[Owasp-denver] Next OWASP Denver Meeting Scheduled for 16 April 08, 6pm @ Raytheon Polar Services 7400 S. Tucson Way, Centennial CO 80112

David Campbell dcampbell at owasp.org
Tue Apr 8 15:18:28 EDT 2008

Hey all,

I forgot to include the date, time and location info in the previous 
email.  Thanks to those that pointed that out!


- DC

-------- Original Message --------
Subject: Next OWASP Denver Meeting Scheduled for 16 April 08
Date: Thu, 20 Mar 2008 21:07:28 -0600
From: David Campbell <dcampbell at owasp.org>
Organization: Electric Alchemy Limited
To: owasp-denver at lists.owasp.org


I'm pleased to announce that next month the Denver OWASP chapter will be
welcoming Ryan Barnett, who will be delivering our feature presentation:

"Virtual Patching for Web Applications with ModSecurity"

Fixing identified vulnerabilities in web application always requires
time. Organizations often do not have access to a commercial
application's source code and are at the vendor's mercy while waiting
for a patch. Even if they have access to the code, implementing a patch
in development takes time. This leaves a window of opportunity for the
attacker to exploit. External patching (also called "just-in-time
patching" and "virtual patching") is one of the biggest advantages of
web application firewalls as they can fix this problem externally. A
    fix for a specific vulnerability is usually very easy to design and
in most cases it can be done in less than 15 minutes. This presentation
will outline exactly when and where Virtual Patching is appropriate and
will show the proper steps for their creation and testing.

Ryan C. Barnett is a recognized security thought leader and evangelist
who frequently speaks with the media and industry groups.

He is the director of application security at Breach Security. He is
also a faculty member for the SANS Institute, where his duties include
instructor/courseware developer for Apache Security/Building a Web
Application Firewall Workshop, Top 20 Vulnerabilities Team Member and
Local Mentor for the SANS Track 4, "Hacker Techniques, Exploits and
Incident Handling" course. He holds six SANS Global Information
Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and
Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler
(GCIH), Unix Security Administrator (GCUX) and Security Essentials (GSEC).

Mr. Barnett also serves as the team lead for the Center for Internet
Security Apache Benchmark Project and is a member of the Web Application
Security Consortium. His web security book, "Preventing Web Attacks with
Apache” was published by Addison/Wesley in 2006.

The meeting will be held at Raytheon Polar Services, which was also the
location of our February meeting.  Details available on the Denver OWASP
wiki @ http://www.owasp.org/index.php/Denver#Next_Meeting.

Also, please note that the Front Range OWASP conference is rapidly
approaching.  Please save the date 10 June 08 for the conference.  More
info and CFP available at


David Campbell
OWASP Denver

More information about the OWASP-DENVER mailing list