[Owasp-boston] OWASP Boston - March 1 meeting - 2 presentations
Jim.Weiler at Staples.com
Fri Feb 24 11:03:31 EST 2006
Next meeting is 6:30 pm on Wed. March 1
Two presentations this week - Matteo Meucci from OWASP Italy is in Waltham
next week and volunteered to give a presentation on a web application
vulnerability he worked on.
Speaker:Matteo Meucci - CISSP, OWASP-Italy Chair
Topic - <A case-study of a Web Application vulnerability
We describe a case-study of a public MMS (mobil phone message) service
provided by a TELCO.
This vulnerability would allow an attacker to send a spoofed MMS charging
the credit of an unaware user.
This analysis shows how poor session management of a web application can be
used to break the authentication scheme. We want to show how a two factor
authentication can be broken if developers write bad code (a trivial error
of session management)
Speaker: Ambarish Malpani, VP of engineering and CTO of Cenzic
Topic: Too many applications, not enough time. How to get Quality Results
with Automated Vulnerability Testing
Web application vulnerability scanning (aka fault injection scanning) is a
way to test for common input validation errors as well as other errors in
functioning web sites. By crawling the site and analyzing the HTML they can
test lots of vulnerabilities in a short time. Cenzic will discuss how these
test results can be made more meaningful, for example, if an input page does
not have it's data displayed in the immediate response page, how can you
find cross site scripting vulnerabilities?
Pizza will be provided by Cenzic
Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA
More information about the Owasp-boston