[Owasp-sanantonio] October 11th OWASP SA meeting

Dan Cornell dan at denimgroup.com
Thu Sep 13 08:32:58 EDT 2007


All:

I'm thrilled to announce that Jeremiah Grossman from WhiteHat Security
will be speaking at the OWASP San Antonio meeting in October.  We are
_extremely_ lucky to have such a well-known and well-respected speaker
at our chapter, so I hope to see everyone there.  I suspect attendance
will be pretty high, so please RSVP and bring anyone who might be
interested.

Thanks,

Dan

=================================

San Antonio OWASP Chapter: October 2007 Meeting
Topic: Business Logic Flaws
Presenter: Jeremiah Grossman
Date: October 11th, 11:30am - 1:00pm
Location:
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+T
X+78229

Abstract:
Session handling, credit card transactions, and password recovery are
just a few examples of Web-enabled business logic processes that
malicious hackers have abused to compromise major websites. These types
of vulnerabilities are routinely overlooked during QA because the
process is intended to test what a piece of code is supposed to do and
not what it can be made to do. The other problem(s) with business logic
flaws is scanners can't identify them, IDS can't detect them, and Web
application firewalls can't defend them.  Hard hitting trifecta. Plus,
the more sophisticated and Web 2.0 feature-rich a website, the more
prone it is to have flaws in business logic.

As the number of common vulnerabilities such as SQL Injection and
Cross-Site Scripting are reduced, the bad guys will increase their
attacks on business logic flaws.

This presentation will provide real-world demonstrations of how
pernicious and dangerous business logic flaws are to the security of a
website.  We'll also show how best to spot them and provide
organizations with a simple and rational game plan to prevent them.

Presenter Bio:
Jeremiah Grossman is the founder and CTO of WhiteHat Security and a
world-renowned expert in Web security.  He is also a co-founder of the
Web Application Security Consortium and was named one of InfoWorld's Top
25 CTOs for 2007.  Mr. Grossman is a frequent speaker at industry events
including the Black Hat Briefings, RSA, CSI, ISACA, ISSA and Defcon.  He
is a co-author of Cross Site Scripting Attacks; has authored dozens of
articles and white papers; and is credited with the discovery of many
cutting-edge attack and defensive techniques. Mr. Grossman is a trusted
media resource and has been quoted in USA Today, CSO Magazine,
InfoWorld, PC World, Information Week, Dark Reading, SC Magazine, and
CNET. Prior to WhiteHat, he was an information security officer at
Yahoo!


Sodas and snacks will be provided.  Feel free to bring a brown-bag
lunch.
Please RSVP: E-mail owasprsvp at denimgroup.com  or call (210) 572-4400.


More information about the Owasp-sanantonio mailing list