[Owasp-bayarea] Reminder: OWASP Meetup & Reception on Thursday, Dec 11

Brian Bertacini brian at appsecconsulting.com
Tue Dec 9 17:02:14 EST 2008


Greetings IT Professionals, 

 

OWASP Bay Area will be hosting a Security Meet Up and Holiday Reception this
Thursday evening in Santa Clara.  Please join us for an opportunity to
network with industry colleagues and take in a couple of entertaining
presentations on web application security.  As always, this event is open to
the public and free to attend.  

 

When:

Thursday, December 11, 2008

6:00 - 9:00pm   

 

Venue:

Network Meeting Center

TechMart Center

5201 Great America Parkway

Santa Clara, CA 95054

 

Schedule of Events:

6:00 - 6:45pm   Meet up and Reception (Food, Beer, Wine, Soft drinks)

6:45 - 6:50pm   Kickoff

6:50 - 7:40pm   Protecting Website Users from Each Other - Brian Shura

7:40 - 8:30pm   Making Money the Black Hat Way - Trey Ford

8:30 - 9:00pm   Networking

 

 

Protecting Website Users from Each Other

Brian Shura, Sr. Consultant, AppSec Consulting

 

Abstract:  

Most often the login page or "front door" of a website is built securely and
is difficult for an attacker to break through.  However, web developers
often leave serious holes in web applications after the login, which can
allow one malicious user to access another user's personal information.
This presentation will cover several vulnerabilities frequently found in the
"logged-in" portion of web applications, how to detect these issues, and how
to ensure your applications don't have these security problems.

 

Bio:

Brian Shura is a senior application security consultant at AppSec
Consulting.  He has conducted numerous web application security assessments,
using a combination of manual and automated techniques, and has created
world-class security training for developers and QA analysts.  Brian is also
the Project Leader for the Web Application Security Consortium's "Web
Application Security Scanner Evaluation Criteria" project.  Prior to his
role in application security, Brian spent five years working as a developer
on large Internet-facing websites.  When not working on web application
security initiatives, Brian enjoys fishing and hiking the Appalachian Trail.

 

 

Making Money the Black Hat Way

Trey Ford, WhiteHat Security 

 

Abstract:  

Forget Cross-Site Scripting. Forget SQL Injection. If you want to make some
serious cash on the Web, these aren't the tools you need.  No expensive toys
to license, ninja coding skillz or all-black wardrobe required.  All you
need is a Web browser, a sharp eye, and a couple black hat tricks.  In this
talk we will be discussing attacks that are legal by the letter, violating
only terms of service (yes that means a locked account, not a lawsuit)

            

Also known as business logic flaws, often these attacks aren't found in
books, rarely covered in the news, and statistics are limits. However, we do
know they are out there and the bad guys have been lining the pockets with
them for years. Security vendors don't like talking about business logic
flaws because their products don't know how to detect them. Most of the
examples we'll cover are only found in online hacker forums and/or stumbled
upon by complete accident.  In this session we will open the hood and
discuss how the professional hackers make real cash- the black hat way

 

Bio:

Trey Ford is the director of solutions architecture at WhiteHat Security,
providing vision to customers, partners, and prospects on their website
security initiatives.  Mr. Ford also spearheads WhiteHat's participation in
the PCI Standards Council and assists customers in navigating application
security strategies.  With a consulting background in risk assessment and
regulatory compliance, Mr. Ford is a frequent speaker at industry events,
and is frequently quoted in media publications.  Prior to WhiteHat, Trey
served as compliance practice lead at FishNet Security.

 

 

This event is free to attend and open to the public.  

Event Sponsors include: AppSec Consulting <http://www.appsecconsulting.com/>
, Cenzic <http://www.cenzic.com/>  and Imperva <http://www.imperva.com/>  

 

Please RSVP via email to events at appsecconsulting.com

 

Thank you,

Brian

 

Brian Bertacini

AppSec Consulting, Inc.

ph:   408-723-1960

cell: 408-771-8638

fax:  408-884-2428

email: brian at appsecconsulting.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bayarea/attachments/20081209/fcfaabff/attachment.html 


More information about the Owasp-bayarea mailing list