[Owasp-sanantonio] Today's OWASP meeting: last reminder

Dan Cornell dan at denimgroup.com
Wed Apr 19 10:36:34 EDT 2006


Just one final reminder of today's 11:30 OWASP meeting.  The topic is
AJAX security and we will be introducing and demonstrating a new open
source tool for assessing the security of AJAX-enabled applications.

More info below.




San Antonio OWASP Chapter: April 2006 Meeting
Topic: AJAX Security: Here We Go Again
Presenter: Dan Cornell of Denim Group, Ltd.
Date: Wednesday April 19th, 2006 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229

AJAX (or Asynchronous JavaScript And XML) is the hot new web programming
technique being used to create rich Internet applications.  By
interacting with the server behind the scenes and updating web page
DOMs, AJAX applications bring a new level of responsiveness to the web
and opens exciting new possibilities for creating new classes of
applications.  The success of applications such as Google Maps and
Flickr is a testament to the exciting potential AJAX techniques bring to
the discipline of web application development.

Unfortunately many organizations implementing these techniques are doing
so without considering the security implications on application design
and development.  Furthermore, because these techniques are so new the
threats and countermeasures are not well understood.  This presentation
will give an explanation of AJAX techniques and will examine the
underlying constructs and their behavior.  Next it will examine how
common web application vulnerabilities translate to AJAX environments
well as new threats that are specific to AJAX applications.  The
presentation will conclude with a demonstration of "sprajax," an
alpha-release open-source tool developed by Denim Group that analyzes
web applications for potential security vulnerabilities exposed through
the use of AJAX.

Presenter Bio:
Dan Cornell is a Principal of the Denim Group, a Texas-based consultancy
providing software development and application security services.  He
has extensive experience architecting and developing enterprise web
applications on a variety of platforms as well as training and mentoring
development teams on application security and secure coding techniques.
Dan is the creator and primary author of the sprajax open source AJAX
security assessment tool.  He is an MCSD as well as a Java 2 Certified

Sodas and snacks will be provided.  Feel free to bring a brown-bag

Please RSVP: E-mail owasprsvp at denimgroup.com  or call (210) 572-4400.

More information about the Owasp-sanantonio mailing list