[OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*

Aaron Weaver aaron.weaver2 at gmail.com
Mon Feb 11 15:08:36 EST 2008


- -------------------------------------------------------------------------------------------
- - Philadelphia OWASP  Patten Auditorium Drexel University    -
- -------------------------------------------------------------------------------------------

Come join us in Philadelphia as we discuss web application security
and determine the content for upcoming meetings this year! We are
looking forward to a good year in web application security. At this
meeting we'll discuss what's happening in web application security,
plan our upcoming meetings, and then discuss secure PHP development
and a fun way to spam your printer using JavaScript.

Please RSVP to darian at criticode.com if you plan on attending.

- ---------------------------------------------------------------------
- - HOW-TO: Secure PHP Deployment Patterns -
- ---------------------------------------------------------------------

Philadelphia-area application security consultant and Philly OWASP
Chapter Leader Darian Anthony Patrick will present secure PHP
deployment patterns in shared hosting and application-dedicated
deployment environments.

PHP has become one of the most frequently noted development platforms
of vulnerable web applications.  This talk will describe best
practices for separation of PHP applications to minimize effect of a
successful penetration, and the hardening and isolation of PHP itself
to mitigate the effect of successful exploitation of problems in the
language implementation.

- ----------------------------------------------------------------------
- - HACK: Cross Site Printing                             -
- ----------------------------------------------------------------------

Philadelphia-area security researcher and Philly OWASP Chapter Leader
Aaron Weaver will be discussing Cross Site Printing[1], a notable
variation on intranet application exploitation.

Aaron's research has well received by the web security industry, with
coverage by Robert Hansen aka RSnake[2] of SecTheory and ha.ckers.org,
Jeremiah Grossman of White Hat Security[3] and has been named number 4
of the Top Ten Web Hacks of 2007[4] in informal polling conducted by
Jeremiah, and is noted as one of the Coolest Hacks of 2007 by Dark
Reading[5].  You don't want to miss this exciting presentation!

[1]http://en.wikipedia.org/wiki/XSP_(cross_site_printing)
[2]http://ha.ckers.org/blog/20080108/cross-site-printing/
[3]http://jeremiahgrossman.blogspot.com/2008/01/cross-site-printing-printer-spamming.html
[4]http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html
[5]http://www.darkreading.com/document.asp?doc_id=145319&WT.svl=news1_3


 **Also if there are some companies on the list who would like to
sponsor the food – we would definitely welcome it.

Next Meeting:
 February 19th 2008, 6:00 PM - 8:00 PM
 OWASP Philly Meeting

Patten Auditorium (Room 109)
Matheson Hall
3220 Market St. (32nd and Market Streets) Philadelphia, PA

Special thank you to our location sponsor Chariot Solutions.  Chariot
Solutions is organizing the 2008 Emerging Technologies for the
Enterprise conference at Drexel University, March 26-27, 2008.
Speakers include Floyd Marinescu of InfoQ.com, David Brussin of
TurnTide, Obie Fernandez, Yehuda Katz, and many more.  You don't want
to miss this exciting event!  More information at
http://www.phillyemergingtech.com/.










This message contains information which may be confidential and
privileged. Unless you are the addressee (or authorized to receive for
the addressee), you may not use, copy or disclose to anyone the
message or any information contained in the message. If you have
received the message in error, please advise the sender by reply
e-mail, and delete or destroy the message. Thank you.

---------- Forwarded message ----------
From: "Weaver, Aaron D" <AWeaver at sovereignbank.com>
To: "Weaver, Aaron D" <AWeaver at sovereignbank.com>
Date: Fri, 8 Feb 2008 14:41:49 -0500
Subject: OWASP Philly Meeting



February 19th 2008, 6:00 PM - 8:00 PM
 OWASP Philly Meeting - Patten Auditorium, Drexel

Come join us in Philadelphia as we discuss web application security
and determine the content for the upcoming meetings this year!

Food & Conversation

Agenda:
 1.) Secure PHP deployment patterns - Darian Patrick
 2.) Cross Site Scripting - Remotely exploiting network printers using
javascript (Demo as well) - Aaron Weaver



http://maps.google.com/maps?f=d&hl=en&geocode=&saddr=3141+Chestnut+Street++Philadelphia,+PA&daddr=&sll=37.0625,-95.677068&sspn=44.928295,82.265625&ie=UTF8&z=16&om=0



http://www.drexel.edu/em/directions/directions_uc.html

Parking Options

First Option: After taking Exit 345, make a right at the first traffic
light. On your right is 5-Star Parking.

Second Option: After taking Exit 345, continue to the second light
(Market Street) and make a right turn. On the left side of Market
directly at 31st Street, there is a small lot (Park). There is also a
parking lot on the right side.

Third Option: If you continue down Market Street and make a left onto
36th Street, the University City Sheraton Hotel also offers parking in
its garage.

Metered parking is also available on many of the surrounding streets.


More information about the OWASP-Philadelphia mailing list