[Owasp-dallas] Reminder: Open Web Application Security Project Meeting Tuesday, Sept. 15 @ First American

• Next message: [Owasp-dallas] nullcon Goa 2010 Call For Papers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a reminder that if you have not made plans to attend, please do so now.  RSVP: OWASPDallas at utdallas.edu <mailto:OWASPDallas at utdallas.edu> 

 

When: September 15, 2009, 11:30am - 1:30pm 

Topic: Detective Work for Testers. Finding Workflow-based Defects. 

Workflow-based security defects in Web applications are especially difficult to identify because they evade traditional, point-and-scan vulnerability detection techniques. Understanding these potential defects and why black-box scanners typically miss them, are key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that testers play in assessing application work flows and how business process-based testing techniques can uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities-business process logic vulnerabilities and parameter-based vulnerabilities-and provides you with a sound basis to improve your testing strategies. Become a security testing sleuth and learn to find the workflow-based security defects before your system is compromised. 

Who: Rafal Los, Sr. Web Security Specialist, HP Software 

Senior Security Specialist with Hewlett-Packard's Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting. For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs. 

Where: The First American Co, 1 First American Way, Westlake, TX 76262 (@15 min from DFW Airport) 

Parking: Upon arrival at Circle Drive, please pull into the Visitor Kiosk to your right where you will be issued a Visitor's Parking Pass. Once parked, proceed to Building 5 for your Visitor Badge. See Map for Directions. Link to Directions <http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1+first+american+way,+westlake,+tx&sll=37.0625,-95.677068&sspn=48.641855,78.837891&ie=UTF8&mrt=rblall&ll=32.980777,-97.174437&spn=0.006336,0.009624&z=17&iwloc=A> . 

Cost: Always Free 

Lunch: Bring your own lunch or purchase lunch at the First American Café in Building 7. 

RSVP: OWASPDallas at utdallas.edu <mailto:OWASPDallas at utdallas.edu>  This will help expedite the check-in process. Thanks. 

 

We look forward to seeing you.  Leah

 

Leah M. Teutsch, CHSP, CISA 

Chief Information Security Officer 

Director, Information Security 

The University of Texas at Dallas 

972-883-6855 

972-883-6865 fax

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-dallas/attachments/20090911/f3785d75/attachment.html 

• Next message: [Owasp-dallas] nullcon Goa 2010 Call For Papers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]