[Owasp-twincities] Sept 9th meeting - Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way

Kuai Hinojosa kuai.hinojosa at owasp.org
Mon Aug 25 16:57:13 EDT 2008

Hello World -

I am happy to announce that our next meeting will be September 9th and
Jeremiah Grossman from WhiteHat Security has agreed to join us and enlighten
us with his BlackHat 08 presentation, plus some goodies and new money making
stories he will be sharing with us.

Our September 3rd meeting has been canceled. Brian Chess from Fortify
Software will instead join us in our planned October 21st mini conference
which will be hosted at University of Minnesota. For this one day mini
conference we will have the participation of speakers such as Richard
Stallman founder of the Free Software Foundation, Jeff Williams Chair of the
OWASP Foundation and CEO of Aspect Security and Rohyt Belani from the
Intrepidus Group to mention a few.  We will post all the details soon once
we have all the details finalized. In the meantime, planned on attending
this one day mini conference set for October 21st at the UMN St. Paul
campus. There is also planning for a two day web penetration testing course
offered by the MN-ISSA and Rohyt Belani from the Intrepidus Group. Stay
tuned for more info!!!!!

 September OWASP Meeting -Jeremiah Grossman  *Topic Overview:*

Get Rich or Die Trying - Making Money on The Web, The Black Hat Way

Forget Cross-Site Scripting. Forget SQL Injection. If you want to make some
serious cash on the Web silently and surreptitiously, you don't need them.
You also don't need noisy scanners, sophisticated proxies, 0-days, or ninja
level reverse engineering skills -- all you need is a Web browser, a clue on
what to look for, and a few black hat tricks. Generating affiliate
advertising revenue from the Website traffic of others, trade stock using
corporation information passively gleaned, inhibit the online purchase of
sought after items creating artificial scarcity, and so much more.
Activities not technically illegal, only violating terms of service.

You may have heard these referred to as business logic flaws, but that name
really doesn't do them justice. It sounds so academic and benign in that
context when the truth is anything but. These are not the same ol' Web
hacker attack techniques everyone is familiar with, but the one staring you
in the face and missed because gaming a system and making money this way
couldn't be that simple. Plus IDS can't detect them and Web application
firewalls can't black them. If fact, these types of attacks are so hard to
detect (if anyone is actually trying) we aren't even sure how widespread
their use actually is. Time to pull back the cover and expose what's
 *Speaker Bio:*

Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a
world-renowned expert in Web security, co-founder of the Web Application
Security Consortium, and named to InfoWorld's Top 25 CTOs for 2007. Mr.
Grossman is a frequent speaker at industry events including the BlackHat
Briefings, RSA, ISACA, CSI, HiTB, OWASP, Vanguard, ISSA, Defcon, and a
number of large universities. He has authored dozens of articles and white
papers; is credited with the discovery of many cutting-edge attack and
defensive techniques; and is a co-author of XSS Attacks. Mr. Grossman is
frequently quoted in major media publications such as InfoWorld, USA Today,
PCWorld, Dark Reading, SC Magazine, SecurityFocus, CNet, SC Magazine, CSO,
and InformationWeek. Prior to WhiteHat he was an information security
officer at Yahoo!

 *Date:* September 9th, 2008
*Time:* 6 p.m.
*Location:* Whitney Center, Room L3100 (3rd Floor), Minneapolis Campus
*Address: *1501 Hennepin Avenue, Minneapolis, MN 55403 (Hennepin and Spruce)
*Directions:* *http://www.metrostate.edu/bldgservices/maps/mpls_map.pdf*<http://www.metrostate.edu/bldgservices/maps/mpls_map.pdf>

*6:00pm* - Introduction and optional sign-in for CISSP credits *6:10pm* -
Welcome: OWASP chapter updates, Conference Announcement!
*6:30pm* - Break
*6:45 pm* (Jeremiah Grossman)
*8:15 pm* - Upcoming Events reminder and meeting wrap-up

*Thank you:* <http://www.strategicit.org/>
*Center for Strategic Information Technology and Security*
<http://www.strategicit.org/>for sponsor our location
We currently are looking for a meeting sponsor for refreshments for the
meeting and for the book give-away.
  Call Lorna at 651-338-0243 if you need directions or have questions.

Lorna Alamri

Director of Sales

Integral Business Solutions

Dir: 651-259-1001

Cell: 651-338-0243

Fax: 651-631-2544

 THINK GREEN "Please consider your environmental responsibility before
printing this e-mail"

Kuai Hinojosa
OWASP (MSP) Chapter Leader
OWASP (NYC/NJ) Board member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-twincities/attachments/20080825/3b2f8f63/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/bmp
Size: 1694 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-twincities/attachments/20080825/3b2f8f63/attachment.bmp 

More information about the Owasp-twincities mailing list