[Owasp-sanjose] Next OWASP Meeting on Thursday, August 10

Wed Jul 26 14:35:39 EDT 2006

Greetings IT Professionals,  

Many companies have implemented web services to provide interoperability
with legacy and/or disparate applications and systems.  Benefits from this
technology include functionality allowing software and services from
different companies and locations to be combined easily to provide an
integrated service.  In most cases web services use HTTP as a transport
mechanism along with other open standards and protocols making security a
large concern.  Alex Stamos, Founding Partner, iSEC Partners, is an expert
in this area and he has volunteered to present on this topic at our next
meeting. If your company has deployed web services or is considering such
deployment then this meeting is for you.  Alex will review common security
vulnerabilities often overlooked during design and deployment of web
services and introduce countermeasures to deploy these services with
confidence.    

As always, the event is open to the public and free to attend.  RSVP via
email or at http://owasp.mollyguard.com <http://owasp.mollyguard.com/> 

Agenda and Presentations:
6:00pm - 6:30pm   Check-in and reception (food & beverages provided)
6:30pm - 6:40pm   Chapter announcements
6:40pm - 8:00pm   The Next Generation of Vulnerable Applications, Alex
Stamos, iSec Partners 

8:00pm - 8:30pm   Open Discussion & Networking  

Venue: 

San Jose Hyatt (Airport)

1740 N. First Street

San Jose, CA 95112

The Next Generation of Vulnerable Applications 

Presented by: Alex Stamos, Founding Partner, iSec Partners 

Abstract: Web Services represent a new and unexplored set of
security-sensitive technologies that have been widely deployed by large
companies, governments, financial institutions, and in consumer
applications.   Unfortunately, the attributes that make web services
attractive, such as their ease of use, platform independence, use of HTTP
and powerful functionality, also make them a great target for attack. In
this talk, we will explain the basic technologies (such as XML, SOAP, and
UDDI) upon which web services are built, and explore the innate security
weaknesses in each.  We will then demonstrate new attacks that exist in web
service infrastructures, and show how classic web application attacks (SQL
Injection, XSS, etc.) can be retooled to work with the next-generation of
enterprise applications. 

Bio: Alex Stamos is a founding partner of iSEC Partners - a strategic
digital security organization.  Alex is an experienced security engineer and
consultant specializing in application security and securing large
infrastructures, and has taught multiple classes in network and application
security.  He is a leading researcher in the field of web application and
web services security and has been a featured speaker at top industry
conferences such as BlackHat, DefCon, SyScan, Microsoft BlueHat and OWASP
App Sec.

Before he helped form iSEC Partners, Alex spent two years as a Managing
Security Architect with @stake.  Alex performed as a technical leader on
many complex and difficult assignments, including a thorough penetration
test and architectural review of a 6 million line enterprise management
system, a secure re-design of a multi-thousand host ASP network, and a
thorough analysis and code review of a major commercial web server.  He was
also one of @stake's West Coast trainers, educating select technical
audiences in advanced network and application attacks.  

Alex has also worked in at a DoE National Laboratory.  He holds a BS in
Electrical Engineering and Computer Science from the University of
California, Berkeley, where he participated in research projects related to
distributed secure storage and automatic C code auditing.    

This event is co-sponsored by  <http://www.appsecconsulting.com> AppSec
Consulting, Inc. and  <http://www.isecpartners.com/> iSec Partners, LLC.   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-sanjose/attachments/20060726/6f1bba29/attachment.html 