[Owasp-SFL] South Florida OWASP Meeting - 7/27/2011

South Florida OWASP sfl.owasp at gmail.com
Wed Jul 27 14:20:19 EDT 2011


Wed. July 27, 2011 - 6:00pm - South Florida OWASP Meeting - Double Feature -
SQLMap 0.9 Overview and Analysis +  Automated Scanning and Differential
Reporting

Join us for our July meeting where we will be discussing the latest release
of one of the most formidable web application attack tools currently
available: SQLMap0.9

The meeting will discuss some basic methods of SQL injection vulnerability
identification (both error based and blind), and will go over ways to use
the SQLMap0.9 tool to test your web application. Futhermore, we will discuss
some of the more advanced features of SQLMap that were unavailable in
previous releases.

Presenter Bio: Alexander Heid - is a local security researcher and board
member of Hackmiami and co-chair of South Florida OWASP. Heid is also
employed within the financial industry as a web application vulnerability
analyst.

Automated Scanning and Differential Reporting

Companies are struggling with scaling source code scanning, there are not
enough security experts to fulfill the current demand.  Developers are being
overwhelmed with the quantity and quality of issues reported from
misconfigured scanning tools.  This session will present an automated source
code scanning deployment methodology that allows organizations to
automatically reduce false positives during scanning and deliver reports
that represent the high confidence security risk of the latest software
changes.

What will your audience walk away with?
1) Establishment of security policies is key to reducing false positives
2) Automated scanning is easy to configure and requires limited maintenance
3) Differential reporting reduces developer overload by highlighting the
risk of recent  change

Presenter Bio:

Bruce Mayhew is a Security Solutions Architect at IBM.  Bruce has over 20
years of software development experience with the last 13 years focused on
application security.  At IBM, he is frequently a project lead for
application security assessments.  Bruce has created an application security
practice and training curriculum for large financial institutions and has
been a Web Application Security Course instructor for the SANS Institute.
Bruce is on the SANS Council for Secure Java Programming and is an author of
the SANS GSSP Secure Programming Assessment.  He is the primary author of
WebGoat and was instrumental in bringing WebGoat to OWASP and currently
leads the OWASP WebGoat project.   A frequent speaker on application
security topics, Bruce has presented at OWASP, NASA, ISSA, NSA, Innovate and
many commercial and financial institutions.

Facility Location:<br> NOVA SOUTHEASTERN UNIVERSITY<br> Carl DeSantis
Building, Main Davie Campus<br>Room 1124<br> 3301 College Ave Fort
Lauderdale, FL 33314-7796<br> Phone: 800-541-NOVA (6682)<br>6pm<br>

FREE CPE CREDITS! Did you know you earn 2 CPE credits for attending an OWASP
Meeting? It's true! Join us to feed your certs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-florida/attachments/20110727/116e8b51/attachment.html 


More information about the Owasp-florida mailing list