OWASP - User contributions [en]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T15:41:23Z

Heyvenki: /* Custom Code Solution */

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T15:39:46Z

Heyvenki: /* References */

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T15:39:27Z

Heyvenki: /* Discussion / Controversy */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations or non-validated literal strings concatenated into a dynamic SQL Statement and subsequently interpreted as code by the SQL Engine

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset
* '''Escape Sequences''' - In cases where it is not possible to use parametric queries (like legacy code), ensure that the SQL engine sensitive characters are escaped appropriately. [ [[To provide a seperate link for this]] ]

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Complexity: Medium 
Impact: High

=== Custom Code Solution ===
* When building custom solutions, make sure that SQL queries are not constructed dynamically with the table names and views. If that is unavoidable, validate the schema and the table/view names before constructing the SQL query.
* As a precuationay measure, ensure that the tables have appropriate access control through policies
* Whenever possible, when building custom solutions, use the underlying databases prepared queries library.

Complexity: High 
Impact: High

=== Discussion / Controversy ===

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T15:39:13Z

Heyvenki: /* Custom Framework Solution */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations or non-validated literal strings concatenated into a dynamic SQL Statement and subsequently interpreted as code by the SQL Engine

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset
* '''Escape Sequences''' - In cases where it is not possible to use parametric queries (like legacy code), ensure that the SQL engine sensitive characters are escaped appropriately. [ [[To provide a seperate link for this]] ]

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Complexity: Medium 
Impact: High

=== Custom Code Solution ===
* When building custom solutions, make sure that SQL queries are not constructed dynamically with the table names and views. If that is unavoidable, validate the schema and the table/view names before constructing the SQL query.
* As a precuationay measure, ensure that the tables have appropriate access control through policies
* Whenever possible, when building custom solutions, use the underlying databases prepared queries library.

Complexity: High 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T15:38:30Z

Heyvenki: /* Custom Code Solution */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations or non-validated literal strings concatenated into a dynamic SQL Statement and subsequently interpreted as code by the SQL Engine

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset
* '''Escape Sequences''' - In cases where it is not possible to use parametric queries (like legacy code), ensure that the SQL engine sensitive characters are escaped appropriately. [ [[To provide a seperate link for this]] ]

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
* When building custom solutions, make sure that SQL queries are not constructed dynamically with the table names and views. If that is unavoidable, validate the schema and the table/view names before constructing the SQL query.
* As a precuationay measure, ensure that the tables have appropriate access control through policies
* Whenever possible, when building custom solutions, use the underlying databases prepared queries library.

Complexity: High 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T07:04:33Z

Heyvenki: /* Generic Framework Solution */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations or non-validated literal strings concatenated into a dynamic SQL Statement and subsequently interpreted as code by the SQL Engine

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset
* '''Escape Sequences''' - In cases where it is not possible to use parametric queries (like legacy code), ensure that the SQL engine sensitive characters are escaped appropriately. [ [[To provide a seperate link for this]] ]

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:58:53Z

Heyvenki: /* Root Cause Summary */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations or non-validated literal strings concatenated into a dynamic SQL Statement and subsequently interpreted as code by the SQL Engine

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset
* '''Escape Sequences''' - In cases where it is not possible to use parametric queries (like legacy code), ensure that the SQL engine sensitive characters are escaped appropriately. [[To provide a seperate link for this]]

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:52:27Z

Heyvenki: /* Generic Framework Solution */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations and allow an external user to manipulate the SQL commands and retrieve results that would result in a compromise of the data.

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset
* '''Escape Sequences''' - In cases where it is not possible to use parametric queries (like legacy code), ensure that the SQL engine sensitive characters are escaped appropriately. [[To provide a seperate link for this]]

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:50:14Z

Heyvenki: /* Generic Framework Solution */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations and allow an external user to manipulate the SQL commands and retrieve results that would result in a compromise of the data.

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries to execute any SQL commands
* '''Input Validation''' - Validate all inputs that are passed to the SQL statement for accuracy of datatypes, boundary limits and accepted characterset

Provide configurable per-user/session request rate limits. For authenticated transactions, limits should be configurable on a per-user or per-session basis. Configuration should allow combining multiple limits of the form "# of requests per time period". For example, an administrator should be combine "10 requests per minute" with "500 requests per day" in order to simultaneously apply policies which prevent users from automatic crawling/screen scraping as well as longer-term slow leeching activities.

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:48:09Z

Heyvenki: /* Generic Framework Solution */

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations and allow an external user to manipulate the SQL commands and retrieve results that would result in a compromise of the data.

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
* '''Parametric Queries''' - Use parametric queries for executing any SQL commands.

Provide configurable per-user/session request rate limits. For authenticated transactions, limits should be configurable on a per-user or per-session basis. Configuration should allow combining multiple limits of the form "# of requests per time period". For example, an administrator should be combine "10 requests per minute" with "500 requests per day" in order to simultaneously apply policies which prevent users from automatic crawling/screen scraping as well as longer-term slow leeching activities.

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:45:42Z

Heyvenki:

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations and allow an external user to manipulate the SQL commands and retrieve results that would result in a compromise of the data.

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
*[[Parametric Queries]] - Use parametric queries for executing any SQL commands.

Provide configurable per-user/session request rate limits. For authenticated transactions, limits should be configurable on a per-user or per-session basis. Configuration should allow combining multiple limits of the form "# of requests per time period". For example, an administrator should be combine "10 requests per minute" with "500 requests per day" in order to simultaneously apply policies which prevent users from automatic crawling/screen scraping as well as longer-term slow leeching activities.

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:39:03Z

Heyvenki:

== SQL Injection ==

=== Root Cause Summary ===
Applications that have insufficient input validations and allow an external user to manipulate the SQL commands and retrieve results that would result in a compromise of the data.

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAFs) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
Provide configurable per-user/session request rate limits. For authenticated transactions, limits should be configurable on a per-user or per-session basis. Configuration should allow combining multiple limits of the form "# of requests per time period". For example, an administrator should be combine "10 requests per minute" with "500 requests per day" in order to simultaneously apply policies which prevent users from automatic crawling/screen scraping as well as longer-term slow leeching activities.

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:37:44Z

Heyvenki:

== SQL Injection ==

=== Root Cause Summary ===
Applications have insufficient input validations that allow an external user to manipulate the SQL commands and retrieve results that would result in a compromise of the data.

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Web Application Firewalls (WAF) can help in reducing SQL Injection attacks by filtering popular and well known attack inputs. WAFs are driven by a set of predefined rules that can help mitigate SQL Inection attacks to a certain extent.

Complexity: High 
Impact: High

=== Generic Framework Solution ===
Provide configurable per-user/session request rate limits. For authenticated transactions, limits should be configurable on a per-user or per-session basis. Configuration should allow combining multiple limits of the form "# of requests per time period". For example, an administrator should be combine "10 requests per minute" with "500 requests per day" in order to simultaneously apply policies which prevent users from automatic crawling/screen scraping as well as longer-term slow leeching activities.

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

OWASP Periodic Table of Vulnerabilities - SQL Injection

2013-05-06T06:14:57Z

Heyvenki: Created page with " == SQL Injection == === Root Cause Summary === <<Fill in the root cause summy>> === Browser / Standards Solution === None === Perimeter Solution === Perimeter technologie..."

== SQL Injection ==

=== Root Cause Summary ===
<<Fill in the root cause summy>>

=== Browser / Standards Solution ===

None

=== Perimeter Solution ===
Perimeter technologies including geocaching/proxy services must support automatic and/or manual "panic button" anti-automation, enforcing progressive CAPTCHA for unvalidated requests, triggering on excessive 5XX responses, or direct signal from application.

Complexity: High 
Impact: Medium

=== Generic Framework Solution ===
Provide configurable per-user/session request rate limits. For authenticated transactions, limits should be configurable on a per-user or per-session basis. Configuration should allow combining multiple limits of the form "# of requests per time period". For example, an administrator should be combine "10 requests per minute" with "500 requests per day" in order to simultaneously apply policies which prevent users from automatic crawling/screen scraping as well as longer-term slow leeching activities.

Complexity: Low 
Impact: High

=== Custom Framework Solution ===

Provide a common configuration functionality available to any feature/function. Configuration settings should allow multiple per-user rate limits as well as global rate limits to prevent denial of service.

Complexity: Low 
Impact: High

=== Custom Code Solution ===
Any feature sensitive to high transaction rates should expose configurable rate limits per user or globally per feature.

Complexity: Low 
Impact: High

=== Discussion / Controversy ===

Generic framework solution requires too much overhead to track request limits. Request rate limiting should be done in perimeter, not framework. Should combine with Denial of Service (Application-Based)? Custom Code solution is the same as Custom Framework Solution; Custom Code solution should be pushed into framework.

=== References ===
[http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation Insufficient Anti-automation (WASC TC)] 
[http://projects.webappsec.org/w/page/13246915/Brute%20Force Brute Force (WASC TC)] 
[[Testing for Brute Force (OWASP-AT-004)| Testing for Brute Force (OWASP Testing Guide)]]

Chennai

2012-08-14T04:03:49Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 31 July 2010 */

{{Chapter Template|chaptername=Chennai|extra=The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-chennai|emailarchives=http://lists.owasp.org/pipermail/owasp-chennai}}

==== Local News ====
<paypal>Chennai</paypal>

== Stay Tuned ==

Receive SMS Alerts - http://labs.google.co.in/smschannels/subscribe/OwaspChennai

== Security Articles ==
March 2008 - '''A Checklist for Identifying Vulnerabilities''' - Vulnerabilities are holes in the application design / development / deployment that enable attackers to take advantage of the flaws present in the application...
[[https://www.owasp.org/images/c/c5/Vulnerability_Checklist.doc More]

==== Chapter Meetings ====

== OWASP Chennai Chapter Meeting - 11 August 2012==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Big Data Security - Dr. T V Gopal [[https://www.owasp.org/images/e/ee/OWASP_BigDataGenSecurity.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => SQL Injection & Basic Clickjacking - Vinod [[https://www.owasp.org/images/d/d5/Owasp_sql_inj_basic_clickjacking.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 27 Jan 2012 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Digital Forensics by Ms. Kala Bhaskar
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Identity & Access Management systems by Geetha [[https://www.owasp.org/images/0/01/AIM_-OWASP-Re.pdf Download Presentation]]
12:06p – 12:10p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 07 May 2011==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Hacking - Tips & Tricks - Aananth [[https://www.owasp.org/images/c/c6/Hacking-Tips-and-Tricks.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Cyber Terrorism - Siva Kathiresan [[https://www.owasp.org/images/d/de/CyberTerrorism.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 08 January 2011==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Cloud Security - Ezhil Arasan Babaraj [[https://www.owasp.org/images/c/cc/Cloud_Security_%E2%80%93_An_Overview.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => PCI DSS - Kuppuswamy M [[https://www.owasp.org/images/9/90/PCI-DSS.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 31 July 2010 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:30a => Application Security (Jamuna, Chief Guest) [[https://www.owasp.org/images/f/f4/Application_Security.pdf Download Presentation]]
10:31a – 11:00a => Break + Networking
11:01a – 12:00n => Threat Modeling [[https://www.owasp.org/images/a/a6/AdvancedThreatModeling.pdf Download Presentation]]
12:01p – 01:00p => Web 2.0 Security Testing [[https://www.owasp.org/images/8/83/Web_2.0_Security_Testing.pdf Download Presentation]]
01:01p – 01:05p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 17 May 2009 ==

09:30a to 09:45a Introduction to OWASP & Welcome statement Presented by Chandrasekar Umapathy
09:45a to 10:20a Presentation by KrishnaKumar Madhavan on Security Challenges Faced in Globalization
10:45a to 11:00a Coffee/Tea break
11:00a to 11:45a Presentation by Abhay Bhargav on Application Security Risk - The Full Circle
12:00n to 12:45p Presentation by Murugan IPS on Mobile Crimes
12:45P to 12:50p Closing Session 

== OWASP Chennai Chapter Meeting - 21 March 2009 ==
The first meeting of the year 2009. The agenda will be:

09:30a to 10:00a Introductions & Welcome statement
10:00a to 10:45a Presentation by Lavakumar on vulnerability in Flex Applications [[https://www.owasp.org/images/e/e3/FlashSecurity.ppt Download Presentation]]
10:45a to 11:00a Coffee/Tea break
11:00a to 12:00n Presentation by Venki on top 25 programming errors [[https://www.owasp.org/images/1/11/Top25ProgrammingErrors.ppt Download Presentation]]
12:00n to 12:01p Closing Session

For any questions, call +91-9840148148

Venue:

5/535, Old Mahabalipuram Road,

Okkiam Thoraipakkam

Chennai - 600 096


You are all invited.

== You are Invited for the OWASP Chennai chapter Kick off Meeting - 2 February 2007 ==
This first meeting will serve as an introduction to OWASP and will have a discussion centered around our activities for the year 2007.

The agenda:

14.00 - 14.15: Welcome & Member Introduction
14.15 - 14.30: OWASP Introduction, Anand,Cognizant
14.30 - 15.30: Presentation on Phishing, Sreemathy Varadan, Cognizant [[https://www.owasp.org/images/a/a3/Phishing.ppt Download Presentation]]
15.30 - 16.00: Discussion - Meeting Schedule for 2007, Chennai Chapter Activities

Cognizant Technology solutions will be the sponsor for this meeting and the location would be
Third Floor,
Elnet Software City,
T.S.140, Block 2&9 C.P.T.Road,
Taramani,
Chennai - 600113

For any queries, pls call 044-42284056.

Pls confirm your participation by sending a mail to owasp@cognizant.com

Pls note that all OWASP chapter meetings are free and there will not be any vendor pitches or sales presentations at OWASP meetings]

==== Chennai OWASP Chapter Leaders ====
The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]
__NOTOC__
<headertabs/>
[[Category:India]]

File:Web 2.0 Security Testing.pdf

2012-08-14T04:01:42Z

Heyvenki: Web 2.0 Security Testing

Web 2.0 Security Testing

File:Application Security.pdf

2012-08-14T04:00:36Z

Heyvenki: Web Application Security

Web Application Security

File:AdvancedThreatModeling.pdf

2012-08-14T03:59:59Z

Heyvenki: Advanced Threat Modeling

Advanced Threat Modeling

Chennai

2012-08-14T03:54:06Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 07 May 2011 */

{{Chapter Template|chaptername=Chennai|extra=The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-chennai|emailarchives=http://lists.owasp.org/pipermail/owasp-chennai}}

==== Local News ====
<paypal>Chennai</paypal>

== Stay Tuned ==

Receive SMS Alerts - http://labs.google.co.in/smschannels/subscribe/OwaspChennai

== Security Articles ==
March 2008 - '''A Checklist for Identifying Vulnerabilities''' - Vulnerabilities are holes in the application design / development / deployment that enable attackers to take advantage of the flaws present in the application...
[[https://www.owasp.org/images/c/c5/Vulnerability_Checklist.doc More]

==== Chapter Meetings ====

== OWASP Chennai Chapter Meeting - 11 August 2012==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Big Data Security - Dr. T V Gopal [[https://www.owasp.org/images/e/ee/OWASP_BigDataGenSecurity.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => SQL Injection & Basic Clickjacking - Vinod [[https://www.owasp.org/images/d/d5/Owasp_sql_inj_basic_clickjacking.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 27 Jan 2012 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Digital Forensics by Ms. Kala Bhaskar
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Identity & Access Management systems by Geetha [[https://www.owasp.org/images/0/01/AIM_-OWASP-Re.pdf Download Presentation]]
12:06p – 12:10p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 07 May 2011==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Hacking - Tips & Tricks - Aananth [[https://www.owasp.org/images/c/c6/Hacking-Tips-and-Tricks.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Cyber Terrorism - Siva Kathiresan [[https://www.owasp.org/images/d/de/CyberTerrorism.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 08 January 2011==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Cloud Security - Ezhil Arasan Babaraj [[https://www.owasp.org/images/c/cc/Cloud_Security_%E2%80%93_An_Overview.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => PCI DSS - Kuppuswamy M [[https://www.owasp.org/images/9/90/PCI-DSS.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 31 July 2010 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:30a => Application Security (Jamuna, Chief Guest)
10:31a – 11:00a => Break + Networking
11:01a – 12:00n => Threat Modeling
12:01p – 01:00p => Web 2.0 Security Testing
01:01p – 01:05p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 17 May 2009 ==

09:30a to 09:45a Introduction to OWASP & Welcome statement Presented by Chandrasekar Umapathy
09:45a to 10:20a Presentation by KrishnaKumar Madhavan on Security Challenges Faced in Globalization
10:45a to 11:00a Coffee/Tea break
11:00a to 11:45a Presentation by Abhay Bhargav on Application Security Risk - The Full Circle
12:00n to 12:45p Presentation by Murugan IPS on Mobile Crimes
12:45P to 12:50p Closing Session 

== OWASP Chennai Chapter Meeting - 21 March 2009 ==
The first meeting of the year 2009. The agenda will be:

09:30a to 10:00a Introductions & Welcome statement
10:00a to 10:45a Presentation by Lavakumar on vulnerability in Flex Applications [[https://www.owasp.org/images/e/e3/FlashSecurity.ppt Download Presentation]]
10:45a to 11:00a Coffee/Tea break
11:00a to 12:00n Presentation by Venki on top 25 programming errors [[https://www.owasp.org/images/1/11/Top25ProgrammingErrors.ppt Download Presentation]]
12:00n to 12:01p Closing Session

For any questions, call +91-9840148148

Venue:

5/535, Old Mahabalipuram Road,

Okkiam Thoraipakkam

Chennai - 600 096


You are all invited.

== You are Invited for the OWASP Chennai chapter Kick off Meeting - 2 February 2007 ==
This first meeting will serve as an introduction to OWASP and will have a discussion centered around our activities for the year 2007.

The agenda:

14.00 - 14.15: Welcome & Member Introduction
14.15 - 14.30: OWASP Introduction, Anand,Cognizant
14.30 - 15.30: Presentation on Phishing, Sreemathy Varadan, Cognizant [[https://www.owasp.org/images/a/a3/Phishing.ppt Download Presentation]]
15.30 - 16.00: Discussion - Meeting Schedule for 2007, Chennai Chapter Activities

Cognizant Technology solutions will be the sponsor for this meeting and the location would be
Third Floor,
Elnet Software City,
T.S.140, Block 2&9 C.P.T.Road,
Taramani,
Chennai - 600113

For any queries, pls call 044-42284056.

Pls confirm your participation by sending a mail to owasp@cognizant.com

Pls note that all OWASP chapter meetings are free and there will not be any vendor pitches or sales presentations at OWASP meetings]

==== Chennai OWASP Chapter Leaders ====
The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]
__NOTOC__
<headertabs/>
[[Category:India]]

Chennai

2012-08-14T03:51:15Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 31 July 2010 */

{{Chapter Template|chaptername=Chennai|extra=The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-chennai|emailarchives=http://lists.owasp.org/pipermail/owasp-chennai}}

==== Local News ====
<paypal>Chennai</paypal>

== Stay Tuned ==

Receive SMS Alerts - http://labs.google.co.in/smschannels/subscribe/OwaspChennai

== Security Articles ==
March 2008 - '''A Checklist for Identifying Vulnerabilities''' - Vulnerabilities are holes in the application design / development / deployment that enable attackers to take advantage of the flaws present in the application...
[[https://www.owasp.org/images/c/c5/Vulnerability_Checklist.doc More]

==== Chapter Meetings ====

== OWASP Chennai Chapter Meeting - 11 August 2012==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Big Data Security - Dr. T V Gopal [[https://www.owasp.org/images/e/ee/OWASP_BigDataGenSecurity.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => SQL Injection & Basic Clickjacking - Vinod [[https://www.owasp.org/images/d/d5/Owasp_sql_inj_basic_clickjacking.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 27 Jan 2012 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Digital Forensics by Ms. Kala Bhaskar
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Identity & Access Management systems by Geetha [[https://www.owasp.org/images/0/01/AIM_-OWASP-Re.pdf Download Presentation]]
12:06p – 12:10p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 07 May 2011==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Hacking - Tips & Tricks - Aananth [[https://www.owasp.org/images/c/c6/Hacking-Tips-and-Tricks.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Cyber Terrorism - Siva Kathiresan [[https://www.owasp.org/images/d/de/CyberTerrorism.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 31 July 2010 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:30a => Application Security (Jamuna, Chief Guest)
10:31a – 11:00a => Break + Networking
11:01a – 12:00n => Threat Modeling
12:01p – 01:00p => Web 2.0 Security Testing
01:01p – 01:05p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 17 May 2009 ==

09:30a to 09:45a Introduction to OWASP & Welcome statement Presented by Chandrasekar Umapathy
09:45a to 10:20a Presentation by KrishnaKumar Madhavan on Security Challenges Faced in Globalization
10:45a to 11:00a Coffee/Tea break
11:00a to 11:45a Presentation by Abhay Bhargav on Application Security Risk - The Full Circle
12:00n to 12:45p Presentation by Murugan IPS on Mobile Crimes
12:45P to 12:50p Closing Session 

== OWASP Chennai Chapter Meeting - 21 March 2009 ==
The first meeting of the year 2009. The agenda will be:

09:30a to 10:00a Introductions & Welcome statement
10:00a to 10:45a Presentation by Lavakumar on vulnerability in Flex Applications [[https://www.owasp.org/images/e/e3/FlashSecurity.ppt Download Presentation]]
10:45a to 11:00a Coffee/Tea break
11:00a to 12:00n Presentation by Venki on top 25 programming errors [[https://www.owasp.org/images/1/11/Top25ProgrammingErrors.ppt Download Presentation]]
12:00n to 12:01p Closing Session

For any questions, call +91-9840148148

Venue:

5/535, Old Mahabalipuram Road,

Okkiam Thoraipakkam

Chennai - 600 096


You are all invited.

== You are Invited for the OWASP Chennai chapter Kick off Meeting - 2 February 2007 ==
This first meeting will serve as an introduction to OWASP and will have a discussion centered around our activities for the year 2007.

The agenda:

14.00 - 14.15: Welcome & Member Introduction
14.15 - 14.30: OWASP Introduction, Anand,Cognizant
14.30 - 15.30: Presentation on Phishing, Sreemathy Varadan, Cognizant [[https://www.owasp.org/images/a/a3/Phishing.ppt Download Presentation]]
15.30 - 16.00: Discussion - Meeting Schedule for 2007, Chennai Chapter Activities

Cognizant Technology solutions will be the sponsor for this meeting and the location would be
Third Floor,
Elnet Software City,
T.S.140, Block 2&9 C.P.T.Road,
Taramani,
Chennai - 600113

For any queries, pls call 044-42284056.

Pls confirm your participation by sending a mail to owasp@cognizant.com

Pls note that all OWASP chapter meetings are free and there will not be any vendor pitches or sales presentations at OWASP meetings]

==== Chennai OWASP Chapter Leaders ====
The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]
__NOTOC__
<headertabs/>
[[Category:India]]

File:PCI-DSS.pdf

2012-08-14T03:47:19Z

Heyvenki: PCI DSS

PCI DSS

File:Cloud Security – An Overview.pdf

2012-08-14T03:46:42Z

Heyvenki: Cloud Security

Cloud Security

File:CyberTerrorism.pdf

2012-08-14T03:43:42Z

Heyvenki: Cyber Terrorism

Cyber Terrorism

File:Hacking-Tips-and-Tricks.pdf

2012-08-14T03:42:47Z

Heyvenki: Hacking-Tips&Tricks

Hacking-Tips&Tricks

Chennai

2012-08-14T03:38:41Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 27 Jan 2012 */

{{Chapter Template|chaptername=Chennai|extra=The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-chennai|emailarchives=http://lists.owasp.org/pipermail/owasp-chennai}}

==== Local News ====
<paypal>Chennai</paypal>

== Stay Tuned ==

Receive SMS Alerts - http://labs.google.co.in/smschannels/subscribe/OwaspChennai

== Security Articles ==
March 2008 - '''A Checklist for Identifying Vulnerabilities''' - Vulnerabilities are holes in the application design / development / deployment that enable attackers to take advantage of the flaws present in the application...
[[https://www.owasp.org/images/c/c5/Vulnerability_Checklist.doc More]

==== Chapter Meetings ====

== OWASP Chennai Chapter Meeting - 11 August 2012==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Big Data Security - Dr. T V Gopal [[https://www.owasp.org/images/e/ee/OWASP_BigDataGenSecurity.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => SQL Injection & Basic Clickjacking - Vinod [[https://www.owasp.org/images/d/d5/Owasp_sql_inj_basic_clickjacking.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 27 Jan 2012 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Digital Forensics by Ms. Kala Bhaskar
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Identity & Access Management systems by Geetha [[https://www.owasp.org/images/0/01/AIM_-OWASP-Re.pdf Download Presentation]]
12:06p – 12:10p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 31 July 2010 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:30a => Application Security (Jamuna, Chief Guest)
10:31a – 11:00a => Break + Networking
11:01a – 12:00n => Threat Modeling
12:01p – 01:00p => Web 2.0 Security Testing
01:01p – 01:05p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 17 May 2009 ==

09:30a to 09:45a Introduction to OWASP & Welcome statement Presented by Chandrasekar Umapathy
09:45a to 10:20a Presentation by KrishnaKumar Madhavan on Security Challenges Faced in Globalization
10:45a to 11:00a Coffee/Tea break
11:00a to 11:45a Presentation by Abhay Bhargav on Application Security Risk - The Full Circle
12:00n to 12:45p Presentation by Murugan IPS on Mobile Crimes
12:45P to 12:50p Closing Session 

== OWASP Chennai Chapter Meeting - 21 March 2009 ==
The first meeting of the year 2009. The agenda will be:

09:30a to 10:00a Introductions & Welcome statement
10:00a to 10:45a Presentation by Lavakumar on vulnerability in Flex Applications [[https://www.owasp.org/images/e/e3/FlashSecurity.ppt Download Presentation]]
10:45a to 11:00a Coffee/Tea break
11:00a to 12:00n Presentation by Venki on top 25 programming errors [[https://www.owasp.org/images/1/11/Top25ProgrammingErrors.ppt Download Presentation]]
12:00n to 12:01p Closing Session

For any questions, call +91-9840148148

Venue:

5/535, Old Mahabalipuram Road,

Okkiam Thoraipakkam

Chennai - 600 096


You are all invited.

== You are Invited for the OWASP Chennai chapter Kick off Meeting - 2 February 2007 ==
This first meeting will serve as an introduction to OWASP and will have a discussion centered around our activities for the year 2007.

The agenda:

14.00 - 14.15: Welcome & Member Introduction
14.15 - 14.30: OWASP Introduction, Anand,Cognizant
14.30 - 15.30: Presentation on Phishing, Sreemathy Varadan, Cognizant [[https://www.owasp.org/images/a/a3/Phishing.ppt Download Presentation]]
15.30 - 16.00: Discussion - Meeting Schedule for 2007, Chennai Chapter Activities

Cognizant Technology solutions will be the sponsor for this meeting and the location would be
Third Floor,
Elnet Software City,
T.S.140, Block 2&9 C.P.T.Road,
Taramani,
Chennai - 600113

For any queries, pls call 044-42284056.

Pls confirm your participation by sending a mail to owasp@cognizant.com

Pls note that all OWASP chapter meetings are free and there will not be any vendor pitches or sales presentations at OWASP meetings]

==== Chennai OWASP Chapter Leaders ====
The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]
__NOTOC__
<headertabs/>
[[Category:India]]

Chennai

2012-08-14T03:37:42Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 31 July 2010 */

{{Chapter Template|chaptername=Chennai|extra=The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-chennai|emailarchives=http://lists.owasp.org/pipermail/owasp-chennai}}

==== Local News ====
<paypal>Chennai</paypal>

== Stay Tuned ==

Receive SMS Alerts - http://labs.google.co.in/smschannels/subscribe/OwaspChennai

== Security Articles ==
March 2008 - '''A Checklist for Identifying Vulnerabilities''' - Vulnerabilities are holes in the application design / development / deployment that enable attackers to take advantage of the flaws present in the application...
[[https://www.owasp.org/images/c/c5/Vulnerability_Checklist.doc More]

==== Chapter Meetings ====

== OWASP Chennai Chapter Meeting - 11 August 2012==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Big Data Security - Dr. T V Gopal [[https://www.owasp.org/images/e/ee/OWASP_BigDataGenSecurity.pdf Download Presentation]]
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => SQL Injection & Basic Clickjacking - Vinod [[https://www.owasp.org/images/d/d5/Owasp_sql_inj_basic_clickjacking.pdf Download Presentation]]
12:06p – 12:15p => Closing Remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 27 Jan 2012 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:35a => Digital Forensics by Ms. Kala Bhaskar
10:36a – 11:05a => Break + Networking
11:06a – 12:05n => Identity & Access Management systems by Geetha 
12:06p – 12:10p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096

== OWASP Chennai Chapter Meeting - 31 July 2010 ==

09:30a – 09:35a => Opening the meeting
09:36a – 10:30a => Application Security (Jamuna, Chief Guest)
10:31a – 11:00a => Break + Networking
11:01a – 12:00n => Threat Modeling
12:01p – 01:00p => Web 2.0 Security Testing
01:01p – 01:05p => Closing remarks

Venue:
----

Cognizant Technology Solutions,
Academy Auditorium,
5/535, Old Mahabalipuram Road,
Okkiam Thoraipakkam
Chennai - 600 096


== OWASP Chennai Chapter Meeting - 17 May 2009 ==

09:30a to 09:45a Introduction to OWASP & Welcome statement Presented by Chandrasekar Umapathy
09:45a to 10:20a Presentation by KrishnaKumar Madhavan on Security Challenges Faced in Globalization
10:45a to 11:00a Coffee/Tea break
11:00a to 11:45a Presentation by Abhay Bhargav on Application Security Risk - The Full Circle
12:00n to 12:45p Presentation by Murugan IPS on Mobile Crimes
12:45P to 12:50p Closing Session 

== OWASP Chennai Chapter Meeting - 21 March 2009 ==
The first meeting of the year 2009. The agenda will be:

09:30a to 10:00a Introductions & Welcome statement
10:00a to 10:45a Presentation by Lavakumar on vulnerability in Flex Applications [[https://www.owasp.org/images/e/e3/FlashSecurity.ppt Download Presentation]]
10:45a to 11:00a Coffee/Tea break
11:00a to 12:00n Presentation by Venki on top 25 programming errors [[https://www.owasp.org/images/1/11/Top25ProgrammingErrors.ppt Download Presentation]]
12:00n to 12:01p Closing Session

For any questions, call +91-9840148148

Venue:

5/535, Old Mahabalipuram Road,

Okkiam Thoraipakkam

Chennai - 600 096


You are all invited.

== You are Invited for the OWASP Chennai chapter Kick off Meeting - 2 February 2007 ==
This first meeting will serve as an introduction to OWASP and will have a discussion centered around our activities for the year 2007.

The agenda:

14.00 - 14.15: Welcome & Member Introduction
14.15 - 14.30: OWASP Introduction, Anand,Cognizant
14.30 - 15.30: Presentation on Phishing, Sreemathy Varadan, Cognizant [[https://www.owasp.org/images/a/a3/Phishing.ppt Download Presentation]]
15.30 - 16.00: Discussion - Meeting Schedule for 2007, Chennai Chapter Activities

Cognizant Technology solutions will be the sponsor for this meeting and the location would be
Third Floor,
Elnet Software City,
T.S.140, Block 2&9 C.P.T.Road,
Taramani,
Chennai - 600113

For any queries, pls call 044-42284056.

Pls confirm your participation by sending a mail to owasp@cognizant.com

Pls note that all OWASP chapter meetings are free and there will not be any vendor pitches or sales presentations at OWASP meetings]

==== Chennai OWASP Chapter Leaders ====
The chapter leaders are [mailto:venki@owasp.org Venkatesh Jagannathan] and [mailto:cumapathy@owasp.org Chandrasekar Umapathy]
__NOTOC__
<headertabs/>
[[Category:India]]

File:AIM -OWASP-Re.pdf

2012-08-14T03:34:26Z

Heyvenki: Access & Identity Management

Access & Identity Management

Chennai

2012-08-14T03:27:58Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 11 August 2012 */

2010-11-30T05:45:33Z

Heyvenki: Venki's Profile

Venkatesh Jagannathan, often known as Venki, has been in the field of software engineering for more than 15 years (and still counting). He has had various experiences in developing applications in C++, VC++, Java, .NET and Python. For the last 3+ years, Venki has been focussing on application security. His background of security in web application development has been around Threat Modeling, Secure Coding Practices. He has been instrumental in training various groups of people, across platforms, on, thinking secure design and writing secure code.

Venki is currently heading the R & D wing of the Digital Security Practice within Cognizant and is based out of Chennai. He is responsible for building frameworks, innovation and training on security within his organization.

Venki is one of the chapter leads of Chennai OWASP Chapter.

For Venki's detailed resume, please see the profile in LinkedIn [http://www.linkedin.com/in/heyvenki page].

* Venki can be reached on Email at [mailto:venki@owasp.org Venki].

Chennai

2010-07-30T12:37:35Z

Heyvenki: /*Chapter Meetings*/

Chennai

2010-07-30T12:29:44Z

Heyvenki: /* Chapter Meetings */

Chennai

2009-04-02T10:50:05Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 21 March 2009 */

File:Top25ProgrammingErrors.ppt

2009-04-02T10:47:01Z

Heyvenki: Chennai OWASP Meeting - Top 25 Programming Errors

Chennai OWASP Meeting - Top 25 Programming Errors

File:FlashSecurity.ppt

2009-04-02T10:45:05Z

Heyvenki: Chennai OWASP meeting - Presentation on Flash Security

Chennai OWASP meeting - Presentation on Flash Security

Chennai

2009-03-20T21:19:31Z

Heyvenki: /* OWASP Chennai Chapter Meeting - 21 March 2009 */

Chennai

2009-03-16T09:51:41Z

Heyvenki:

Chennai

2009-03-16T09:50:28Z

Heyvenki:

Chennai

2009-03-16T09:48:15Z

Heyvenki: