[Owasp-boston] OWASP Mtg Wed. July 10 - 2 presentations

Jim Weiler jim.weiler at owasp.org
Mon Jul 8 16:18:42 UTC 2013

Location: Akamai <http://www.akamai.com/html/about/locations.html> at 8
Cambridge Center in Cambridge, MA

When: Wednesday, July 10, 6:30 pm

Topic: *RailsGoat*

Presented by: *Ken Johnson*

Abstract: While working to secure rails applications in a truly Agile
development environment, it became clear that the Rails and Ruby ecosystem
needed attention from the security community in the form of free and open
training, and the events that have transpired within the last few months
have only reinforced that belief. RailsGoat
<http://railsgoat.cktricky.com/>is an attempt to bring attention to
both the problems that most frequently
occur in Rails as well as the solutions for remediation. To accomplish
this, we've built a vulnerable Rails application that aligns with the OWASP
Top 10 and can be used as a training tool for Rails-based development shops.

Topic: *PhoneGap on Android*

Presented by: *Jack Mannino*

Abstract: PhoneGap is a widely used framework that allows developers to
rapidly build cross-platform mobile applications using HTML5, JavaScript,
and CSS. Using PhoneGap plugins, developers can call native platform APIs
from browser-like applications using JavaScript. This approach introduces
vulnerabilities that are not typically as prevalent within native Android
applications, warranting a fresh look at the way we view mobile
applications. In this presentation, we will take a deep look at the Android
implementation of the framework and we will examine the overall attack
surface for applications. Real-world examples of vulnerable applications
will be demonstrated as well in order to provide context, entertainment,
and enjoyment.

About the Speakers:

Ken Johnson is the former Manager of LivingSocial.com's application
security team where he built their security program before leaving for his
true home as the CTO of nVisium Security, a VA-based application security
company. Ken is the primary developer of the Web Exploitation Framework and
contributes to other open source application security projects as often as
time permits. He has spoken at AppSec DC 2010 and 2012, OWASP NoVA and
Phoenix chapters, Northern Virginia Hackers Association (NoVAH) and is a
contributor to the Attack Research team.

Jack Mannino is the CEO of nVisium Security, a VA-based application
security company. At nVisium, he helps to ensure that large corporations,
government agencies, and software startups have the tools they need to
build and maintain successful security initiatives. He is an active Android
security researcher/tinkerer, and has a keen interest in identifying
security issues and trends on a large scale. Jack is a leader and founder
of the OWASP Mobile Security Project. He is the lead developer for the
OWASP GoatDroid project, and is the chairman of the OWASP Northern Virginia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20130708/c0057bc7/attachment.html>

More information about the Owasp-boston mailing list