Atlanta Member Meeting 06.03.09

OWASP LIVE CD Workshop

WHEN: Wednesday - June 3rd 2009, 6:30pm - 8:30pm

WHERE: SecureWorks, Einstein; Aristotle Conference Rooms, One Concourse Parkway, 5th Floor Atlanta, GA 30328

WHO: ALL are welcomed;

FORMAT: Workshop presented by Dean Saxe

WHAT: Hands on workshop on how to best leverage the OWASP Live CD. Key areas to be covered includes the WebGoat, WebScarab, and CAL9000. Please download and burn a copy of the OWASP LiveCD ISO from http://mtesauro.com/livecd/index.php?title=Main_Page#Downloads prior to the meeting if you intend to run this directly on your hardware. Alternatively, you may download VMWare Player (or any other version of VMWare) and run the ISO within VMWare under Windows, MacOS, etc. In this case please have VMWare installed and the ISO on your hard disk prior to the presentation.

COST: No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. In this workshop, we ask that you go to the OWASP Projects page and download the OWASP Live CD as a virtual machine or as an ISO to burn as a CD.

ABSTRACT: In this presentation, Dean will introduce the OWASP LiveCD and many of the OWASP supported tools on the CD, including WebScarab, WebGoat and CAL9000. Using a combination of lecture, live demos and hands-on labs, we'll examine the WebGoat application by exploiting flaws in authorization, data validation, AJAX and session handling. The demos and labs will utilize a combination of OWASP provided tools in addition to community provided tools available on the LiveCD. Attendees will learn how to mitigate some vulnerabilities through live coding demonstrations using the WebGoat development platform followed by a discussion of alterative code-based solutions using OWASP provided libraries such as ESAPI. Finally, the presentation will end with an open-ended discussion of OWASP, web application security and other topics as requested by the audience.