[Owasp-boston] OWASP - Boston May 3 meeting - 2 presentations, 1 short topic

Weiler, Jim Jim.Weiler at Staples.com
Fri Apr 28 14:09:45 EDT 2006

Next meeting is 6:30 pm on Wed. May 3  
Speaker: Fortify Software
Topic: Application security by wrapping existing executable code
Description: Fortify Application Defense is a software solution that
protects existing J2EE applications from losing private data, leaking
valuable information or performing unwanted tasks caused by the actions of
hackers and malicious insiders. Its patent-pending technology works within
the application itself to monitor and protect against attacks such as SQL
injections, cross-site scripting and request tampering.
JW  summary - Fortify Application Defense can insert filter functions in
front of the external callable functions of Java code, so you can
retroactivly fit existing code with your or Fortify's security logic. 
Short Topic - Jim Weiler   -  Open Redirects
This means a web site uses URL parameters to determine where the user will
be redirected to. This vulnerability was exploited in the govbenefits.gov
site a few months ago to propagate a phishing scam. From the Netcraft web
site "Open redirects have not previously been thought of as a security risk,
because they do not allow access to a company's computer systems. However,
fraudsters are actively using open redirects to facilitate their phishing
scams. These tactics are rather analogous to borrowing a bank's sign and
premises to execute a sting."
Speaker - Jim Weiler
Topic - Web Application Security with Web Proxy Servers II - Paros
Description - using saved sessions; site crawling and vulnerability scans
Pizza will be provided by Fortify Software
Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA

More information about the Owasp-boston mailing list