[Owasp-sanfran] Reminder: Next Silicon Valley OWASP Chapter Meeting - June 29, 2006

Brian Bertacini brian.bertacini at owasp.org
Wed Jun 28 14:36:13 EDT 2006

Greetings IT Professionals,


We have two outstanding speakers confirmed for our next OWASP meeting which
is scheduled for Thursday, June 29, 2006.  Kris Kahn of Seagate will discuss
risk management and security analysis strategies for secure software
development.  Jeremiah Grossman of WhiteHat Security will preview his
BlackHat 2006 presentation on new JavaScript attack techniques used to take
control of internal web-based and Intranet applications.  As always, the
event is open to the public and free to attend.  


More details about the meeting are available below.  Feel free to invite
colleagues and friends interested in attending this meeting.  Please email
to RSVP for this event at brian.bertacini at owasp.org or visit



Agenda and Presentations:
6:00pm - 6:30pm   Check-in and reception (food & beverages provided)
6:30pm - 6:40pm   Chapter announcements
6:40pm - 7:30pm   FORMA for Secure Software Development, Kris Kahn, Seagate
7:35pm - 8:25pm   JavaScript Attacks & Intranet Applications, Jeremiah
Grossman, WhiteHat Security
8:30pm - 9:00pm   Open discussion & Networking


San Jose Hyatt (Airport)
1740 North First Street
San Jose, CA 95112

Framework of Risk Management & Analysis (FoRMA) for Secure Software
Presented by: Kris Kahn, Sr. Governance Analyst, Seagate Technology

Abstract: We frequently apply Risk Management concepts in our daily lives,
whether it's driving in the rain on the freeway, or crossing a busy
intersection. It comes down to making a choice, taking a calculated risk to
reach our objective. We decide quickly, making assumptions about the threats
and about our environment. The lessons we learn from our failures help us
make wiser decisions next time, if we survive. 


Using a new Framework of Risk Management & Analysis (FoRMA) for Secure
Software Development, we will be able to make better decisions by
understanding our threats. FoRMA will help us ensure that we have the
appropriate level of protection to maximize our business objectives,
increasing quality and minimizing cost. 

Bio: Kris Kahn, CISSP-ISSAP,ISSMP, CISA, OPSA, currently a Sr. Governance
Analyst at Seagate Technology. Passionate about security for more than 15
years, also worked for companies in the San Francisco Bay Area that include
Autodesk, and Best Internet Communications. A CISSP since 2001, his key
contributions include firewall architectures, risk management models,
security assessment methodologies, and security awareness training. Kris has
expertise in offensive, defensive and governance facets of security. 

JavaScript Attacks and Threats to Intranet Applications
Presented by: Jeremiah Grossman, Founder and CTO, WhiteHat Security

Abstract: Malicious JavaScript is capable of stealing cookies, capturing
keystrokes, monitoring activity and planting root kits. Attackers are using
JavaScript to hijack browser sessions to commit bank fraud, hack other
websites, or post derogatory comments in a public forum - all without
traces, tracks or warning sirens. 


Web application security research is revealing that outsiders can also use
these hijacked browsers to exploit intranet websites.  Most assume while
surfing the Web we are protected by firewalls that are isolated through
private networks. We believe nothing is capable of directly connecting in
from the outside world. Right? Well, not quite. Web browsers can be
completely controlled by any web page, enabling them to become launching
points to attack internal network resources. 

The web browser of every user on an enterprise network becomes a stepping
stone for intruders. 


During this presentation we'll demonstrate a wide variety of cutting-edge
web application attack techniques and describe best practices for securing
websites and users against these threats. 

You'll see:


    * Port scanning and attacking intranet devices using JavaScript

    * Blind web server fingerprinting using unique URLs

    * Discovery NAT'ed IP addresses with Java Applets

    * Stealing web browser history with Cascading Style Sheets

    * Best-practice defense measures for securing websites

    * Essential habits for safe web surfing

Bio: Jeremiah Grossman is the founder and Chief Technology Officer of
WhiteHat Security and responsible for web application security R&D and
industry evangelism. Mr. Grossman is a frequent speaker at the Black Hat
Briefings, ISSA, ISACA, NASA, and other industry events. Jeremiah been
published in USA Today, VAR Business, NBC, ABC News (AU), ZDNet, eWeek,
Computerworld and BetaNews. Prior to WhiteHat, Mr. Grossman served as an
information security officer at Yahoo!. 

This event is co-sponsored by AppSec <http://www.appsecconsulting.com/>
Consulting, Inc. and WhiteHat Security, <http://www.whitehatsec.com/>  Inc. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-sanfran/attachments/20060628/d689daa4/attachment.html 

More information about the Owasp-sanfran mailing list