Denver January 2010 meeting

John Evans: "Securing WebApps: An Illustrative Session"
Please RSVP if you are coming to the meeting so we don't run out of pizza (again!)

That's right baby, it's 2010, and we are very pleased to welcome regular Denver chapter attendee John Evans of MXLogic McAfee who will deliver a presentation on common AppSec pitfalls and solutions. He will demonstrate various common appsec problems using code samples in PHP, but developers of any flavor should be able to grasp the concepts.

An outline of his presentation is as follows:

Basic HTTP Transaction Single diagram to get everyone on the same page.

XSS What it is and what can be done with it. Reflected Persistent DOM-Based PHP code examples of bad code. Exploit examples. PHP code examples of good code. PHP code examples (and pseudo-code) of better code. Code Injection What is is and what can be done with it. PHP code examples of bad code. Exploit examples. PHP code examples of good code. SQL Injection What it is what what can be done with it. PHP code examples of bad code. Exploit examples. PHP code examples of good code. Directory Traversal What it is and what can be done with it. PHP code examples of bad code. Exploit examples. Code example of how to close directory traversals. Email Injection What it is and what can be done with it. PHP code example of bad code. Exploit examples. PHP code example of good code.

Conclusion Filter Input Escape Output Q&A

Agenda

 * 6pm: Pizza & pop @ Raytheon Polar Services, courtesy of Fishnet
 * 6:30pm: Introduction and Chapter business
 * 6:45pm --> 8pm: Presentation

Back to OWASP Denver