[Owasp-boston] OWASP Boston March 5 mtg
Jim.Weiler at starwoodhotels.com
Fri Feb 29 16:45:36 EST 2008
I'm very excited to have Chris Eng at the March meeting. The topic is
very interesting but as you can see from Chris's bio, he has lots of
experience in web app sec, so bring any questions you have, big or
small, general or specific, industry or technology related and take
advantage of this opportunity to get Chris's perspective.
Chris Eng; Senior Director, Security Research, Veracode
Topic - Attacking crypto in web applications
This presentation will discuss penetration testing techniques for
analyzing unknown data in web applications and demonstrate how encrypted
data can be compromised through pattern recognition and only a
high-level understanding of cryptography concepts. Techniques will be
illustrated through a series of detailed, step-by-step case studies
drawn from the presenter's penetration testing experience.
This is not a talk on brute forcing encryption keys, nor is it a
discussion of weaknesses in cryptographic algorithms. Rather, the case
studies will demonstrate how encryption mechanisms in web applications
were compromised without ever identifying the keys or even the
Prior to joining Veracode, Mr. Eng was a Technical Manager for Symantec
security consulting. He delivered high-profile security assessments for
numerous Fortune 500 companies, focusing primarily on penetration
testing of critical web applications, commercial software, and networks.
He was a technical leader for Symantec's Attack and Penetration Center
of Excellence, designing a penetration testing infrastructure.
Chris was a Principal Consultant and then Technical Director of @stake,
Inc. In addition to consulting, he led the development of WebProxy, a
proprietary web application testing tool which became an @stake product
Pizza will be supplied by Veracode
Jim Weiler CISSP
Sr. Mgr. Information Security Risk Assessment
Starwood Hotels and Resorts | 1505 Washington St | Braintree MA. 02184|
Phone: 781 356 0067 mobil: 781 654 6048
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-boston