[Owasp-cincinnati] OWASP Meeting Reminder for Wednesday Next Week Registration Starts 11.30 Lunch Being Provided

Marco M. Morana marco.m.morana at gmail.com
Thu Nov 19 20:24:10 EST 2009

OWASP chapter members


This is reminder of the OWASP meeting next Wednesday. The presentation is
scheduled for next Wednesday at 12.00 and 11.45-12.00 for registration, food
refreshments will be provided by Breach Security


Thanks for the ones that already RSVP, for the ones that did not please
provide your RSVP not later than Monday 23rd.



Looking forward to your participation


Marco Morana

OWASP Chapter Lead



P.S..Here are the details of the presentation:


Presenter: Ryan Barnett, Director of Application Security Research, Breach
Security Inc. 

What: Virtual Patching for Web Applications: Theory and Practice 

Fixing identified vulnerabilities in web application always requires time.
Organizations often do not have access to a commercial application's source
code and are at the vendor's mercy while waiting for a patch. Even if they
have access to the code, implementing a patch in development takes time.
This leaves a window of opportunity for the attacker to exploit. External
patching (also called "just-in-time patching" and "virtual patching") is one
of the biggest advantages of web application firewalls as they can fix this
problem externally. A fix for a specific vulnerability is usually very easy
to design and in most cases it can be done in less than 15 minutes. This
presentation will outline exactly when and where Virtual Patching is
appropriate and will show the proper steps for their creation and testing. 

Presenter Bio: Ryan C. Barnett is the Director of Application Security
Research at Breach Security where he leads Breach Security Labs. He is a
frequent speaker at industry conferences such as Blackhat and is a Faculty
Member for the SANS Institute and Team Lead for the Center for Internet
Security Apache Benchmark Project. He is the OWASP ModSecurity Core Rule Set
(CRS) Project Leader and a member of the Web Application Security Consortium
where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has
also authored a web security book for Addison/Wesley Publishing entitled
"Preventing Web Attacks with Apache". 

Location / Venue Sponsor:  <http://www.citibank.com/> Citibank 9997 Carver
Road, Bldg. 1, Cincinnati, Ohio, 45242-5537 

For help with directions contact Citi Blue Ash help desk at (513) 979-9000
or check directions
4.388239&spn=0.007877,0.013218&z=16&iwloc=addr> herein. 


Please access the building from the visitor lobby. OWASP meetings are held
at the "Buckeyes" lecture room. 

Proof of ID is required to attend the meeting 

Citi guards verify that you pre-registered to the meeting by checking the
RSVP list. Once you are checked and identified (please bring a proof of ID)
you will be granted visitor access to the training facilities. 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20091119/359860f8/attachment.html 

More information about the Owasp-cincinnati mailing list