[Owasp-dallas] Next Meeting September 15

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dallas OWASP Chapter: September 2009 Meeting 

 

Topic: Detective Work for Testers.  Finding Workflow-based Defects.

 

Presenter: Rafal Los, Sr. Web Security Specialist, HP Software

 

Date: Tuesday, September 15, 2009 11:30 AM - 1:30 PM 

 

Location: First American Campus - Southlake Conference Room (Building 4)

 

Abstract:  Workflow-based security defects in Web applications are especially difficult to identify because they evade traditional, point-and-scan vulnerability detection techniques. Understanding these potential defects and why black-box scanners typically miss them, are key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that testers play in assessing application work flows and how business process-based testing techniques can uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities-business process logic vulnerabilities and parameter-based vulnerabilities-and provides you with a sound basis to improve your testing strategies. Become a security testing sleuth and learn to find the workflow-based security defects before your system is compromised.

 

Presenter Bio: Senior Security Specialist with Hewlett-Packard's Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting.  For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs.

 

Lunch: Bring your own lunch or purchase lunch at the First American Café in Building 7.

   

CPE Credits:  Attendees are eligible to earn 1.5 CPE Credits for attendance.

 

Dallas OWASP Website: http://www.owasp.org/index.php/Dallas 

 

Parking:  Upon arrival at Circle Drive, please pull into the Visitor Kiosk to your right where you will be issued a Visitor's Parking Pass.  Once parked, proceed to Building 5 for your Visitor Badge. 

 

Directions:  

The First American Co

1 First American Way

Westlake, TX 76262 (@15 min from DFW Airport)

Link to Directions <http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1+first+american+way,+westlake,+tx&sll=37.0625,-95.677068&sspn=48.641855,78.837891&ie=UTF8&mrt=rblall&ll=32.980777,-97.174437&spn=0.006336,0.009624&z=17&iwloc=A> 

Please RSVP: OWASPDallas at utdallas.edu

We look forward to seeing you!

 

 

Leah M. Teutsch, CHSP, CISA 

Chief Information Security Officer 

Director, Information Security 

The University of Texas at Dallas 

972-883-6855 

972-883-6865 fax

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-dallas/attachments/20090821/cb123b21/attachment.html 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]