[Owasp-codereview] OWASP Ireland 2009 Registration is Open

Eoin eoin.keary at owasp.org
Fri Jun 12 12:14:42 EDT 2009


OWASP special offer regarding the registration rates still applies:

Registration fee of €90 if registered before June 30 and €100 if registered
by August 31.!!

This includes a buffet lunch, refreshments, OWASP merchandise and the chance
to listen to some of our best local and international application security

Additional presentation information has been added to the event Website

*Digital Security: A risky business:
*In this talk Professor Angell will take the devil's advocate position,
warning that computer technology is part of the problem as well as of the
solution. The belief system at the core of computerization is positivist
and/or statistical, and that itself leads to risk. The mixture of computers
and human activity systems spawns bureaucracy and systemic risk, which can
throw up singularities that defy any positivist/statistical analysis. Using
black humour, Angell discusses the thin line between the utility of
computers and the hazard of chaotic feedback, and ends with some advice on
how to survive and prosper amongst all this complexity.
*Organizing a Defensive Posture – Integrating Web App Testing, Source Code
Analysis, and WAF’s*
There are many avenues an organization can take to achieve success with an
Application Security program. Ethical Hacking, Source Code Analysis, and the
utilization of a Web Application Firewall. This presentation demonstrates
and describes a method of integrating all three options for success.We will
see a real example on combining the results of runtime testing and Automated
Source Code Analysis into the larger starting point of Manual source code
verification. Finally, we will see how to apply these how a Web Application
Firewall can be used to mitigate many of the identified threats.

*How to Avoid Flaws in the First Place: The OWASP Enterprise Security API
(ESAPI) Project*
Application security is arguably the most difficult IT challenge facing
organizations today. Chasing the 700 types of common weaknesses with
scanners and static analysis is a losing proposition. Rather than chasing
after these vulnerabilities, developers can address almost all of these
problems with a set of 10 to 12 strong centralized security controls. To
make it easier for developers to establish these controls, the Open Web
Application Security Project (OWASP) has created a clean, intuitive, and
open-source toolbox of the core security building blocks that every web
developer needs. In this talk, Dave will show you how to create an ESAPI for
your organization that will solve the OWASP Top Ten vulnerabilities,
increase assurance, and dramatically cut costs all at the same time.
*SQL Injection - how far does the rabbit hole go?*

SQL Injection has been around for over 10 years, and yet it is still to this
day not truly understood by many security professionals and developers. With
the recent mass attacks against sites across the world it has again come to
the fore of vulnerabilities under the spotlight, however many consider it to
only be a data access issue, or parameterized queries to be a panacea.
This talk starts from what was demonstrated last year at Black Hat in Las
Vegas, where a self propagating SQL Injection worm was demonstrated live on
stage. Explore some of the deeper, darker areas of SQL Injection, hybrid
attacks, and exploiting obscure database functionality.

More presenters to be announced very soon!!, so sign up now!


OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20090612/e06a0fe8/attachment.html 

More information about the Owasp-codereview mailing list