No subject
Wed Nov 1 13:32:02 EST 2006
Waltham. Follow signs for Rt. 117 (left at the second light). When you get
to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the second
left, at a blinking yellow light, on Rt. 117 going west about 0.1 miles from
Rt. 128 (I95). The office building is at the bottom of Jones Rd.
The room is MPR C.
More information at http://www.owasp.org/local/boston.html
<http://www.owasp.org/local/boston.html>
********************************
O'Reilly Books Group Discount
Don't forget we can get a 30% discount on
O'Reilly, No Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf,
SitePoint, and Syngress books. Just use code DSUG.
Jim Weiler
Staples North American Delivery
Application Security Architect
508 2533884
------_=_NextPart_001_01C6395B.DB8D7FA5
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>*******************************<BR>Next meeting is
6:30 pm on Wed. <SPAN class=347522015-24022006>March 1</SPAN>
</FONT></DIV>
<DIV><FONT face=Arial><FONT size=2><FONT face=Arial
size=2></FONT></FONT></FONT> </DIV>
<DIV><SPAN class=347522015-24022006><FONT face=Arial size=2>Two presentations
this week - Matteo Meucci<SPAN class=347522015-24022006> from OWASP Italy is in
Waltham next week and volunteered to give a presentation on a web application
vulnerability he worked on.</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=347522015-24022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial><FONT size=2>Speaker:Matteo Meucci<SPAN
class=347522015-24022006> - CISSP, OWASP-Italy Chair</SPAN></FONT></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=347522015-24022006><SPAN
class=347522015-24022006><FONT face=Arial size=2>Topic - </FONT><SPAN
style="FONT-SIZE: 133%; COLOR: #ff3300; FONT-FAMILY: Tahoma; text-shadow: auto"><SPAN
style="LEFT: -3.99%; FONT-FAMILY: Webdings; POSITION: absolute; mso-special-format: bullet"><FONT
face=Arial size=2><</FONT></SPAN></SPAN><SPAN
style="FONT-SIZE: 24pt; COLOR: #ff3300; FONT-FAMILY: Tahoma; text-shadow: auto"><FONT
face=Arial color=#000000 size=2>A case-study of a Web Application
vulnerability</FONT></SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=347522015-24022006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=347522015-24022006>We describe a
case-study of a public MMS (mobil phone message) service provided by a TELCO.
<BR>This vulnerability would allow an attacker to send a spoofed MMS charging
the credit of an unaware user. <BR>This analysis shows how poor session
management of a web application can be used to break the authentication scheme.
We want to show how a two factor authentication can be broken if developers
write bad code (a trivial error of session management)</SPAN></FONT></DIV>
<DIV><SPAN class=347522015-24022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=347522015-24022006><SPAN
style="FONT-SIZE: 24pt; COLOR: #ff3300; FONT-FAMILY: Tahoma; text-shadow: auto"><FONT
face=Arial color=#000000 size=2></FONT></SPAN></SPAN> </DIV>
<DIV><FONT face=Arial><FONT size=2>Speaker: Ambarish Malpani, VP of engineering
and CTO <SPAN class=347522015-24022006>of </SPAN>Cenzic</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2>Topic: Too many applications, not enough time. How
to get Quality Results with Automated Vulnerability Testing</FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=347522015-24022006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=347522015-24022006>Web application
vulnerability scanning (aka fault injection scanning) is a way to test for
common input validation errors as well as other errors in functioning web
sites. By crawling the site and analyzing the HTML they can test lots of
vulnerabilities in a short time. Cenzic will discuss how these test results can
be made more meaningful, for example, if an input page does not have it's data
displayed in the immediate response page, how can you find cross site
scripting vulnerabilities?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=347522015-24022006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2>Pizza will be provided by Cenzic</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Location:<BR>Microsoft offices at the Waltham
Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Directions:<BR>From Rt. 128 North take exit 26
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117
(left at the second light). When you get to 117 turn left (West). You will cross
back over Rt. 128.<BR>Jones Rd. (look for the Waltham Weston Corporate Center
sign) is the second left, at a blinking yellow light, on Rt. 117 going west
about 0.1 miles from Rt. 128 (I95). The office building is at the bottom of
Jones Rd.<BR>The room is MPR C. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>More information at <A
href="http://www.owasp.org/local/boston.html">http://www.owasp.org/local/boston.html</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>********************************<BR>O'Reilly Books
Group Discount<BR>Don't forget we can get a 30% discount on <BR>O'Reilly, No
Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, <BR>SitePoint, and
Syngress books. Just use code DSUG.<BR></FONT></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Staples North American
Delivery</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Application Security
Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>508 2533884</FONT></DIV>
<DIV> </DIV></BODY></HTML>
------_=_NextPart_001_01C6395B.DB8D7FA5--
More information about the Owasp-boston
mailing list