[Owasp-bostonfinancialdist] OWASP Boston May 3 meeting - Microsoft NERD Cambridge
Jim.Weiler at starwoodhotels.com
Mon Apr 26 21:56:28 EDT 2010
Agenda: 6:30 - 7 - what's happening in OWASP and how it might be useful
to you, general Q+A, networking
7 pm - SafeLight Lightning Talk Series by Rob Cheyne of Security
Advisors - Intro to SQL Injection
In the first of the Safelight Lightning talks series, Rob will present
the basics of SQL injection. In this talk, he will cover the attack
methodology used by professional attackers, along with detailed
demonstrations of one of the most common OWASP Top 10 issues out there.
The Lightning talks are designed to provide value to members that are
newer to OWASP and are interested in understanding the basics of web
application security, although everyone should feel free to attend and
ask whatever questions they have.
Many people don't realize just how dangerous a SQL injection attack can
be. After demonstrating how SQL injection can be used to run system
commands and gain root access on a database server, Rob will provide
practical tips for defending against SQL injection flaws in your own
7:30 - Vinnie Liu - Data Exposure, New Approaches to Open Source
Intelligence Techniques, and Incident Handling
As data sharing has become easier and more popular we've seen an
increase in the amount of sensitive data that is exposed. In this
presentation we'll broaden our horizons and learn to think differently
about your online presence and how to protect it. Whether you're trying
to protect yourself or protect an organization we'll examine some of the
root causes of how your secrets are exposed.
In addition, nearly all Google hacking tools must be throttled to avoid
getting blocked. We'll identify some advanced open source intelligence
gathering techniques and disclose a new Google hacking technique that
will change the way people mine search engine data. Whether you're a
penetration tester or not extremely technical we'll demonstrate some
tips that you can use on the job or play with at home. We'll also
explore how to prevent, detect, and respond to data leakage incidents.
Vincent Liu , CISSP is the Managing Director at Stach & Liu, a
professional services firm providing IT security consulting to the
Fortune 500, national law firms, and global financial institutions.
Before founding Stach & Liu, Vincent led the Attack & Penetration and
Reverse Engineering teams for the Global Security unit at Honeywell
International. Prior to that, he was a consultant with the Ernst & Young
Advanced Security Centers and an analyst at the National Security
Agency. Vincent is a developer for the Metasploit Project and an
experienced speaker, having presented his research at conferences
including BlackHat, ToorCon, and Microsoft BlueHat. Vincent has been
published in interviews, journals, and books with highlights including:
Penetration Tester?s Open Source Toolkit; Writing Security Tools and
Exploits; Sockets, and Shellcode, Porting, and Coding, Hacking Exposed -
Wireless. Vincent holds a Bachelor of Science and Engineering from the
University of Pennsylvania with a major in Computer Science and
Engineering and a minor in Psychology
Directions to Microsoft New England Research & Development Center - we
will be in the Thomas Paul room.
Jim Weiler CISSP CSSLP
Starwood Hotels and Resorts
Sr. Mgr. Information Security Risk Assessment
Office - 781 356 0067
Cell - 781 654 6048
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-bostonfinancialdist