[Owasp-phoenix] OWASP-January 11th Meeting

Jon Rose jrose at stachliu.com
Fri Jan 5 12:27:07 EST 2007

Hello Everyone,


I hope everyone had a great holiday and a happy New Years.  I am really
looking forward to this year and making the Phoenix Chapter a success.  So
far I have heard from a number of people about speaking in upcoming
meetings.  I am always looking for new speakers and topics so feel free to
send me an email if you're interested.   


The next OWASP meeting is scheduled for Thursday, January 11th from
6:30PM-8:00PM.  This meetings speaker is Brian Christian, Co-founder and
Application Security Engineer, S.P.I. Dynamics, Inc.   The details of this
month's meeting are below:



UAT - University of Advancing Technology (Entrance at the back of the

2625 West Baseline Road

Tempe, Arizona




6:30PM, Thursday, January 11th



 6:30 to 6:45 News & Introductions

 6:45 to 7:45 (1 hour): Data at Risk - Brian Christian


Data at Risk - Protecting Web Applications Throughout the Development Lifecycle
from Hackers 

In September 2006, Mitre released statistics revealing that Web application
security issues had claimed the top three spots for the most prevalent
vulnerabilities being discovered in open source and commercial software. As
evidenced by the growing number of corporate scandals that have occurred due
to confidential data being accessed via Web hacks, securing public and
private Web applications and Web services is now a top priority for many in
the application development lifecycle. 


This session will define what Web application security is and why it is
needed throughout the entire development lifecycle. We will discuss common
vulnerabilities in the Web application layer and why they are so easily
exploited. This session demonstrates how to defend against common attacks at
the Web application layer with examples covering Web application hacking
methods such as SQL Injection, Blind SQL Injection, Cross-Site Scripting
(XSS), Parameter Manipulation, etc. We will also review how compliance and
regulatory legislation such as PCI, GLBA, HIPAA, CASB 1386, and
Sarbanes-Oxley, etc. specifically relates to and affects Web application
security. Additionally, we will examine how security throughout the
development lifecycle is essential to the security of Web application code
and the protection of proprietary data. 


Speaker Bio

Brian Christian is co-founder and an Application Security Engineer for SPI
Dynamics, the expert in Web application security assessment and testing.
Brian has over 11 years of experience in high tech positions within the
information technology industry with the last eight years of his career
focused exclusively in Internet security. His current role with SPI Dynamics
provides an ideal venue for his leadership and visionary capabilities. 


Brian's successful career includes key security positions at Lucent
Technologies, Security First Technologies and Internet Security Systems
(ISS). While at Security First, the first online banking company, Brian
helped to establish the baseline of Internet financial commerce and also
created security policies for several Web-based Internet banking sites
throughout America and Europe. While at ISS, Brian helped to create the
standard for the industry's first penetration and vulnerability assessment
models. Brian has spoken on the topic of Web application security at
numerous conferences including SANS, Infosec Canada, ISACA Audit Conference,
ISSA and ISACA Chapter Meetings, Infosecurity and CSI.


 7:45 to 8:00: Wrap up


8:00 Happy Hour/Social: 


5000 Arizona Mills Circle, Tempe, AZ 85282




The Open Web Application Security Project (OWASP) is an all-volunteer group
that produces free, professional-quality, open-source documentation, tools,
and standards. The OWASP community facilitates conferences, local chapters,
articles, papers, and message forums. The OWASP Foundation, a not-
for-profit charitable organization, ensures the ongoing availability and
support for our work. Participation in OWASP is free and open to all, as are
all the materials on the website (http://www.owasp.org/).


Note to CISSP's: OWASP Meetings count towards CPE Credits. 



 Jon Rose and Adam Muntner



Jon Rose  |  Senior Security Associate  |  Stach & Liu, LLC

E-mail: jrose at stachliu.com <BLOCKED::mailto:jrose at stachliu.com>   |  Voice:
718.640.6194  |  Fax: 480.383.6401


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-phoenix/attachments/20070105/f1cdd924/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3929 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-phoenix/attachments/20070105/f1cdd924/attachment.bin 

More information about the Owasp-phoenix mailing list