OWASP Boston Chapter May Meeting!
6 views
Skip to first unread message
OWASP Boston Chapter
May 6, 2021, 8:47:20 PM5/6/21
to OWASP Boston Chapter
Hi Everyone,
OWASP Boston's May 2021 Meetup welcomes an exciting speaker to the lineup. This month along with our normal OWASP & AppSec News updates, Jim Manico will join us to talk about Request Forgery on the Web - SSRF, CSRF and Clickjacking!
This technical talk on various forms of request forgery is meant for the software developer who needs to build secure software. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to submit. This attack-type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking actions and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
We look forward to seeing all of you! Register here: https://www.meetup.com/owaspboston/events/277774099/
This technical talk on various forms of request forgery is meant for the software developer who needs to build secure software. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to submit. This attack-type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking actions and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.
We look forward to seeing all of you! Register here: https://www.meetup.com/owaspboston/events/277774099/
Reply all
Reply to author
Forward
0 new messages