This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Houston"
From OWASP
Line 37: | Line 37: | ||
<ul> | <ul> | ||
− | <li>'''<font color="blue">September 12, 2007: Enhancing Application Security with Bytecode Instrumentation</font> <br> Patrick White. Program Manager [http://www.fortifysoftware.com/ Fortify Software]<br><br>'''<b>Overview: </b>Bytecode instrumentation allows a user to inject additional code into an application’s binary. This technique has traditionally been used to measure the runtime performance and test coverage of Web applications. However, bytecode instrumentation has other promising uses, including software security. As the overall security space evolves from the outside-in approach we saw with Web Application Firewalls in the 1990s, bytecode instrumentation provides the perfect opportunity to embed security into the application itself. This talk will provide an overview of bytecode instrumentation, demonstrate how the technology works, and show some concrete ways it can be used to inject security features into an application after it has been developed.<br><br><b>Presenter Bio: </b>Patrick White is a Program Manager at Fortify Software. He holds a BS in Computer Engineering and Computer Science from the University of Southern California and has earned numerous Microsoft certifications including MCSE, MCSD, and MCPD. He previously worked for several Bay Area startups and was at Microsoft before joining the Fortify Software team. <br><br><br><br></li> | + | <li>'''<font color="red">[mailto:[email protected]?subject=OWASP%20HOUSTON%20::%20REGISTRATION REGISTER NOW!]</font><font color="blue">September 12, 2007: Enhancing Application Security with Bytecode Instrumentation</font> <br> Patrick White. Program Manager [http://www.fortifysoftware.com/ Fortify Software]<br><br>'''<b>Overview: </b>Bytecode instrumentation allows a user to inject additional code into an application’s binary. This technique has traditionally been used to measure the runtime performance and test coverage of Web applications. However, bytecode instrumentation has other promising uses, including software security. As the overall security space evolves from the outside-in approach we saw with Web Application Firewalls in the 1990s, bytecode instrumentation provides the perfect opportunity to embed security into the application itself. This talk will provide an overview of bytecode instrumentation, demonstrate how the technology works, and show some concrete ways it can be used to inject security features into an application after it has been developed.<br><br><b>Presenter Bio: </b>Patrick White is a Program Manager at Fortify Software. He holds a BS in Computer Engineering and Computer Science from the University of Southern California and has earned numerous Microsoft certifications including MCSE, MCSD, and MCPD. He previously worked for several Bay Area startups and was at Microsoft before joining the Fortify Software team. <br><br><br><br></li> |
<li>'''<font color="blue">October 10, 2007: Top 10 Website Attack Techniques</font>'''<br>Jeremiah Grossman, Founder/CTO of [http://www.whitehatsec.com/home/index.html WhiteHat Security]<br><br><b>Overview:</b> During this presentation, Jeremiah Grossman will draw upon his extensive website security experience to discuss the most creative, useful and interesting Web attack techniques discovered in 2007, focusing on the top ten. This year has been significant for website hacking, with issues ranging from Cross-Site Scripting (XSS) and Cross-Site Request Forgery, to confusion about the impact of AJAX and Javascript vulnerabilities on Web 2.0 sites. Mr. Grossman will address these issues, including debunking the myth of AJAX insecurity. <br><br><b>Presenter Bio:</b> Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a world-renowned expert in Web security, co-founder of the Web Application Security Consortium, and recently named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events including the BlackHat Briefings, ISACA, CSI, OWASP, Vanguard, ISSA, OWASP, Defcon, etc. He has authored of dozens of articles and white papers, credited with the discovery of many cutting-edge attack and defensive techniques, and co-author of XSS Attacks. Mr. Grossman is frequently quoted in major media publications such as InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, C-Net, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat he was an information security officer at Yahoo!<br><br></li> | <li>'''<font color="blue">October 10, 2007: Top 10 Website Attack Techniques</font>'''<br>Jeremiah Grossman, Founder/CTO of [http://www.whitehatsec.com/home/index.html WhiteHat Security]<br><br><b>Overview:</b> During this presentation, Jeremiah Grossman will draw upon his extensive website security experience to discuss the most creative, useful and interesting Web attack techniques discovered in 2007, focusing on the top ten. This year has been significant for website hacking, with issues ranging from Cross-Site Scripting (XSS) and Cross-Site Request Forgery, to confusion about the impact of AJAX and Javascript vulnerabilities on Web 2.0 sites. Mr. Grossman will address these issues, including debunking the myth of AJAX insecurity. <br><br><b>Presenter Bio:</b> Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a world-renowned expert in Web security, co-founder of the Web Application Security Consortium, and recently named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events including the BlackHat Briefings, ISACA, CSI, OWASP, Vanguard, ISSA, OWASP, Defcon, etc. He has authored of dozens of articles and white papers, credited with the discovery of many cutting-edge attack and defensive techniques, and co-author of XSS Attacks. Mr. Grossman is frequently quoted in major media publications such as InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, C-Net, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat he was an information security officer at Yahoo!<br><br></li> | ||
Revision as of 00:33, 23 August 2007
|
Welcome to Houston Chapter |
---|
The Houston Chapter will focus around Web Application Security issues with discussions on application layer vulnerabilties, penetration testing, and secure coding practices within the numerous development languages. Our chapter will meet on the second (2nd) Wednesday of each month and participation in OWASP Houston is free and open to all. Please subscribe to the mailing list for meeting announcements. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the Houston Chapter, send an email to David Nester. Meeting Calendar |
|
Next Chapter Meeting :: September 12, 2007: Fortify Software |
Geek Food will be provided
|
Past Presentations |
|