No subject


Wed Nov 1 13:32:02 EST 2006


Waltham. Follow signs for Rt. 117 (left at the second light). When you get
to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the second
left, at a blinking yellow light, on Rt. 117 going west about 0.1 miles from
Rt. 128 (I95). The office building is at the bottom of Jones Rd.
The room is MPR C. 
 
More information at  <http://www.owasp.org/local/boston.html>
http://www.owasp.org/local/boston.html
 

********************************
O'Reilly Books Group Discount
Don't forget we can get a 30% discount on 
O'Reilly, No Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, 
SitePoint, and Syngress books. Just use code DSUG.
 
 
Jim Weiler
Staples North American Delivery
Application Security Architect
508 2533884
 

------_=_NextPart_001_01C65369.CB5163B5
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>*******************************<BR>Next meeting is 
6:30 pm on Wed.&nbsp;<SPAN class=668162719-29032006>April 5</SPAN>&nbsp; 
</FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV>
<DIV><SPAN class=668162719-29032006><FONT face=Arial>We will start at 6:30 with 
SPI Dynamics because the SPI Dynamics folks have to catch a plane after the 
presentation.</FONT></SPAN></DIV>
<DIV><SPAN class=668162719-29032006><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Speaker: Dennis Hurst, Senior Security Engineer: 
SPI Dynamics </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Topic: A Study of AJAX Hacking </FONT></DIV>
<DIV><FONT face=Arial size=2>AJAX (Asynchronous JavaScript and XML) is a method 
of building interactive applications for the Web that process user requests 
immediately. AJAX is an aggressively evolving software development technology 
used by industry leaders such as Google and Microsoft. However, this new 
technology presents many security concerns because AJAX-based applications are 
susceptible to the same types of common vulnerabilities overwhelmingly found in 
Web applications; they just need a little more determination by the hacker to 
exploit. <BR><BR>This presentation demonstrates how AJAX works and how it is 
vulnerable to threats typically associated with Web applications with examples 
of hacking techniques used to compromise an application using AJAX. In addition, 
the presentation will explore how the technology underlying AJAX opens up a 
number of other interesting vulnerabilities that all organizations looking to 
deploy AJAX should be aware of. <BR></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Speaker - Jim Weiler<BR>Topic - Using Paros Proxy 
Server as a Web Application Vulnerability tool - Part 1</FONT></DIV>
<DIV><FONT><SPAN class=668162719-29032006></SPAN><FONT face=Arial size=2>T<SPAN 
class=668162719-29032006>his is the first in a multi part presentation about 
using proxy servers in web application security. I'll cover Paros first, then 
OWASP's WebScarab. Each proxy will be covered over the course of multiple 
meetings.</SPAN><BR>We'll go over the basics of using Paros to record all HTTP 
requests and responses, examine the headers and bodys of the requests and 
responses for security related things and see how to trap, change and resend 
requests. We'll cover some of the rules and vulnerabilities of the HTTP 
protocol.</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT size=2><FONT face=Arial>Pizza will be provided by S<SPAN 
class=668162719-29032006>P</SPAN>I<SPAN class=668162719-29032006> </SPAN><SPAN 
class=668162719-29032006>Dynamics</SPAN></FONT></FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Location:<BR>Microsoft offices at the Waltham 
Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA</FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Directions:<BR>From Rt. 128 North take exit 26 
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but 
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117 
(left at the second light). When you get to 117 turn left (West). You will cross 
back over Rt. 128.<BR>Jones Rd. (look for the Waltham Weston Corporate Center 
sign) is the second left, at a blinking yellow light, on Rt. 117 going west 
about 0.1 miles from Rt. 128 (I95). The office building is at the bottom of 
Jones Rd.<BR>The room is MPR C. </FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV>
<DIV><FONT size=2><FONT face=Arial>More information at </FONT><A 
href="http://www.owasp.org/local/boston.html"><FONT 
face=Arial>http://www.owasp.org/local/boston.html</FONT></A></FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV>
<DIV><FONT size=2><BR><FONT 
face=Arial>********************************<BR>O'Reilly Books Group 
Discount<BR>Don't forget we can get a 30% discount on <BR>O'Reilly, No Starch, 
Paraglyph, PC Publishing, Pragmatic Bookshelf, <BR>SitePoint, and Syngress 
books. Just use code DSUG.</FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial></FONT></FONT>&nbsp;</DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Staples North American 
Delivery</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Application Security 
Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>508 2533884</FONT></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV></BODY></HTML>

------_=_NextPart_001_01C65369.CB5163B5--




More information about the Owasp-boston mailing list