[Owasp-rochester-announce] OWASP Meeting Feb 10th 12 noon - 1:30pm

Ralph Durkee rd at rd1.net
Wed Jan 6 18:59:28 UTC 2016


*Rochester OWASP Chapter meeting*

*Date:* Feb 10th, 12 Noon - 1:30pm

*Location:* Univ of Rochester College Town – Building 3

    (2nd floor above Constantino’s Grocery)
    Parking is for 2 hours outside the grocery store
    http://www.collegetownrochester.com/map-directions/

*Cost:* The meeting is free.

*To Register: *Please RSVP by Jan 27th to Ralph.Durkee @ OWASP.org.
There will be Pizza provided.

*Understanding and Preventing Cross-Site Request Forgery Attacks*

Ranked #8 on the OWASP Top 10, “Cross-Site Request Forgery (CSRF) is an
attack that forces an end user to execute unwanted actions on a web
application in which they're currently authenticated.” (OWASP Wiki)

CSRF vulnerabilities are commonplace and easily missed by developers who
are unfamiliar with this class of attack. Unlike injection
vulnerabilities, they do not become apparent during testing unless you
know exactly what to look for. This session will provide an introduction
to CSRF vulnerabilities, and will include an attack demonstration and
practical examples that prevent this type of vulnerability.

Come join your friends and bring your colleagues for a great
presentation, food, good drink, and fun conversation.

*Speaker: *John King

John is a web application developer with 10+ years of experience, with a
focus on product management, user-experience, and application security.
He has recently joined RIT ITS as a Senior Web Programmer / Analyst. He
also serves as an officer of the Rochester chapters of OWASP and ISSA,
and helps plan the annual Rochester Security Summit.

*Participation:* OWASP chapter meetings are free and open to anyone
interested in application security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-rochester-announce/attachments/20160106/097e2df1/attachment.html>


More information about the Owasp-rochester-announce mailing list