[Owasp-sanantonio] OWASP San Antonio - Oct 11th meeting
dan at denimgroup.com
Wed Oct 3 18:24:10 EDT 2007
This is a reminder that our next meeting will be next Thursday - October
11th at the San Antonio Technology Center. Details are below. Hope to
see you all there.
San Antonio OWASP Chapter: October 2007 Meeting
Topic: Business Logic Flaws
Presenter: Jeremiah Grossman
Date: October 11th, 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
Session handling, credit card transactions, and password recovery are
just a few examples of Web-enabled business logic processes that
malicious hackers have abused to compromise major websites. These types
of vulnerabilities are routinely overlooked during QA because the
process is intended to test what a piece of code is supposed to do and
not what it can be made to do. The other problem(s) with business logic
flaws is scanners can't identify them, IDS can't detect them, and Web
application firewalls can't defend them. Hard hitting trifecta. Plus,
the more sophisticated and Web 2.0 feature-rich a website, the more
prone it is to have flaws in business logic.
As the number of common vulnerabilities such as SQL Injection and
Cross-Site Scripting are reduced, the bad guys will increase their
attacks on business logic flaws.
This presentation will provide real-world demonstrations of how
pernicious and dangerous business logic flaws are to the security of a
website. We'll also show how best to spot them and provide organizations
with a simple and rational game plan to prevent them.
Jeremiah Grossman is the founder and CTO of WhiteHat Security and a
world-renowned expert in Web security. He is also a co-founder of the
Web Application Security Consortium and was named one of InfoWorld's Top
25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events
including the Black Hat Briefings, RSA, CSI, ISACA, ISSA and Defcon. He
is a co-author of Cross Site Scripting Attacks; has authored dozens of
articles and white papers; and is credited with the discovery of many
cutting-edge attack and defensive techniques. Mr. Grossman is a trusted
media resource and has been quoted in USA Today, CSO Magazine,
InfoWorld, PC World, Information Week, Dark Reading, SC Magazine, and
CNET. Prior to WhiteHat, he was an information security officer at
Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.
Please RSVP: E-mail owasprsvp at denimgroup.com or call (210) 572-4400.
More information about the Owasp-sanantonio