This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Denver January 2010 meeting
From OWASP
Wednesday 20 January 2010, 6pm @ Raytheon Polar Services
John Evans: "Securing WebApps: An Illustrative Session"
That's right baby, it's 2010, and we are very pleased to welcome regular Denver chapter attendee John Evans of MXLogic who will deliver a presentation on common AppSec pitfalls and solutions. He will demonstrate various common appsec problems using code samples in PHP, but developers of any flavor should be able to grasp the concepts.
An outline of his presentation is as follows:
Basic HTTP Transaction Single diagram to get everyone on the same page.
XSS
What it is and what can be done with it. Reflected Persistent DOM-Based PHP code examples of bad code. Exploit examples. PHP code examples of good code. PHP code examples (and pseudo-code) of better code.
Code Injection
What is is and what can be done with it. PHP code examples of bad code. Exploit examples. PHP code examples of good code.
SQL Injection
What it is what what can be done with it. PHP code examples of bad code. Exploit examples. PHP code examples of good code.
Directory Traversal
What it is and what can be done with it. PHP code examples of bad code. Exploit examples. Code example of how to close directory traversals.
Email Injection
What it is and what can be done with it. PHP code example of bad code. Exploit examples. PHP code example of good code.
Conclusion
Filter Input Escape Output Q&A
Agenda
- 6pm: Pizza & pop @ Raytheon Polar Services, courtesy of Fishnet
- 6:30pm: Introduction and Chapter business
- 6:45pm --> 8pm: Presentation
