No subject


Wed Nov 1 13:32:02 EST 2006


Waltham. Follow signs for Rt. 117 (left at the second light). When you get
to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the second
left, at a blinking yellow light, on Rt. 117 going west about 0.1 miles from
Rt. 128 (I95). The office building is at the bottom of Jones Rd.
The room is MPR C. 
 
More information at http://www.owasp.org/local/boston.html
<http://www.owasp.org/local/boston.html> 
 
********************************
O'Reilly Books Group Discount
Don't forget we can get a 30% discount on 
O'Reilly, No Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, 
SitePoint, and Syngress books. Just use code DSUG.

 
Jim Weiler
Staples North American Delivery
Application Security Architect
508 2533884
 

------_=_NextPart_001_01C6395B.DB8D7FA5
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>*******************************<BR>Next meeting is 
6:30 pm on Wed.&nbsp;<SPAN class=347522015-24022006>March 1</SPAN>&nbsp; 
</FONT></DIV>
<DIV><FONT face=Arial><FONT size=2><FONT face=Arial 
size=2></FONT></FONT></FONT>&nbsp;</DIV>
<DIV><SPAN class=347522015-24022006><FONT face=Arial size=2>Two presentations 
this week - Matteo Meucci<SPAN class=347522015-24022006> from OWASP Italy is in 
Waltham next week and volunteered to give a presentation on a web application 
vulnerability he worked on.</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=347522015-24022006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><FONT face=Arial><FONT size=2>Speaker:Matteo Meucci<SPAN 
class=347522015-24022006> - CISSP, OWASP-Italy Chair</SPAN></FONT></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=347522015-24022006><SPAN 
class=347522015-24022006><FONT face=Arial size=2>Topic -&nbsp; </FONT><SPAN 
style="FONT-SIZE: 133%; COLOR: #ff3300; FONT-FAMILY: Tahoma; text-shadow: auto"><SPAN 
style="LEFT: -3.99%; FONT-FAMILY: Webdings; POSITION: absolute; mso-special-format: bullet"><FONT 
face=Arial size=2>&lt;</FONT></SPAN></SPAN><SPAN 
style="FONT-SIZE: 24pt; COLOR: #ff3300; FONT-FAMILY: Tahoma; text-shadow: auto"><FONT 
face=Arial color=#000000 size=2>A case-study of a Web Application 
vulnerability</FONT></SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=347522015-24022006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=347522015-24022006>We describe a 
case-study of a public MMS (mobil phone message) service provided by a TELCO. 
<BR>This vulnerability would allow an attacker to send a spoofed MMS charging 
the credit of an unaware user. <BR>This&nbsp;analysis shows how poor session 
management of a web application can be used to break the authentication scheme. 
We want to show how a two factor authentication can be broken if developers 
write bad code (a trivial error of session management)</SPAN></FONT></DIV>
<DIV><SPAN class=347522015-24022006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=347522015-24022006><SPAN 
style="FONT-SIZE: 24pt; COLOR: #ff3300; FONT-FAMILY: Tahoma; text-shadow: auto"><FONT 
face=Arial color=#000000 size=2></FONT></SPAN></SPAN>&nbsp;</DIV>
<DIV><FONT face=Arial><FONT size=2>Speaker: Ambarish Malpani, VP of engineering 
and CTO&nbsp;<SPAN class=347522015-24022006>of </SPAN>Cenzic</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2>Topic: Too many applications, not enough time. How 
to get Quality Results with Automated Vulnerability Testing</FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=347522015-24022006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=347522015-24022006>Web application 
vulnerability scanning (aka fault injection scanning) is a way to test for 
common input validation errors as well as other errors&nbsp;in functioning web 
sites. By crawling the site and analyzing the HTML they can test lots of 
vulnerabilities in a short time. Cenzic will discuss how these test results can 
be made more meaningful, for example, if an input page does not have it's data 
displayed in the immediate&nbsp;response page, how can you find cross site 
scripting vulnerabilities?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=347522015-24022006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Pizza will be provided by Cenzic</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Location:<BR>Microsoft offices at the Waltham 
Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Directions:<BR>From Rt. 128 North take exit 26 
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but 
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117 
(left at the second light). When you get to 117 turn left (West). You will cross 
back over Rt. 128.<BR>Jones Rd. (look for the Waltham Weston Corporate Center 
sign) is the second left, at a blinking yellow light, on Rt. 117 going west 
about 0.1 miles from Rt. 128 (I95). The office building is at the bottom of 
Jones Rd.<BR>The room is MPR C. </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>More information at <A 
href="http://www.owasp.org/local/boston.html">http://www.owasp.org/local/boston.html</A></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>********************************<BR>O'Reilly Books 
Group Discount<BR>Don't forget we can get a 30% discount on <BR>O'Reilly, No 
Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, <BR>SitePoint, and 
Syngress books. Just use code DSUG.<BR></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Staples North American 
Delivery</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Application Security 
Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>508 2533884</FONT></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------_=_NextPart_001_01C6395B.DB8D7FA5--




More information about the Owasp-boston mailing list