9824.
<br>&lt;/p&gt;&lt;br&gt;
<br>&lt;br&gt;&lt;blockquote style=&quot;margin: 1.5em 0pt;&quot;&gt;&lt;/blockquote&gt;<br><a href="http://www.google.com/calendar/event?action=VIEW&amp;eid=djU4bDZjOXR2NjI1NGJxdGZoYmoyM3F1NWcgb3dhc3AtYXVzdGluQGxpc3RzLm93YXNwLm9yZw&amp;tok=MTcjd2lja2V0dEBnbWFpbC5jb203ZDRhMmZhODBmZjZiMzA0MzcxZTgyZTI5NjViZGM5ZDY2N2RjMDRm&amp;ctz=America%2FChicago&amp;hl=en">More event details&raquo;</a></p>
<div style="margin:.5em 0 0; text-align:center;color:#000"><strong>Will you attend?</strong></div>
<div style="margin:4px 0 0; text-align:center;"><span style="background:#fff; border:1px solid #676;              padding:3px 5px; line-height:1.5;"><a href="http://www.google.com/calendar/event?action=RESPOND&amp;eid=djU4bDZjOXR2NjI1NGJxdGZoYmoyM3F1NWcgb3dhc3AtYXVzdGluQGxpc3RzLm93YXNwLm9yZw&amp;rst=1&amp;tok=MTcjd2lja2V0dEBnbWFpbC5jb203ZDRhMmZhODBmZjZiMzA0MzcxZTgyZTI5NjViZGM5ZDY2N2RjMDRm&amp;ctz=America%2FChicago&amp;hl=en">Yes</a>
|<a href="http://www.google.com/calendar/event?action=RESPOND&amp;eid=djU4bDZjOXR2NjI1NGJxdGZoYmoyM3F1NWcgb3dhc3AtYXVzdGluQGxpc3RzLm93YXNwLm9yZw&amp;rst=3&amp;tok=MTcjd2lja2V0dEBnbWFpbC5jb203ZDRhMmZhODBmZjZiMzA0MzcxZTgyZTI5NjViZGM5ZDY2N2RjMDRm&amp;ctz=America%2FChicago&amp;hl=en">Maybe</a>
|<a href="http://www.google.com/calendar/event?action=RESPOND&amp;eid=djU4bDZjOXR2NjI1NGJxdGZoYmoyM3F1NWcgb3dhc3AtYXVzdGluQGxpc3RzLm93YXNwLm9yZw&amp;rst=2&amp;tok=MTcjd2lja2V0dEBnbWFpbC5jb203ZDRhMmZhODBmZjZiMzA0MzcxZTgyZTI5NjViZGM5ZDY2N2RjMDRm&amp;ctz=America%2FChicago&amp;hl=en">No</a></span></div></div>
<div><img src="http://www.google.com/calendar/images/envelope.gif" style="background:#D2E6D2; width:420px height:95px" alt=""></div><p style="margin:-15px 0 0;">&nbsp;</p>
<p style="color:#676;">You are receiving this courtesy email at the account owasp-austin@lists.owasp.org because you are an attendee of this event.</p><p style="color:#676;">To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at http://www.google.com/calendar/ and control your notification settings for your entire calendar.</p></div>