San Jose-Archive

Meeting - Tuesday, December 19, 2006
Venue: Fujitsu Advanced Networking Solutions 1240 E. Arques Ave. Sunnyvale, CA 94085

New Trends and Web Application Security Statistics Presented by: Jeremiah Grossman, Founder & CTO, WhiteHat Security

Abstract: First Look at New Web Application Security Statistics. The Top 10 Web Application Vulnerabilities and their Impact on the Enterprise Web applications are the newest attack target, hitting the biggest and best brands on the Internet. And yet, until now, there has been limited information available about the most prevalent and most severe vulnerabilities that are facilitating the rapidly rising number of attacks.

WhiteHat Security founder and CTO, Jeremiah Grossman, will present the findings from the first WhiteHat Security Web Application Security Risk Report. Based on WhiteHat’s aggregate data from hundreds of web application assessments, Mr.Grossman's presentation will provide a first-of-its-kind look at the top vulnerabilities that attackers are exploiting at businesses across the Web. •   Identify and discuss the top ten vulnerabilities •   Define the severity levels of web application vulnerabilities •   Present strategies for web application vulnerability management

Bio: Mr. Grossman is a world-renowned expert in Web security and a founding member of the Web Application Security Consortium. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA’s Networks Security Conference, NASA, the Air Force and Technology Conference, ISSA and Defcon. Mr. Grossman is also a featured expert and frequent contributor on TechTarget’s SearchAppSecurity.com.

Thursday, September 6, 2007
Pictures From the Event Garrett Gee was nice enough to take some pictures of the September 6th event. They can be found here: http://flickr.com/photos/ggee/sets/72157601905839040/

Open to the public, attendance is free

Agenda and Presentations: 5:00pm – 5:30pm          Check-in and Reception (food and beverages) 5:30pm – 6:45pm          Malicious Code Injection Workshop 6:45pm – 6:55pm          Break 6:55pm – 8:10pm          Panel Discussion – Privacy, Security and Breaches, Oh My! 8:10pm – 8:30pm          Networking Session

Venue: eBay - Town Square B 2161 North First Street San Jose, CA 95131

Map and Directions: Map

Malicious Code Injection Workshop

SQL Injection, Cross-site Scripting (XSS) and other injection attacks techniques have become pervasive on the web. This hands-on workshop takes an in-depth look at common methods used to exploit web applications. Attendees will learn step-by-step techniques used by attackers allowing them to better understand how web applications are exploited. Each attack method is followed up with a discussion about effective countermeasures to defend against such attacks.

This interactive workshop includes a victim web application that contains built-in vulnerabilities. Attendees can bring their own laptop computers and participate in hands-on lab sessions. The objective of this workshop is to learn secure development practices used to harden the security of applications. Attendee participation is encouraged and door prizes will be awarded at random.

Note: To participate in the exercise bring an 802.11b/g equipped laptop with IE or Firefox installed. No hostile code will be put on your laptop by the instructors, but do have a firewall running to protect yourself. No wired connection to the class network will be provided.

Workshop Instructors: Siva Ram, CISA - Senior Consultant, AppSec Consulting Tom Stracener - Cenzic Arian Evans - WhiteHat Security

Panel Discussion: “Privacy, Security and Breaches, Oh My!” 

This panel discussion will review the current state of information privacy and the security of web applications. Security breaches are occurring at an alarming rate and consumers are loosing faith. What, if anything can be done to restore confidence in e-commerce?

What can we learn from events at Card Systems are more recently Monster.com? What can be done to ensure your company is not the next victim of a class action and/or hackers and data thieves? Join an all-star panel of Information Privacy and Data Security professionals to better understand what’s at stake and how to stay out of the headlines.

Moderator:         Alex Stamos, iSEC Partners

Panelists:

Doran Rotman, KPMG (co-author, Generally Accepted Privacy Principles David Pollino, Washington Mutual Bank Robert Fly, Salesforce.com Larry Pingree, Safeway (co-founder, Digital Forensics Association) Kurt Opsahl, EFF

Please RSVP at http://owaspday.eventbrite.com or send an email to brian.bertacini at owasp.org. Feel free to invite like minded IT Security Professionals and help grow OWASP.