[Owasp-boston] no meeting this Wed (Feb) - but save March 5

Weiler, Jim Jim.Weiler at starwoodhotels.com
Mon Feb 4 20:40:14 EST 2008


No meeting this wed (Feb).
 
But mark your calendars for the March 5 meeting. We'll be having Chris Eng, one of the early members of @stake, now with Veracode.
 
Chris Eng; Senior Director, Security Research, Veracode
 
Topic - Attacking crypto in web applications

Description - 
This presentation will discuss penetration testing techniques for
analyzing unknown data in web applications and demonstrate how encrypted
data can be compromised through pattern recognition and only a
high-level understanding of cryptography concepts.  Techniques will be
illustrated through a series of detailed, step-by-step case studies
drawn from the presenter's penetration testing experience.
This is not a talk on brute forcing encryption keys, nor is it a
discussion of weaknesses in cryptographic algorithms.  Rather, the case
studies will demonstrate how encryption mechanisms in web applications
were compromised without ever identifying the keys or even the
underlying ciphers.
Bio - 
Prior to joining Veracode, Mr. Eng was a Technical Manager for Symantec security consulting. He delivered high-profile security assessments for numerous Fortune 500 companies, focusing primarily on penetration testing of critical web applications, commercial software, and networks. He was a technical leader for Symantec's Attack and Penetration Center of Excellence, designing a penetration testing infrastructure.
Chris was a Principal Consultant and then Technical Director of @stake, Inc. In addition to consulting, he led the development of WebProxy, a proprietary web application testing tool which became an @stake product in 2002
 


This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20080204/342a1452/attachment.html 


More information about the Owasp-boston mailing list