[Owasp-rochester-announce] September meeting with Jeff Williams, Sep 22nd, 6pm at Bryant & Stratton
andreac at dollos.it
Wed Sep 17 14:35:15 EDT 2008
September meeting will be held on Monday September 22nd, 6pm at Bryant
& Stratton College and will feature a videoconference with Jeff
Williams, world famous webappsec guru, on verb tampering, EASPI
library and the future of OWASP. You can't miss this one!
Presenter: Jeff Williams
Topic: Verb tampering and ESAPI
Jeff Williams is one of the major contributors in webappsec community.
He has written many whitepapers, spoken at many conferences including
Secure Software Summit, OWASP conferences, ISSA InfoSec Conference,
NSA High Confidence Software and Systems Conference (HCSS), JavaOne,
National Computer Security Conference (NCSC), etc, worked on several
projects and written many tools available at OWASP (including creating
the OWASP Top 10, WebGoat, Stinger, Secure Software Contract Annex,
Honeycomb Project and the Enterprise Security API). Jeff has done a
lot of work in promoting awareness of web application security. He's
CEO of Aspect Security and also volunteers as chairs of OWASP
Foundation. You can find more about him here:
What is ESAPI?
The ESAPI is a free and open collection of all the security methods
that a developer needs to build a secure web application. You can just
use the interfaces and build your own implementation using your
company's infrastructure. Or, you can use the reference implementation
as a starting point. In concept, the API is language independent.
However, the first deliverables from the project are a Java API and a
Java reference implementation. Efforts to build ESAPI in .NET and PHP
are already underway.
Unfortunately, the available platforms, frameworks, and toolkits (Java
EE, Struts, Spring, etc...) simply do not provide enough protection.
This leaves developers with responsibility for designing and building
security mechanisms. This reinventing the wheel for every application
leads to wasted time and massive security holes.
The cost savings through reduced development time, and the increased
security due to using heavily analyzed and carefully designed security
methods provide developers with a massive advantage over organizations
that are trying to deal with security using existing ad hoc secure
coding techniques. This API is designed to automatically take care of
many aspects of application security, making these issues invisible to
Attendance to the meeting is free and open to anyone.
See you there,
The third Rochester Security Summit will be held on October 29-30. Go
to http://rochestersecurity.org/ web site to explore the agenda.
Registration is open and early bird discount has been extended to
More information about the Owasp-rochester-announce