This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Denver September 2010 meeting"
m |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | == Wednesday | + | == Wednesday 22 September 2010, 6pm @ [http://maps.google.com/maps?f=q&source=s_q&hl=en&q=hosting.com&sll=39.699262,-104.986725&sspn=0.159814,0.258522&ie=UTF8&radius=8.24&split=1&rq=1&ev=zi&hq=hosting.com&hnear=&ll=39.699262,-104.986725&spn=0.159814,0.258522&z=12&iwloc=A Hosting.com] [http://denverowasp.eventbrite.com/ RSVP Now!] == |
=== Eric Duprey: "Application Vulnerability Shooting Gallery" === | === Eric Duprey: "Application Vulnerability Shooting Gallery" === | ||
''How vulnerabilities make it into your business applications, how to find them, and how to kill them - Laptop recommended'' | ''How vulnerabilities make it into your business applications, how to find them, and how to kill them - Laptop recommended'' | ||
+ | |||
Despite years of publicity, the common classes of web application vulnerabilities remain essentially unchanged. Lists of the most common and important vulnerabilities in application software (the OWASP Top 10, for example) are nearly identical from 2003 to today, and the prevalence of these vulnerabilities remains alarmingly high. One thing that is still clearly lacking is awareness of common and serious vulnerabilities, how they are detected, how they are exploited, and how they can be systematically eliminated. | Despite years of publicity, the common classes of web application vulnerabilities remain essentially unchanged. Lists of the most common and important vulnerabilities in application software (the OWASP Top 10, for example) are nearly identical from 2003 to today, and the prevalence of these vulnerabilities remains alarmingly high. One thing that is still clearly lacking is awareness of common and serious vulnerabilities, how they are detected, how they are exploited, and how they can be systematically eliminated. | ||
+ | |||
This is a hands-on presentation which will demonstrate common vulnerabilities in various real-world-like applications. It will cover discovering vulnerabilities at runtime, identifying them in source code, and uniform ways to fix these vulnerabilities using open and freely available tools. | This is a hands-on presentation which will demonstrate common vulnerabilities in various real-world-like applications. It will cover discovering vulnerabilities at runtime, identifying them in source code, and uniform ways to fix these vulnerabilities using open and freely available tools. | ||
+ | |||
(It is recommended to bring a laptop to this event if possible -- while it is possible to gain benefit from the presentation without it, having a laptop present will enable you to jump into hands-on tactical examples in real-time) | (It is recommended to bring a laptop to this event if possible -- while it is possible to gain benefit from the presentation without it, having a laptop present will enable you to jump into hands-on tactical examples in real-time) | ||
+ | |||
Presenter: '''Eric Duprey''' | Presenter: '''Eric Duprey''' | ||
− | Eric Duprey is the co-chapter-leader of the Denver OWASP Chapter. For several years, Eric has been performing application security assessments, penetration testing and source code review for major enterprise companies and working with application developers to remediate vulnerable code. | + | Eric Duprey is the co-chapter-leader of the Denver OWASP Chapter and a Senior Security Consultant with FishNet Security. For several years, Eric has been performing application security assessments, penetration testing and source code review for major enterprise companies and working with application developers to remediate vulnerable code. Eric has presented talks at major security conferences including DEFCON and SANS penetration testing summit. |
=== Agenda === | === Agenda === | ||
− | * 6pm: Pizza & pop, | + | * 6pm: Pizza & pop, sponsored by FishNet Security |
* 6:30pm: Introduction and Chapter business | * 6:30pm: Introduction and Chapter business | ||
* 6:45pm --> 8pm: Presentation | * 6:45pm --> 8pm: Presentation | ||
− | + | * 8pm and later: Beer and ping pong hosted by Hosting.com | |
[https://www.owasp.org/index.php/Denver Back to OWASP Denver] | [https://www.owasp.org/index.php/Denver Back to OWASP Denver] |
Latest revision as of 17:44, 21 September 2010
Wednesday 22 September 2010, 6pm @ Hosting.com RSVP Now!
Eric Duprey: "Application Vulnerability Shooting Gallery"
How vulnerabilities make it into your business applications, how to find them, and how to kill them - Laptop recommended
Despite years of publicity, the common classes of web application vulnerabilities remain essentially unchanged. Lists of the most common and important vulnerabilities in application software (the OWASP Top 10, for example) are nearly identical from 2003 to today, and the prevalence of these vulnerabilities remains alarmingly high. One thing that is still clearly lacking is awareness of common and serious vulnerabilities, how they are detected, how they are exploited, and how they can be systematically eliminated.
This is a hands-on presentation which will demonstrate common vulnerabilities in various real-world-like applications. It will cover discovering vulnerabilities at runtime, identifying them in source code, and uniform ways to fix these vulnerabilities using open and freely available tools.
(It is recommended to bring a laptop to this event if possible -- while it is possible to gain benefit from the presentation without it, having a laptop present will enable you to jump into hands-on tactical examples in real-time)
Presenter: Eric Duprey
Eric Duprey is the co-chapter-leader of the Denver OWASP Chapter and a Senior Security Consultant with FishNet Security. For several years, Eric has been performing application security assessments, penetration testing and source code review for major enterprise companies and working with application developers to remediate vulnerable code. Eric has presented talks at major security conferences including DEFCON and SANS penetration testing summit.
Agenda
- 6pm: Pizza & pop, sponsored by FishNet Security
- 6:30pm: Introduction and Chapter business
- 6:45pm --> 8pm: Presentation
- 8pm and later: Beer and ping pong hosted by Hosting.com