[Owasp-chicago] OWASP-Chicago Chapter Quarterly Meeting Announcement (Dec 13th, 2006 6PM)

jason.witty at abnamro.com jason.witty at abnamro.com
Mon Dec 4 21:12:15 EST 2006


====Attention Chicago OWASP Chapter Members====

I'm pleased to announce the next Quarterly Chicago OWASP Chapter meeting 
will be held on December 13th, 2006 at 6PM CST.  We have a very exciting 
agenda with two excellent presenters. 

We hope to see you at the ABN AMRO Plaza at 540 W. Madison, Downtown 
Chicago, 23rd floor.  Please RSVP to jason.witty at abnamro.com by Monday 
12/11/2006 if you plan to attend.  Your name will need to be entered into 
the building's security system in order to gain access to the meeting.

Agenda:

6:00    Refreshments and Networking
6:30    Welcome message - Joe Bernik & Jason Witty, Lasalle Bank, ABN AMRO 
North America
6:40    "Webapps in Name Only" - Thomas Ptacek, Matasano Security
7:20    "Token-less strong authentication for web applications: A Security 
Review" -  Cory Scott, ABN AMRO
7:35    Q&A and Networking

Webapps In Name Only
Thomas Ptacek, Matasano Security

Where modern network architecture meets legacy application design, we get 
"The Port 80 Problem": vendors wrapping every conceivable network protocol 
in a series of POSTs and calling them "safe". These "Webapps In Name Only" 
are a nightmare for application security specialists.

In this talk, we'll discuss, with case studies, how tools from protocol 
reverse engineering can be brought to bear on web application security, 
covering the following areas:

- Locating and Decompiling Java and .NET Code
- Structure and Interpretation of Binary Protocols in HTTP
- Protocol Debugging Tools
- Web App Crypto Tricks

Token-less strong authentication for web applications: A Security Review
Cory Scott, ABN AMRO

A short presentation on the threat models and attack vectors for 
token-less schemes used to reduce the risk of password-only 
authentication, but yet do not implement "true" two-factor technologies 
for logistical costs or user acceptance reasons. We'll go over how device 
fingerprinting and IP geo-location work and discuss the pros and cons of 
the solutions.

See you next week!

Jason
-------------------------------------------------
Jason A Witty, ISSMP
VP, Head of Security Operations
North American Information Security Office
ABN AMRO Bank
540 West Madison Street, Suite 1122
Chicago, Illinois 60661

P: +1.312.992.1802 | M: +1.312.401.2641 
E: jason.witty at abnamro.com


---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 33002587, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-chicago/attachments/20061204/19e085fd/attachment.html 


More information about the Owasp-chicago mailing list