[Owasp-boston] OWASP Boston Dec 3 meeting

Weiler, Jim Jim.Weiler at starwoodhotels.com
Wed Nov 19 07:15:28 EST 2008

Hi Folks,


I'm going to add a 'Stories from the trenches' section to the meeting
before the main presentation. The idea is that attendees have lots of
info and experiences that are useful to other attendees, much of which
can be shared, but we don't want to ask people to spend time organizing
a presentation. So I'll ask the group about various aspects of web app
security and see if we can get some anecdotes. They can be technical,
comical, tragic, instructive, whatever. They can be anonymized. You can
think about what you might say as you drive to the meeting. I'll have
some of my own. Then we can vote on the most deserving (you make up your
own criteria) and the winner will get some Microsoft stuff (books,
software etc.). 


Next Meeting Wed. Dec. 3 - 6:30 pm


Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA



Announcements, stories from the trenches


7:00 Main Presentation


Tamper-Proofing Web Applications


The majority of the data passed to a typical web application never
originates from the user.  Embedded inputs such hidden form fields,
selectable form elements, cookies, and URL parameters all originate
within the application yet these values are often vulnerable to
tampering and manipulation attacks. In theory web application firewalls
can easily prevent these attacks, but in reality they rarely do. 


This presentation will discuss how HTTP response analysis can be used by
web application firewalls to provide instant real-time protection
against tampering and manipulation attacks.  


Freely available software that can be used to implement this defense
technique will be demonstrated and compared with other common web
application firewall technologies.  


Speaker Bio

Brian Holyfield is a founding member of Gotham Digital Science. He has
worked in the realm of information security for over 9 years, and has
deep experience identifying and exploiting software security flaws.
Brian is a frequent speaker at various security conferences and was a
contributing author for "Network Security Tools" (O'Reilly), where he
outlined how to build automated vulnerability detection and exploit
tools for web-based applications.


Directions - 

>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C on the 6th floor. 



Jim Weiler   CISSP

Sr. Mgr. Information Security Risk Assessment

Starwood Hotels and Resorts | 1505 Washington St | Braintree MA. 02184

office: 781 356 0067

mobil: 781 654 6048



This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-boston/attachments/20081119/eec6ff14/attachment-0001.html 

More information about the Owasp-boston mailing list