[Owasp-rochester-announce] Meeting October 16 (Next Monday)

Michael Starks owaspmaillist at michaelstarks.com
Tue Oct 10 19:13:40 EDT 2006

Hello Everyone,

Just a few announcements to make:

Our next meeting of the Rochester chapter of OWASP will be on Monday, 
October 16, 2006 at 6:00 PM.  Steve Buck will be presenting on: The 
first of the OWASP top ten: unvalidated input.  Details can be found at 
the bottom of this e-mail.
Did you know that OWASP meeting attendance can be used towards CISSP CPE 
credits, and may also be valid for other certification continuing 
education credits?
The Rochester OWASP page has had a major round of updates.  Check the 
web site for meeting dates, directions, a Google map, and an index of 
past presentations: http://www.owasp.org/index.php/Rochester
For the November meeting we have something very special planned.  I 
don't want to spoil the surprise yet, but it looks like it's shaping up 
to be very interesting.  Details to follow soon...
Do you know someone who would be interested in attending an OWASP 
meeting?  Bring them along!  Meetings are always free.  Are you 
interested in presenting on a web application security-related topic? 
Let us know.  OWASP is driven by the community and we need your help to 
make it successful.

October Meeting Details

Date: Monday, October 16, 2006, 6:00 PM

Presentation: The first of the OWASP top ten: unvalidated input, by 
Steve Buck.

At this meeting we will be discussing the first of the OWASP top ten 
list: unvalidated input. We will discuss the problems posed by not 
validating input on the server side. These problems include: forced 
browsing, command insertion, cross site scripting, buffer overflows, 
bypassing site security, format string attacks, SQL injection, cookie 
poisoning, and hidden field manipulation.

We will cover how to determine if you are vulnerable to one of these 
attacks, and also how to protect yourself. We will also have a demo of 
some of these exploits in action. Finally, we will have an open 
discussion with any questions about the subject matter.

Bio: Steve Buck is a consultant for Mindex Technologies. He has been 
working with various web technologies since 1996, involving everything 
from Perl and C CGIs to J2EE.

Steve has experience as a UNIX system administrator instructor with a 
specialty in system security.

Best regards,
Michael Starks, CISSP
Rochester OWASP Webmaster & Communications

More information about the Owasp-rochester-announce mailing list