[Owasp-cincinnati] Reminder of RSVP for Web 2.0 Security Talk @ OWASP Cincinnati Meeting: November 18th

Marco M. Morana marco.m.morana at gmail.com
Tue Nov 9 19:39:07 EST 2010

Dear OWASP members and list subscribers

This is a reminder for RSVP to OWASP presentation on Web 2.0 Security.
You can RSVP through EventBrite at http://owasp-cincinnati.eventbrite.com

Here is the abstract of the presentation:
Vulnerability Analysis, Secure Development and Risk Management of Web 2.0
According to the Gartner hype curve, Web 2.0 technologies have reached a
stage of mainstream adoption by businesses, therefore is critical for
information and application security to understand the security implications
of the adoption of Web 2.0 technologies. Web 2.0 not only amplify
traditional Web 1.0 vulnerabilities such as XSS, CSRF and data injection
vulnerabilities but also introduces new threats: this is due to the
intrinsic functionality that Web 2.0 technology is designed to provide. For
example, Web 2.0 technologies provide a richer client and user experience
than Web 1.0, foster user's collaboration to the sites through user's
provided content and brings customers closer to businesses through
participation to social networking sites. The first step is to perform a
vulnerability and threat analysis of Web 2.0 applications. From
vulnerability and threat analysis perspective, Web 2.0 application
vulnerabilities can be analyzed using both OWASP Top 10 and WASC Top 50
threats categorizations. Critical to the vulnerability analysis of Web 2.0
applications is the determination of the vulnerability root causes. Only
through the identification of the vulnerabilities root causes
vulnerabilities can be eradicated. The second step is build secure Web 2.0
applications. Secure design and implementation of Web 2.0 applications
starts with a plan for adoption of software security activities as part of
the SDLC. Essential software security activities include the documentation
of secure coding requirements for Web 2.0 such as for AJAX, secure design
and review of Web 2.0 architectures, manual/automatic secure code
reviews/analysis and security testing. Security testing need to target both
Web 2.0 client/desktop components (e.g. FLASH, RIA, mashups) as well as
server components/functionality (e.g. Web services). Finally, the third step
includes managing the business risks that Web 2.0 design flaws and bugs
might pose to the business. The OWASP risk methodology and a web 2.0 risk
framework is proposed as methodology to analyze and manage Web 2.0 security
risks. A simple example on how to integrate with Web 2.0 technology securely
such as a twitter interface to a web site, it is also presented.

Pizza will be offered to all participants.

As usual, if you are not a OWASP member yet, please plan to join.

Thanks for your attention


Marco M
OWASP Cincinnati Chapter

-----Original Message-----
From: Marco M. Morana [mailto:marco.m.morana at gmail.com] 
Sent: Tuesday, November 02, 2010 4:33 PM
To: 'Ron Gula'
Subject: RE: Unable to participate in OWASP Cincinnati


I am sorry to hear that. Hope we can schedule something next year.

Thanks for your email



-----Original Message-----
From: Ron Gula [mailto:rgula at tenable.com] 
Sent: Tuesday, November 02, 2010 3:03 PM
To: Marco M. Morana
Subject: Unable to participate in OWASP Cincinnati

Hi Marco,

I'm sorry to let you know, but we will be unable to participate in the
OWASP show in Cincinnati. I was hoping to possibly offer myself to
speaking Paul's place since he's unable to make the show, but I'm also

Ron Gula, CEO
Tenable Network Security

More information about the Owasp-cincinnati mailing list