[Owasp-twincities] You're invited to the OWASP MSP September 2016 Chapter Meeting (Sep 21, 2016)

Alex Bauert alex.bauert at owasp.org
Tue Sep 6 01:49:57 UTC 2016


You are invited to the September Chapter meeting for OWASP MSP





You are invited to the following event:  REGISTRATION REQUIRED
<https://www.eventbrite.com/e/owasp-msp-september-2016-chapter-meeting-tickets-27533084196>
OWASP MSP September 2016 Chapter Meeting
<https://www.eventbrite.com/e/owasp-msp-september-2016-chapter-meeting-tickets-27533084196?ref=enivte001&invite=MTA2ODQ1MTIvYWxleC5iYXVlcnRAb3dhc3Aub3JnLzA%3D&utm_source=eb_email&utm_medium=email&utm_campaign=invitemodernv2&utm_term=eventpage>

Event to be held at the following time, date, and location:

Wednesday, September 21, 2016 from 6:00 PM to 8:00 PM (CDT)

*Ewald Conference Center*
1000 Westgate Drive
#252
Saint Paul, MN 55114

View Map
<http://maps.google.com/maps?q=1000+Westgate+Drive,+Saint+Paul,+MN+55114+United+States&hl=en>
Attend Event
<https://www.eventbrite.com/e/owasp-msp-september-2016-chapter-meeting-tickets-27533084196>
*Share:*
[image: Facebook]
<http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.eventbrite.com%2Fe%2F27533084196%3Fref%3Desfb%26utm_campaign%3D201308%26utm_source%3DFacebookenivte001>
[image:
Twitter]
<http://twitter.com/home?status=I%27m+attending+OWASP+MSP+September...+--+https%3A%2F%2Fwww.eventbrite.com%2Fe%2Fowasp-msp-september-2016-chapter-meeting-tickets-27533084196%3Fref%3Destwenivte001>
[image:
LinkedIn]
<http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.eventbrite.com%2Fe%2Fowasp-msp-september-2016-chapter-meeting-tickets-27533084196%3Fref%3Desli%26utm_campaign%3D201308%26utm_source%3DLinkedInenivte001&title=OWASP+MSP+September+2016+Chapter+Meeting&summary=%5BSep+21%2C+2016%5D+-+%5BEwald+Conference+Center+-+1000+Westgate+Drive+-+%23252+-+Saint+Paul%2C+MN+55114%5D+-+%5BOWASP+-+MSP+Chapter%5D&source=Eventbrite>

<https://www.eventbrite.com/e/owasp-msp-september-2016-chapter-meeting-tickets-27533084196?ref=enivte001&invite=MTA2ODQ1MTIvYWxleC5iYXVlcnRAb3dhc3Aub3JnLzA%3D&utm_source=eb_email&utm_medium=email&utm_campaign=invitemodernv2&utm_term=eventimage&ref=enivte001>

This month we are joined by Dan Cornell.

Title: The ABCs of Source-Assisted Web Application Penetration Testing With
OWASP ZAP: Attack Surface, Backdoors, and Configuration

 Abstract:

There are a number of reasons to use source code to assist in web
application penetration testing such as making better use of penetration
testers’ time, providing penetration testers with deeper insight into
system behavior, and highlighting specific sections of so development teams
can remediate vulnerabilities faster. Examples of these are provided using
the open source ThreadFix plugin for the OWASP ZAP proxy and dynamic
application security testing tool. These show opportunities attendees have
to enhance their own penetration tests given access to source code.

This presentation covers the “ABCs” of source code assisted web application
penetration testing: covering issues of attack surface enumeration,
backdoor identification, and configuration issue discovery. Having access
to the source lets an attacker enumerate all of the URLs and parameters an
application exposes – essentially its attack surface. Knowing these allows
pen testers greater application coverage during testing. In addition,
access to source code can help to identify potential backdoors that have
been intentionally added to the system. Comparing the results of blind
spidering to a full attack surface model can identify items of interest
such as hidden admin consoles or secret backdoor parameters. Finally, the
presentation examines how access to source code can help identify
configuration settings that may have an adverse impact on the security of
the deployed application.



Bio:

A globally recognized application security expert, Dan Cornell holds over
15 years of experience architecting, developing and securing web-based
software systems. As the Chief Technology Officer and a Principal at Denim
Group, Ltd., he leads the technology team to help Fortune 500 companies and
government organizations integrate security throughout the development
process. He is also the original creator of ThreadFix, Denim Group's
industry leading application vulnerability management platform.




Share this event on Facebook
<http://www.facebook.com/share.php?u=https%3A//www.eventbrite.com/e/owasp-msp-september-2016-chapter-meeting-tickets-27533084196%3Fref%3Desfb>
and Twitter
<http://twitter.com/home?status=https%3A//www.eventbrite.com/e/owasp-msp-september-2016-chapter-meeting-tickets-27533084196%3Fref%3Destw>

We hope you can make it!

Cheers,
OWASP - MSP Chapter
[image: eventbrite]

This invitation was sent to alex.bauert at owasp.org by OWASP - MSP Chapter
<https://www.eventbrite.com/org/501845499> the organizer. To stop receiving
invitations from this organizer, you can unsubscribe
<http://www.eventbrite.com/inviteunsubscribe?email=alex.bauert%40owasp.org&oid=498357&sig=AGNbPwHZQ16AUJWrJf0KhUKKByKrkpgh0w&invite_id=10684512>.


Eventbrite, Inc. | 155 5th St, 7th Floor | San Francisco, CA 94103
[image: Eventbrite]
<http://www.eventbrite.com/home/?ref=eemail&utm_source=eb_email&utm_medium=email&utm_campaign=invite&utm_term=footer_invite>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-twincities/attachments/20160905/cb1c6b53/attachment-0001.html>


More information about the Owasp-twincities mailing list