[Owasp-boston] Boston OWASP July 7 mtg - MS Waltham
Jim.Weiler at starwoodhotels.com
Tue Jul 6 11:11:20 EDT 2010
Date - July 7
Time - 6:30 p.m.
Lightning Talk - Rob Cheyne, CEO Safelight Security Advisors
In this installment of the Safelight lightning talks series, Rob will
present the basics of a Cross-site Request Forgery (CSRF) attack. This
is a common vulnerability, yet frequently misunderstood and often
Rob will demonstrate how CSRF works, how it can be used as part of a
real-world attack, and then discuss ways to prevent the issue from
occurring in your own applications.
Speaker Bio -
As CEO, Rob sets the vision for the company and manages the executive
team and runs the Instructor-led training practice. Rob has cultivated a
broad range of skills and experience during his 17 years in the
information technology field. He has significant expertise in business
process and e-Commerce systems, systems integration, software
development and information security. He has developed and taught
information security training classes to thousands of students at some
of the largest corporations in the world. Rob has worked in the
information security industry since 1998, beginning with Internet
Security Advantages (ISA). During his time at ISA, Rob led a team that
deployed a full-scale Public Key Infrastructure at a leading state
health care organization. After ISA, Rob was one of the founding
employees of @stake, a pioneer in information security consulting.
During his tenure at @stake, Rob wore many hats and embraced a wide set
of skills and responsibilities. He helped develop application security
assessment methodologies that are still in use today and led @stake's
Application Security Center of Excellence for two years. He led secure
architecture and design reviews, secure code reviews, application
penetration tests and a range of specialized security audits for Fortune
500 companies. Rob is the author of LC4, a version of the award-winning
L0phtCrack password auditing software and he worked on @stake's
SmartRisk Analyzer team, which was eventually spun off as a company
called Veracode. @stake was acquired by Symantec Corporation in October
2004. Rob holds a BA in Computer Information Systems from Bentley
Joey Peloquin - Director of Application Security, Fishnet Security
Speaker bio - Joey is responsible for project oversight and quality
assurance, business development, and managing the team's offerings and
methodologies. He's spent the last 9 of 15 years in I.T. specializing in
Information Security, with approximately the last five specifically in
Application Security. Prior to joining FishNet Security, he created the
service offerings and methodology for Hewlett-Packard's Application
Security Center Professional Services Team (formerly SPI Dynamics). At
HP, he managed all partner-delivered projects and was the team lead for
the internal team with the responsibility of training and mentoring new
consultants. Joey also spent nearly a decade with JCPenney Corporation,
where he built the Application Security Program, and generated
application security awareness through aggressive penetration testing
Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd.,
Sixth Floor Waltham, MA
>From Rt. 128 North take exit 26 toward Waltham, East up the hill on Rt.
20. From Rt 128 South take exit 26 but go around the rotary to get to 20
East to Waltham. Follow signs for Rt. 117 (left at the second light).
When you get to 117 turn left (West). You will cross back over Rt. 128.
Jones Rd. (look for the Waltham Weston Corporate Center sign) is the
second left, at a blinking yellow light, on Rt. 117 going west about 0.1
miles from Rt. 128 (I95). The office building is at the bottom of Jones
Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The
room is MPR C.
Jim Weiler CISSP CSSLP
Starwood Hotels and Resorts
Sr. Mgr. Information Security Risk Assessment
Office - 781 356 0067
Cell - 781 654 6048
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-boston