[Owasp-rochester-announce] September meeting with Jeff Williams, Sep 22nd, 6pm at Bryant & Stratton

Andrea Cogliati andreac at dollos.it
Wed Sep 17 14:35:15 EDT 2008

September meeting will be held on Monday September 22nd, 6pm at Bryant 
& Stratton College and will feature a videoconference with Jeff 
Williams, world famous webappsec guru, on verb tampering, EASPI 
library and the future of OWASP. You can't miss this one!

Presenter: Jeff Williams
Topic: Verb tampering and ESAPI


Jeff Williams is one of the major contributors in webappsec community. 
He has written many whitepapers, spoken at many conferences including 
Secure Software Summit, OWASP conferences, ISSA InfoSec Conference, 
NSA High Confidence Software and Systems Conference (HCSS), JavaOne, 
National Computer Security Conference (NCSC), etc, worked on several 
projects and written many tools available at OWASP (including creating 
the OWASP Top 10, WebGoat, Stinger, Secure Software Contract Annex, 
Honeycomb Project and the Enterprise Security API). Jeff has done a 
lot of work in promoting awareness of web application security. He's 
CEO of Aspect Security and also volunteers as chairs of OWASP 
Foundation. You can find more about him here:


What is ESAPI?
The ESAPI is a free and open collection of all the security methods 
that a developer needs to build a secure web application. You can just 
use the interfaces and build your own implementation using your 
company's infrastructure. Or, you can use the reference implementation 
as a starting point. In concept, the API is language independent. 
However, the first deliverables from the project are a Java API and a 
Java reference implementation. Efforts to build ESAPI in .NET and PHP 
are already underway.

Unfortunately, the available platforms, frameworks, and toolkits (Java 
EE, Struts, Spring, etc...) simply do not provide enough protection. 
This leaves developers with responsibility for designing and building 
security mechanisms. This reinventing the wheel for every application 
leads to wasted time and massive security holes.
The cost savings through reduced development time, and the increased 
security due to using heavily analyzed and carefully designed security 
methods provide developers with a massive advantage over organizations 
that are trying to deal with security using existing ad hoc secure 
coding techniques. This API is designed to automatically take care of 
many aspects of application security, making these issues invisible to 
the developers.

Attendance to the meeting is free and open to anyone.

See you there,


The third Rochester Security Summit will be held on October 29-30. Go 
to http://rochestersecurity.org/ web site to explore the agenda. 
Registration is open and early bird discount has been extended to 
September 30th!

More information about the Owasp-rochester-announce mailing list