[Owasp-SFL] Wednesday, Sept 26, 2012 - 5:00pm - South Florida OWASP Meeting - Two great talks and networking after

South Florida OWASP sfl.owasp at gmail.com
Mon Sep 17 22:22:00 UTC 2012

*Wednesday, Sept 26, 2012 - 5:00pm - South Florida OWASP Meeting - Two
great talks and networking after*

Join us for our September meeting where we will have two great talks.
Please note that the scheduled talks are for 30 minutes each with a small
break in between. We will have a networking event after as usual. Our event
sponsor, NoVA will also be there with some important announcements
Talk 1: *Application Vulnerability Assessment Risk (AVAR) Score

** **

During application vulnerability assessment a number of vulnerabilities may
be discovered. Issues discovered during this assessment are given a risk
score value or a rating of High, Medium, or Low; mostly based on the Common
Vulnerability Scoring System (CVSS) or Common Weakness Enumeration (CWE)
risk classification of known vulnerabilities. The industry application
vulnerability risk classification models assign a risk level to an issue
based on the impact of the specific vulnerability. They do not put into
consideration the likelihood of occurrence based on known reported
incidents or the impact of interdependencies between related

The AVAR Score has implemented an approach that provides a holistic
analysis on the risk of an application based on the interdependencies of
related vulnerabilities and the probability of occurrence.****

** **

** **

Bio: An avid learner, Jummy has a degree in Engineering Physics but has
always been interested in information security and she decided to make a
career of it. Over the years, Jummy’s work has included application
vulnerability assessments, security audits, and risk assessments for a wide
variety of local, national, and international organizations. When she is
not occupied with work she tries to invent new cooking recipes and she also
volunteers as a mentor to young adults.

*Talk 2: JSON Hijacking*

JavaScript Object Notation (JSON) is a language and platform independent
format for data interchange. JSON is in widespread use with a number of
JSON parsers and libraries available for different languages. While some
information is available for JSON Hijacking this attack is not very well

Rohini Sulatycki will give an overview of this attack as well as provide a


Rohini Sulatycki is a Senior Security Consultant within the Application
Security practice at Trustwave's SpiderLabs. SpiderLabs is the advanced
security team responsible for Penetration Testing, Application Security,
Incident Response, and Payment Application testing for Trustwave's clients.
Rohini has been involved in the Information Technology industry for more
than 16 years. Rohini specializes in application security testing, code
reviews and secure software development conducting a large number of
application, virtualization and external network tests in her capacity at
Trustwave. She has strong foundations in software engineering, design and
architecture and implementing enterprise applications. Rohini has a
background implementing and reviewing all types of applications, from
traditional client/server applications to web applications and web
services. Rohini has served as the president of the Kansas City OWASP
chapter and a member of the High Technology Crime Investigation Association
(HTCIA) and is the current co-chair of the South Florida OWASP chapter. She
has been a technical reviewer for several books and publications including
Java Security and IEEE Security and Privacy. She has also presented at
various industry events including Black Hat and OWASP FROC on topics such
as Web application security, Ajax security concerns and Flash application

*Please vote on our new poll and let us know what future topics you would
like to see presented at our meetings this year :

Facility Location:
Carl DeSantis Building, Main Davie Campus
Knight Lecture Hall (Room 1124)
3301 College Ave Fort Lauderdale, FL 33314-7796
 Phone: 800-541-NOVA (6682)

FREE CPE CREDITS! Did you know you earn 2 CPE credits for attending an
OWASP Meeting? It's true! Join us to feed your certs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-florida/attachments/20120917/6da7df03/attachment.html>

More information about the Owasp-florida mailing list