Kansas City November 2007 Meeting

The Kansas_City OWASP chapter met on November 7, 2007 at Centriq Training in Leawood, KS.

Meeting Summary
Chapter Business

Current chapter priorities include the following:
 * Volunteer to give an OWASP presentation
 * Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures
 * Volunteer your organization to host an OWASP meeting
 * Invite other professionals or students to attend our next OWASP meeting

Speaker 1: Tom Stripling, CISSP on The Dangers of Third-Party Content

It is now commonplace for web applications to include content from other sites, partners, and advertisers. If this content isn’t handled correctly, applications are left vulnerable to attack. By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.

Session Learning Objectives
 * Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion
 * Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content
 * Analyze the effectiveness of various application security countermeasures to combat the threat
 * Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications

Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.

Documents

 * Tom's presentation slides