[Owasp-boston] Jeremiah Grossman tonight - real web app business logic flaws and more

Weiler, Jim Jim.Weiler at starwoodhotels.com
Thu Jun 26 08:04:18 EDT 2008

Next Meeting Thursday June 26 - 6:30 pm


Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA


Main Speaker - Jeremiah Grossman; Founder and CTO, Whitehat Security


Appetizer - Hacking Intranets from the Outside (Just when you thought
your network was safe) Port scanning with Javascript


Main Topic - Business Logic Flaws: How they put your Websites at Risk
Session handling, credit card transactions, and password recovery are
just a few examples of Web-enabled business logic processes that
malicious hackers have abused to compromise major websites. These  types
of vulnerabilities are routinely overlooked during QA because  the
process is intended to test what a piece of code is supposed to do and
not what it can be made to do. The other problem(s) with  business logic
flaws is scanners can't identify them, IDS can't  detect them, and Web
application firewalls can't defend them. Plus,  the more sophisticated
and Web 2.0 feature-rich a website, the more  prone it is to have flaws
in business logic.The presentation will  provide real-world examples of
how pernicious and dangerous business  logic flaws are to the security
of a website. We'll also show how  best to spot them and provide
organizations with a simple and  rational game plan to prevent them.

Speaker Bio - 


Mr. Grossman founded WhiteHat Security in 2001. Prior to WhiteHat, Mr.
Grossman was an information security officer at Yahoo! responsible for
performing security reviews on the company's hundreds of web
applications. As one of the world's busiest web properties, with over
17,000 web servers for customer access and 600 web applications, the
highest level of security was required. Mr. Grossman is a founder of the
Web Application Security Consortium (WASC) and the Open Web Application
Security Project (OWASP). Jeremiah speaks at Blackhat, Defcon, RSA and
OWASP chapters. Jeremiah has a great depth of knowledge, experience and
anecdotes, and is a very friendly, interactive guy. 


Directions - 

>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C on the 6th floor. 




Jim Weiler   CISSP

Sr. Mgr. Information Security Risk Assessment

Starwood Hotels and Resorts | 1505 Washington St | Braintree MA. 02184

office: 781 356 0067

mobil: 781 654 6048



This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20080626/70827cb8/attachment.html 

More information about the Owasp-boston mailing list