No subject


Wed Nov 1 13:32:02 EST 2006


Waltham. Follow signs for Rt. 117 (left at the second light). When you get
to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the second
left, at a blinking yellow light, on Rt. 117 going west about 0.1 miles from
Rt. 128 (I95). The office building is at the bottom of Jones Rd.
The room is MPR C. 
 
Parking - Take a right just before the building, pass the building on your
left to the parking lot in the back. Knock on the doors to get the guard to
let you in.
 
More information at http://www.owasp.org/local/boston.html
<http://www.owasp.org/local/boston.html> 
 
*******************************
O'Reilly Books Group Discount
Don't forget we can get a 30% discount on 
O'Reilly, No Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, 
SitePoint, and Syngress books. Just use code DSUG.

 
Jim Weiler
Staples North American Delivery
Application Security Architect
508 2533884
 

------_=_NextPart_001_01C66AEE.EE1354A2
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1543" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>*******************************<BR>Next meeting is 
6:30 pm on Wed.&nbsp;<SPAN class=900023817-28042006>May 3</SPAN>&nbsp; 
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial><FONT size=2>Speaker:&nbsp;<SPAN 
class=900023817-28042006>Fortify Software</SPAN><BR>Topic:&nbsp;<SPAN 
class=900023817-28042006>Application security by wrapping existing executable 
code</SPAN></FONT></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=900023817-28042006>Description: Fortify 
Application Defense is a software solution that protects existing J2EE 
applications from losing private data, leaking valuable information or 
performing unwanted tasks caused by the actions of hackers and malicious 
insiders. Its patent-pending technology works within the application itself to 
monitor and protect against attacks such as SQL injections, cross-site scripting 
and request tampering.</SPAN></FONT></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>JW&nbsp; summary - 
Fortify Application Defense can insert filter functions in front of the external 
callable functions&nbsp;of Java code, so you can retroactivly fit existing code 
with your or Fortify's security logic. </FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>Short Topic - Jim 
Weiler&nbsp;&nbsp; -&nbsp; Open Redirects</FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>This means a web 
site uses URL parameters to determine where the user will be redirected to. This 
vulnerability was exploited in the govbenefits.gov site a few months ago to 
propagate a phishing scam. From the Netcraft web site "Open redirects have not 
previously been thought of as a security risk, because they do not allow access 
to a company's computer systems. However, fraudsters are actively using open 
redirects to facilitate their phishing scams. These tactics are rather analogous 
to borrowing a bank's sign and premises to execute a sting."</FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006></SPAN>&nbsp;</DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>Speaker - Jim 
Weiler</FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>Topic - Web 
Application Security with Web Proxy Servers II - Paros</FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>Description - using 
saved sessions; site crawling and vulnerability scans</FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Pizza will be provided by<SPAN 
class=900023817-28042006> Fortify 
Software</SPAN><BR>&nbsp;<BR>Location:<BR>Microsoft offices at the Waltham 
Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Directions:<BR>From Rt. 128 North take exit 26 
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but 
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117 
(left at the second light). When you get to 117 turn left (West). You will cross 
back over Rt. 128.<BR>Jones Rd. (look for the Waltham Weston Corporate Center 
sign) is the second left, at a blinking yellow light, on Rt. 117 going west 
about 0.1 miles from Rt. 128 (I95). The office building is at the bottom of 
Jones Rd.<BR>The room is MPR C. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial size=2>Parking - Take a 
right just before the building, pass the building on your left to the parking 
lot in the back. Knock on the doors to get the guard to let you 
in.</FONT></SPAN></DIV>
<DIV><SPAN class=900023817-28042006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>More information at <A 
href="http://www.owasp.org/local/boston.html">http://www.owasp.org/local/boston.html</A></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>*******************************<BR>O'Reilly Books 
Group Discount<BR>Don't forget we can get a 30% discount on <BR>O'Reilly, No 
Starch, Paraglyph, PC Publishing, Pragmatic Bookshelf, <BR>SitePoint, and 
Syngress books. Just use code DSUG.<BR></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Staples North American 
Delivery</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Application Security 
Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>508 2533884</FONT></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------_=_NextPart_001_01C66AEE.EE1354A2--




More information about the Owasp-boston mailing list