[Owasp-france] Meeting OWASP France Décembre 2015 - Inscriptions Ouvertes

Sebastien Gioria sebastien.gioria at owasp.org
Tue Nov 24 10:37:10 UTC 2015


Bonjour a tous,

Le meeting de décembre de l'OWASP France est prévu dans les locaux de
Solucom le 3/12 à la Défense, Tour Franklin.

Du à l'état d'urgence des mesures de sécurité supplémentaires sont appliquées :

- Il est nécessaire de se munir d'une pièce d'identité pour accéder aux locaux

- Les sacs seront inspectés, si l'élément(valise ou autre) est trop
important, l'agent de sécurité pourra empécher l'accès.

Au programme, 2 présentations en FRANCAIS :

Présentation Numéro1 : Application security from the inside
------------------------------------------------------------------------
Security experts have the technical background to identify most
application vulnerabilities today, such as SQL injections, XSS, shell
injections, etc.
The identification of security flaws cannot be exhaustive today.
Securing applications is all about reactivity and timing: finding
security flaws as they happen, or "as soon as possible".
The presentation will focus on applications internals (the runtime)
when different types of vulnerabilities are triggered, and how to
fingerprint malicious behaviors directly from the app logic.

Speaker bio:
------------------
Jean-Baptiste Aviat is CTO at Sqreen (https://www.sqreen.io).
Jean-Baptiste spent half a decade hunting security bugs at Apple,
helping developers solve them, and developing protection solutions.
He previously was a full stack white hat hacker at HSC, developing
many security tools in whatever language he needed to hack into.

Présentation Numéro2 : OWASP CSRF Guard:
--------------------------------------------------------------------
OWASP CSRFGuard implements a variant of the synchronizer token pattern
to mitigate the risk of CSRF attacks. In order to implement this
pattern, CSRFGuard must offer the capability to place the CSRF
prevention token within the HTML produced by the protected web
application. CSRFGuard 3 provides developers more fine grain control
over the injection of the token. Developers can inject the token in
their HTML using either dynamic JavaScript DOM manipulation or a JSP
tag library. CSRFGuard no longer intercepts and modifies the
HttpServletResponse object as was done in previous releases. The
currently available token injection strategies are designed to make
the integration of CSRFGuard more feasible and scalable within current
enterprise web applications. Developers are encouraged to make use of
both the JavaScript DOM Manipulation and the JSP tag library
strategies for a complete token injection strategy. The JavaScript DOM
Manipulation strategy is ideal as it is automated and requires minimal
effort on behalf of the developer. In the event the JavaScript
solution is insufficient within a particular application context,
developers should leverage the JSP tag library. The purpose of this
article is to describe the token injection strategies offered by OWASP
CSRFGuard 3.


Speaker Bio :
------------------
Azzeddine RAMRAMI est le leader du projet OWASP CSRFGuard et le leader
de l'OWASP Maroc.



S'inscrire : https://www.eventbrite.fr/e/billets-meeting-owasp-france-decembre-2015-19056935808

Merci de ne vous inscrire que si vous venez effectivement, le nombre
de place étant limitée !

Si vous souhaitez faire un don à L'OWASP France , profitez en ;)



-- 
OWASP French Chapter Leader
GSM: +33 6 70 59 11 44


More information about the Owasp-france mailing list