This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

San Antonio

From OWASP
Revision as of 12:30, 13 September 2007 by Dancornell (talk | contribs) (Local News)

Jump to: navigation, search

OWASP San Antonio

Welcome to the San Antonio chapter homepage. The chapter leader is Dan Cornell


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

San Antonio OWASP Chapter: October 2007 Meeting

Topic: Business Logic Flaws

Presenter: Jeremiah Grossman

Date: October 11th, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)

3463 Magic Drive

San Antonio, TX 78229

http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229


Abstract:

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Hard hitting trifecta. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

As the number of common vulnerabilities such as SQL Injection and Cross-Site Scripting are reduced, the bad guys will increase their attacks on business logic flaws.

This presentation will provide real-world demonstrations of how pernicious and dangerous business logic flaws are to the security of a website. We’ll also show how best to spot them and provide organizations with a simple and rational game plan to prevent them.

Presenter Bio:

Jeremiah Grossman is the founder and CTO of WhiteHat Security and a world-renowned expert in Web security. He is also a co-founder of the Web Application Security Consortium and was named one of InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA, CSI, ISACA, ISSA and Defcon. He is a co-author of Cross Site Scripting Attacks; has authored dozens of articles and white papers; and is credited with the discovery of many cutting-edge attack and defensive techniques. Mr. Grossman is a trusted media resource and has been quoted in USA Today, CSO Magazine, InfoWorld, PC World, Information Week, Dark Reading, SC Magazine, and CNET. Prior to WhiteHat, he was an information security officer at Yahoo!


Sodas and snacks will be provided. Feel free to bring a brown-bag lunch. Please RSVP: E-mail [email protected] or call (210) 572-4400.


Previous News

The slide deck from OWASP San Antonio September 2007 meeting available online here: File:Fortify-bjenkins-AppSecStrategy-20070906.pdf.

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here: File:OWASPSanAntonio 2006 09 AgileAndSecure.pdf.

The slide deck from OWASP San Antonio August 2006 meeting available online here: File:OWASPSanAntonio 2006 08 SingleSignOn.ppt.

The slide deck from OWASP San Antonio June 2006 meeting available online here: File:OWASPSanAntonio 2006 06 Crypto Content.pdf.

The slide deck from OWASP San Antonio May 2006 meeting available online here: File:OWASPSanAntonio 2006 05 ForcefulBrowsing Content.pdf.

The slide deck from OWASP San Antonio September 2004 meeting available online here: File:OWASPSanAntonio 20040922.pdf.

Retrieved from "https://wiki.owasp.org/index.php?title=San_Antonio&oldid=21718"