Dc at 18:49, 22 May 2010

2010-05-22T18:49:49Z

Dc: Created page with '==The Presentation: "Anatomy of a Logic Flaw"== Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevent…'

2010-05-12T21:01:57Z

Created page with '==The Presentation: "Anatomy of a Logic Flaw"== Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevent…'

New page

==The Presentation: "Anatomy of a Logic Flaw"==

Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevention. On the other hand, logic flaws are incredibly diverse and often unique to the specific application or business organization. Because of this, logic flaws have taken on a near mythical status. In the myth, logic flaws are nearly impossible to find until the elite of the elite hackers launch an attack to completely own the application.

The reality is far different; logic flaws are not the complex nightmare that many have made them out to be. This presentation will use real-world examples to show how logic flaws are typically introduced into an application, how they can be consistently detected during testing, and how they can be prevented during development. Instead of hoping for magic, repeatable processes will be outlined for each of those items. This will prove beneficial to anyone responsible for application security: programmers, architects, managers, and pen testers.

==The Speaker: David Byrne and Charles Henderson, Trustwave==

[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]

← Older revision		Revision as of 18:49, 22 May 2010
Line 6:		Line 6:


−	==The ~~Speaker~~: David Byrne and Charles Henderson, Trustwave==	+	==The Speakers: David Byrne and Charles Henderson, Trustwave==
		+	David Byrne is a Senior Security Consultant within the Application Security
		+	practice at Trustwave's SpiderLabs. SpiderLabs is the advanced security team
		+	responsible for Penetration Testing, Application Security, and Incident
		+	Response for Trustwave's clients.
		+
		+	David has been involved with information security for a decade. Before
		+	Trustwave, he was the Security Architect at Dish Network. In 2008, he
		+	released Grendel (grendel-scan.com), an open source web application security
		+	scanner. David frequently presents at security events including DEFCON,
		+	Black Hat, Toorcon, SANS, and OWASP AppSec.
		+
		+	Charles Henderson is the Director of Application Security Services at
		+	Trustwave's SpiderLabs. He has been in the information security industry for
		+	over fifteen years. His team specializes in application security including
		+	application penetration testing, code review, and training in secure
		+	development techniques. The team's clients range from the largest of the
		+	Fortune lists to small and midsized companies interested in improving their
		+	application security posture.
		+
		+	Charles routinely speaks on various subject matters relating to application
		+	security at conferences such as Black Hat, SOURCE, Merchant Risk Council,
		+	IAFCI, and OWASP AppSec.



	[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]		[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda Back to Conference Agenda]

FROC2010 Abstract Byrne - Revision history

Dc at 18:49, 22 May 2010

Dc: Created page with '==The Presentation: "Anatomy of a Logic Flaw"== Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevent…'