[Owasp-cincinnati] OWASP Cincinnati Chapter September Meeting RSVP Reminder

Marco M. Morana marco.m.morana at gmail.com
Sun Sep 21 19:52:24 EDT 2008


OWASP Cincinnati Chapter September Meeting 

--------------------------------------------------------

 

WHEN: September 30th 12:00-1.30pm

 

WHAT: Input Validation Vulnerabilities, Encoded Attack Vectors and
Mitigations

 

WHERE: Citibank <http://www.citibank.com/>  9997 Carver Road, Bldg. 1,
Cincinnati, Ohio, 45242-5537

 

Presentation Abstract: Input validation vulnerabilities in web applications
can be exploited with attack vectors to cause business impacts such as
information disclosure, data alteration and destruction, denial or
degradation of service, financial loss fraud and reputation brand damage.
Several web applications today have implemented filtering techniques to
block such attack vectors; unfortunately such filtering techniques are
seldom based on black lists that fail when attackers use filter evasion
techniques such as single and double encoding. This presentation will cover
the basic understanding of attack vectors, the malicious payloads that can
be carried out and the techniques used by attackers to evade input
validation filters. Lists of different variations of encoded XSS attack
vectors and constructed SQL injection vectors will be presented. From the
defensive perspective, these lists can be used as cheat sheets for testing
the efficacy of the input filtering techniques. A demonstration of a sample
implementation of effective input validation using J2EE struts framework is
also presented. During the presentation, web application developers and
architects will be introduced to the concepts of canonicalization, encoding
and sanitization and guided on the most effective input validation
strategies and techniques as well as on the best use of available input
validation resources from OWASP.

 

Full details/agenda @ https://www.owasp.org/index.php/Cincinnati

 

 ** IF YOU DID NOT REGISTER ALREADY REGISTER NOW BY REPLYING WITH NAME AND
LAST NAME TO THIS RSVP EMAIL:

 
<mailto:marco.m.morana at gmail.com?subject=I%20INTEND%20TO%20ATTEND%20THE%20ME
ETING> RSVP TO OWASP CINCINNATI SEPTEMBER MEETING **

 

Regards

 

Marco Morana

OWASP Cincinnati Chapter Leader 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080921/42b34f11/attachment.html 


More information about the Owasp-cincinnati mailing list