This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP AU Conference 2009 Presentations

From OWASP
Revision as of 02:20, 11 January 2009 by Jderry (talk | contribs) (Presentations)

Jump to: navigation, search
Owasp au2009 conf logo.jpg

Presentations

The following presentation abstracts are provided to understand the details of the presentations. This year OWASP will be video recording the event again and all videos will be kept online and available through the OWASP wiki.



Christian Heinrich - TCP Input Text & Download Indexed Cache

To be provided.



Andrew Vanderstock - The future (and past) of web application security: how to detect and protect against value attacks.

2008 was a bumper year for value attacks. Criminals are finally getting over the sophomoric desire to 0wn large numbers of hosts, turning their attention to getting a lot of money instead. This is bad if you have stuff the criminals want.

Unfortunately, web application scanners (source and dynamic) cannot easily (if at all) detect or scan for this entire class of attack - you need to do the hard work.

In this presentation, you'll learn how to:

  • Figure out where the value in your application is
  • Identify weaknesses in your processes by identifying all the paths to your assets
  • Protect your application against value and process attacks by careful and minor changes to your design
  • Identify if folks are trying to do "interesting" things using ESAPI's intrusion detector classes

With some luck, there might even be a demo!


Andrew van der Stock is a leading web application researcher active in the builder web application community. Andrew has recently returned from a two year stint working in the USA.

Andrew is the project lead and lead author for the following OWASP projects:

  • OWASP Developer Guide 3.0
  • OWASP Top 10 2009
  • ESAPI for PHP port

He is looking for contributors to all of the above projects. He helped start the Melbourne and Sydney OWASP chapters. Previously, Andrew was Executive Director of OWASP from 2005 to 2007.

He is the moderator of [email protected], and has contributed the web application section of the SANS Top 20 since 2005. He helped set the SANS GSSP Secure Programmer (Java) certification, and thus is deemed to hold this certification as he literally knows all the answers (he peeked).

In previous lives, he has assisted with the following open source projects:

   * UltimaBB, forum software - fork of XMB
   * XMB, forum software
   * SAGE-AU President of SAGE AU in 2000-2001, General Committee member 1999-2000, and a long time member.
   * pnm2ppa HP print drivers for Unix and work-alike systems
   * XFree86 Device drivers for Matrox Millennium I/II/Mystique (mid 90's vintage stuff)

In his now copious spare time, Andrew continues to run AussieVeeDubbers, one of Australia's largest car forums, and one of the world's largest VW car forums.