[Owasp-boston] OWASP Boston April 5 meeting - 2 presentations

Weiler, Jim Jim.Weiler at Staples.com
Wed Mar 29 14:48:47 EST 2006

Next meeting is 6:30 pm on Wed. April 5  
We will start at 6:30 with SPI Dynamics because the SPI Dynamics folks have
to catch a plane after the presentation.
Speaker: Dennis Hurst, Senior Security Engineer: SPI Dynamics 
Topic: A Study of AJAX Hacking 
AJAX (Asynchronous JavaScript and XML) is a method of building interactive
applications for the Web that process user requests immediately. AJAX is an
aggressively evolving software development technology used by industry
leaders such as Google and Microsoft. However, this new technology presents
many security concerns because AJAX-based applications are susceptible to
the same types of common vulnerabilities overwhelmingly found in Web
applications; they just need a little more determination by the hacker to

This presentation demonstrates how AJAX works and how it is vulnerable to
threats typically associated with Web applications with examples of hacking
techniques used to compromise an application using AJAX. In addition, the
presentation will explore how the technology underlying AJAX opens up a
number of other interesting vulnerabilities that all organizations looking
to deploy AJAX should be aware of. 

Speaker - Jim Weiler
Topic - Using Paros Proxy Server as a Web Application Vulnerability tool -
Part 1
This is the first in a multi part presentation about using proxy servers in
web application security. I'll cover Paros first, then OWASP's WebScarab.
Each proxy will be covered over the course of multiple meetings.
We'll go over the basics of using Paros to record all HTTP requests and
responses, examine the headers and bodys of the requests and responses for
security related things and see how to trap, change and resend requests.
We'll cover some of the rules and vulnerabilities of the HTTP protocol.
Pizza will be provided by SPI Dynamics
Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA

More information about the Owasp-boston mailing list