[OWASP-Seattle] RSVP for Thur Oct 6th meeting

Todd Wedge todd.wedge at owasp.org
Fri Sep 30 13:28:39 EDT 2005

If you are attending next Thursday's meeting, please RSVP so I can get an
accurate count for food and drinks. I received early RSVPs from a month
ago but please re-confirm in case your schedule has changed.

We have a couple of great appsec topics (Rapid Threat Modeling & One-Click
Attacks) and two excellent speakers lined up so I'm looking forward to a
large turnout. Please call or email me if you have questions.



Everyone with an interest in application security is welcome to join our
chapter meetings. The next meeting will be held Thursday night October 6th
at the following location and is sponsored by IOActive Inc.

Las Margaritas Restaurant
437 108th Avenue NE (corner of NE 4th & 108th)
Bellevue, WA 98004
tel: (425) 453-0535

Appetizers, beer and wine will be served and vegetarian items are provided
at all events. The meeting will be held in a private meeting room at Las

Feature Presentation: Rapid Threat Modeling

One of the most important weapons in our arsenal for securing applications
is threat modeling. Applications are becoming increasingly complex and new
technologies are emerging constantly. In this scenario, building or
attacking applications is challenging. Threat models can help attackers
discover design vulnerabilities and mount complex attacks. These models
give secure application developers a great amount of leverage to envision
their design, implementation and soundness of their architectures. Being
living documents, they also carry forward any knowledge gained from
previous development life cycles and are invaluable in understanding the
impact of any changes to the overall security posture of the applications.
Understanding and constructing meaningful threat models is hard.
Application teams and attackers need to be aware of what they want to
model, how they want to model and when they want to model. Rapid Threat
Modeling will help them develop models rapidly while reutilizing data they
gathered either through reconnaissance or through the software development
lifecycle. A practical hands-on demonstration of modeling threats for
complex managed application will allow for immediate use of any threat
modeling knowledge gained.

Featured Speaker: Robert Harvey

Rob Harvey is a privacy and security analyst with Microsoft working to
ensure that Microsoft’s Line of Business applications meet corporate
privacy and security standards. Rob has over 4 years experience performing
application security testing and code reviews in the software,
telecommunications, multinational import/export and transportation
industries. He is a member of the renowned GhettoHackers security
organization. Before joining Microsoft, Rob was a Senior Security
Architect with IOActive, Inc.

2nd Presentation: One Click Attacks

The term "one-click attack" describes a technique whereby an attacker can
cause another user to unwittingly transmit HTTP requests of the attacker's
choice. This brief presentation will demonstrate a fairly advanced example
of the one-click attack, explore alternate attack scenarios, and discuss
prevention techniques.

Presenter: Eric Rachner

Eric Rachner is a freelance computer security professional and long-time
security enthusiast. His interest in the subject dates back to his teen
years and throughout a 10-year career at Microsoft where he most recently
held the position of Senior Security Analyst. Working in that capacity for
three years gave Eric a particular specialty in Web application security
as well as the opportunity to contribute a cover feature on the subject
for the August 2004 issue of asp.net PRO Magazine. He has also contributed
material on .NET-based Web applications to the Microsoft .NET Developer
book series.

Note: OWASP does not endorse products or services in any way. Information
provided at chapter meetings is in the interest of the members of the
OWASP Seattle chapter.

Meeting Agenda:

6pm to 6:30pm - Reception (food & beverages)
6:30pm to 6:40pm - Chapter Announcements
6:45pm to 7:45pm - Presentation -Threat Modeling
7:50pm to 8:30pm - Presentation - One Click Attacks
8:30pm --> Networking

OWASP Seattle chapter meetings are free. You can join the group by adding
your name to the mailing list

Please RSVP by sending a message to todd.wedge at owasp.org or call (425)

More information about the Owasp-seattle mailing list