[Owasp-boston] Boston OWASP Wed 12/3 meeting

Weiler, Jim Jim.Weiler at starwoodhotels.com
Tue Dec 2 13:00:13 EST 2008

Just a reminder about tomorrow's meeting. In case you don't go to the
RSA 2009 Security Conference, you can get some of the conference content
at our meeting; Brian will (probably) present a modified version of this
talk in the Application track of that conference.

 See you tomorrow.


Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA



Announcements, stories from the trenches


7:00 Main Presentation


Tamper-Proofing Web Applications


The majority of the data passed to a typical web application never
originates from the user.  Embedded inputs such hidden form fields,
selectable form elements, cookies, and URL parameters all originate
within the application yet these values are often vulnerable to
tampering and manipulation attacks. In theory web application firewalls
can easily prevent these attacks, but in reality they rarely do. 


This presentation will discuss how HTTP response analysis can be used by
web application firewalls to provide instant real-time protection
against tampering and manipulation attacks.  


Freely available software that can be used to implement this defense
technique will be demonstrated and compared with other common web
application firewall technologies.  


Speaker Bio

Brian Holyfield is a founding member of Gotham Digital Science. He has
worked in the realm of information security for over 9 years, and has
deep experience identifying and exploiting software security flaws.
Brian is a frequent speaker at various security conferences and was a
contributing author for "Network Security Tools" (O'Reilly), where he
outlined how to build automated vulnerability detection and exploit
tools for web-based applications.


Directions - 

>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C on the 6th floor. 



Jim Weiler   CISSP

Sr. Mgr. Information Security Risk Assessment

Starwood Hotels and Resorts | 1505 Washington St | Braintree MA. 02184

office: 781 356 0067

mobil: 781 654 6048



This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20081202/fec09fe8/attachment.html 

More information about the Owasp-boston mailing list