[Owasp-dallas] Next Meeting September 15

Teutsch, Leah M teutsch at utdallas.edu
Fri Aug 21 17:22:20 EDT 2009

Dallas OWASP Chapter: September 2009 Meeting 


Topic: Detective Work for Testers.  Finding Workflow-based Defects.


Presenter: Rafal Los, Sr. Web Security Specialist, HP Software


Date: Tuesday, September 15, 2009 11:30 AM - 1:30 PM 


Location: First American Campus - Southlake Conference Room (Building 4)


Abstract:  Workflow-based security defects in Web applications are especially difficult to identify because they evade traditional, point-and-scan vulnerability detection techniques. Understanding these potential defects and why black-box scanners typically miss them, are key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that testers play in assessing application work flows and how business process-based testing techniques can uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities-business process logic vulnerabilities and parameter-based vulnerabilities-and provides you with a sound basis to improve your testing strategies. Become a security testing sleuth and learn to find the workflow-based security defects before your system is compromised.


Presenter Bio: Senior Security Specialist with Hewlett-Packard's Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting.  For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs.


Lunch: Bring your own lunch or purchase lunch at the First American Café in Building 7.


CPE Credits:  Attendees are eligible to earn 1.5 CPE Credits for attendance.


Dallas OWASP Website: http://www.owasp.org/index.php/Dallas 


Parking:  Upon arrival at Circle Drive, please pull into the Visitor Kiosk to your right where you will be issued a Visitor's Parking Pass.  Once parked, proceed to Building 5 for your Visitor Badge. 



The First American Co

1 First American Way

Westlake, TX 76262 (@15 min from DFW Airport)

Link to Directions <http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1+first+american+way,+westlake,+tx&sll=37.0625,-95.677068&sspn=48.641855,78.837891&ie=UTF8&mrt=rblall&ll=32.980777,-97.174437&spn=0.006336,0.009624&z=17&iwloc=A> 

Please RSVP: OWASPDallas at utdallas.edu

We look forward to seeing you!



Leah M. Teutsch, CHSP, CISA 

Chief Information Security Officer 

Director, Information Security 

The University of Texas at Dallas 


972-883-6865 fax


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-dallas/attachments/20090821/cb123b21/attachment.html 

More information about the OWASP-Dallas mailing list