[Owasp-chicago-suburbs] OWASP in Rosemont - THIS WEDNESDAY

Jay Schulman jay.schulman at owasp.org
Mon Feb 17 15:19:42 UTC 2014


*February 2014 Meeting:*

*What:* An unbiased, practical, cost-effective gathering to discuss
application security.

*When:*  Wednesday, February 19th @ 6pm CST

*Where:* US Foods, Glenview Farms Conference room, 11th floor, 6133 N.
River Rd., Rosemont, IL

*Cost:* Absolutely Nothing!

*Agenda:*

6:00p: Food and soft drinks

6:30pm - 9pm: Presentations

*Please register in advance so building security can let you in with your
ID: https://owaspchicagosuburbs.eventbrite.com
<https://owaspchicagosuburbs.eventbrite.com/>*

*Abstracts & Bios:*

*Presentation 1:* Healthcare Data Analytics by Daniel
Fabbri<http://web.eecs.umich.edu/~dfabbri/new_site/index.html>

Recent U.S. legislation such as the Affordable Care Act, HIPAA and HITECH
outline rules governing the appropriate use of personal health information
(PHI). Unfortunately, current technologies do not meet the security
requirements of these regulations. In particular, while electronic medical
records (EMR) systems maintain detailed audit logs that record each access
to PHI, the logs contain too many accesses for compliance officers to
practically monitor, putting PHI at risk. In this talk I will present the
explanation-based auditing system, which aims to filter appropriate
accesses from the audit log so compliance officers can focus their efforts
on suspicious behavior. The underlying premise of the system is that most
appropriate accesses to medical records occur for valid clinical or
operational reasons in the process of treating a patient, while
inappropriate accesses do not. I will discuss how explanations for accesses
(1) capture these clinical and operational reasons, (2) can be mined
directly from the EMR database, (3) can be enhanced by filling-in
frequently missing types of data, and (4) can drastically reduce the
auditing burden.

*Presentation 2:* A Novel Approach to Solving SQL Injection by Karen
Heart<http://www.cdm.depaul.edu/people/pages/facultyinfo.aspx?fid=577>

Injection attacks, particularly SQL Injection, remains the top risk in
software, despite extensive research on methods to prevent these attacks.
All of the reported techniques for preventing or mitigating injection
attacks work well to some extent, however, no approach so far has succeeded
in preventing all of them precisely. A novel approach is proposed that
would prevent injection attacks in all cases, including secondary
injection, without raising any false positives. The technique is based on a
simple algorithm, rather than on a particular technology. As such, the
proposed solution would apply to all programming languages and databases,
including NoSQL databases.

Karen has many years of programming experience, developing a variety of
software using Java, C++, PHP, and other tools. She is primarily interested
in computer security and privacy, and she focuses currently on approaches
to increasing the safety of software through improved programming practices
and tools. She holds an MS in Computer Science from DePaul University, a JD
from the University of Texas, and she is presently a 2nd year PhD student
in Computer Science at UIC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-chicago-suburbs/attachments/20140217/bc3b44a5/attachment.html>


More information about the Owasp-chicago-suburbs mailing list