[Owasp-sanantonio] May OWASP meeting: Forceful Browsing: Second notice
dan at denimgroup.com
Tue May 9 11:56:46 EDT 2006
See below for the May OWASP San Antonio meeting info. The topic is
"Forceful Browsing" The info is also online at the OWASP San Antonio
web page: <http://www.owasp.org/local/antonio.html>
Hope to see you all there!
San Antonio OWASP Chapter: May 2006 Meeting
Topic: How to Prevent Forceful Browsing
Presenter: Dan Ross of PIC Business Systems
Date: Wednesday May 24th, 2006 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
By Forceful Browsing, clients may be able to access pages which should
be forbidden. A technique for preventing forceful browsing is
introduced. With this technique, you may be assured that clients may
only visit pages for which links have been presented.
Granularity may be adjusted for an entire page, as well as for specific
page parameters. For example, you may prevent a user from deleting
customers altogether, or you may permit a user to delete customer #1,
but not customer #2. In addition, a notification system can alert you
when users are forceful browsing.
The implementation will be presented using PHP.
Dan Ross has been VP Engineering for 17 years at PIC Business Systems,
which provides integrated business software for the Window Coverings and
Apparel Industries. He has led the design, development, and maintenance
of many commercial web applications and programs. He has a BS in
Industrial Engineering from St. Mary's University in San Antonio.
Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.
Please RSVP: E-mail owasprsvp _at_ denimgroup _dot_ com or call (210)
More information about the Owasp-sanantonio