[Owasp-cincinnati] REMINDER: OWASP Meeting Reminder for Wednesday Next Week Registration Starts 11.30 Lunch Being Provided
Marco M. Morana
marco.m.morana at gmail.com
Tue Nov 24 08:10:10 EST 2009
OWASP chapter member
This is reminder of the OWASP meeting tomorrow. The presentation is
scheduled for next Wednesday at 12.00 and 11.45-12.00 for registration, food
refreshments will be provided by Breach Security
Thanks for the ones that already RSVPed (about 15) , for the ones that did
not please provide your RSVP there is still room for it
Looking forward to your participation
OWASP Chapter Lead
P.S..Here are the details of the presentation:
Presenter: Ryan Barnett, Director of Application Security Research, Breach
What: Virtual Patching for Web Applications: Theory and Practice
Fixing identified vulnerabilities in web application always requires time.
Organizations often do not have access to a commercial application's source
code and are at the vendor's mercy while waiting for a patch. Even if they
have access to the code, implementing a patch in development takes time.
This leaves a window of opportunity for the attacker to exploit. External
patching (also called "just-in-time patching" and "virtual patching") is one
of the biggest advantages of web application firewalls as they can fix this
problem externally. A fix for a specific vulnerability is usually very easy
to design and in most cases it can be done in less than 15 minutes. This
presentation will outline exactly when and where Virtual Patching is
appropriate and will show the proper steps for their creation and testing.
Presenter Bio: Ryan C. Barnett is the Director of Application Security
Research at Breach Security where he leads Breach Security Labs. He is a
frequent speaker at industry conferences such as Blackhat and is a Faculty
Member for the SANS Institute and Team Lead for the Center for Internet
Security Apache Benchmark Project. He is the OWASP ModSecurity Core Rule Set
(CRS) Project Leader and a member of the Web Application Security Consortium
where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has
also authored a web security book for Addison/Wesley Publishing entitled
"Preventing Web Attacks with Apache".
Location / Venue Sponsor: <http://www.citibank.com/> Citibank 9997 Carver
Road, Bldg. 1, Cincinnati, Ohio, 45242-5537
For help with directions contact Citi Blue Ash help desk at (513) 979-9000
or check directions
Please access the building from the visitor lobby. OWASP meetings are held
at the "Buckeyes" lecture room.
Proof of ID is required to attend the meeting
Citi guards verify that you pre-registered to the meeting by checking the
RSVP list. Once you are checked and identified (please bring a proof of ID)
you will be granted visitor access to the training facilities.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cincinnati