[Owasp-sanantonio] May OWASP meeting: Forceful Browsing

Dan Cornell dan at denimgroup.com
Fri Apr 28 12:16:26 EDT 2006


See below for the May OWASP San Antonio meeting info.  The topic is
"Forceful Browsing"  The info is also online at the OWASP San Antonio
web page: <http://www.owasp.org/local/antonio.html>

Hope to see you all there!




San Antonio OWASP Chapter: May 2006 Meeting
Topic: How to Prevent Forceful Browsing
Presenter: Dan Ross of PIC Business Systems
Date: Wednesday May 24th, 2006 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229

By Forceful Browsing, clients may be able to access pages which should
be forbidden. A technique for preventing forceful browsing is
introduced. With this technique, you may be assured that clients may
only visit pages for which links have been presented.

Granularity may be adjusted for an entire page, as well as for specific
page parameters. For example, you may prevent a user from deleting
customers altogether, or you may permit a user to delete customer #1,
but not customer #2. In addition, a notification system can alert you
when users are forceful browsing.

The implementation will be presented using PHP.

Presenter Bio:
Dan Ross has been VP Engineering for 17 years at PIC Business Systems,
which provides integrated business software for the Window Coverings and
Apparel Industries. He has led the design, development, and maintenance
of many commercial web applications and programs. He has a BS in
Industrial Engineering from St. Mary's University in San Antonio.

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp _at_ denimgroup _dot_ com or call (210)

More information about the Owasp-sanantonio mailing list