FW: [OWASP-LongIsland] Invitation to OWASP Long Island May Meeting - Saturday, May 14, 2011 12:30pm - 3:30pm

1 view
Skip to first unread message

Ray McClure

unread,
May 10, 2011, 9:23:06 AM5/10/11
to WebDev, Kees Leune, Krishnan Pillaipakkamnatt, Xiang Fu, matt...@gmail.com, li-in...@googlegroups.com, Robert W. Juckiewicz, Antonio Leo

Hi All,

The Open Web Application Security Project (OWASP) is having their meeting here at Hofstra in the University Club this weekend, if anyone is interested.

There are 2 presenters, it is free and there will be coffee and snacks provided.

Google Gruyere is a vulnerable web app that is used to practice hacking/security. It is similar to OWASP’s own WebGoat.

More info is below.

 

~R

 

From: owasp-longis...@lists.owasp.org [mailto:owasp-longis...@lists.owasp.org] On Behalf Of Helen Gao
Sent: Monday, May 09, 2011 8:56 PM
To: owasp-lo...@lists.owasp.org
Subject: [OWASP-LongIsland] Invitation to OWASP Long Island May Meeting - Saturday, May 14, 2011 12:30pm - 3:30pm

 

You are invited to the OWASP Long Island chapter meeting.  Please register by Friday if you have not done so already.  Below are details of the meeting.

When: Saturday, May 14, 2011 12:30pm - 3:30pm
Where University Club Facility at Mack Hall, Hosftra University, Hempstead, NY 11549-1000.  Campus mapGoogle map.

How Much: Free.  Lunch and beverage will be provided.  This event is supported 100% by OWASP Long Island volunteers. 

RSVP required: Register.gif

Who Are We:  We are volunteers of OWASP, a worldwide charitable organization focused on improving the security of application software.  Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Meeting Agenda:  

  • Robert Gezelter - Minimum Necessary Implementation: Reducing Attack Surface increase Security

Ensuring the security and integrity of web-based applications is a constant challenge. Web-based applications are inherently customer-facing, and an attractive avenue of attack. However, vulnerability is often unnecessarily increased by poor technology choices. Different technologies have different degrees of vulnerability. ActiveX creates a higher exposure than Java or JavaScript, which in turn has more potential for abuse than simple CSS.  Some approaches (e.g., unguarded SQL queries) are particularly vulnerable to attack (e.g., SQL injection); other approaches unnecessarily create exposures by requiring unrestricted trust (e.g., ActiveX).

Judicious division of responsibilities between clients and servers is another aspect of the same problem, as clients are inherently less-trustable than servers.

We will examine how using the minimum necessary technology reduces attack surface, decreases vulnerabilities, and decreases costs.

About the speaker - Mr. Gezelter has more than 30 years of international consulting experience on architectures, protocols, and implementation techniques in both the private and public sectors.  He has spoken widely at conferences throughout the United States and internationally.  He has also  published numerous technical papers and book chapters, including two chapters in the Computer Security Handbook, 5th Edition and two chapters in the Handbook of Information Security. He also publishes Ruminations - An IT Blog on a variety of topics relating to Information Technology and systems architect

  • Blake Cornell - Google Gruyere: Practical training for penetration testers

Gruyere is Google's version of OWASP WebGoat.  It provides a testing environment for people to test their penetration testing skills.  Its designed to contain almost every flaw there is.  We will go through Gruyere and have a group discussion and find some vulnerabilities.

About the speaker - Blake Cornell has been an IT innovator and developer with over a decade of experience within software and security. He has consulted Fortune 500 companies and various law enforcement agencies with hopes of enacting solutions to ease every day issues. He currently has vested interests within network and application security with as well VoIP technology. He is a proud member and supporter of InfraGard, a partnership between the Federal Bureau of Investigation and the private sector, and OWASP, the premier application security consortium.

He has spoken at or is scheduled to speak at Briarcliffe College (Bethpage, NY), Astricon 2007 (Pheonix, AZ), The Last Hope (New York, NY), ICCS 2009/2010 (New York, NY), HIMSS Virtual Conference, regional OWASP events, FRHack, Fordham University, LIPHP, Rutgers University and Astricon 2010.

He has been mentioned or quoted from organizations such as CNet News, Communications News, Security Focus, Fierce VoIP, NIST NVD, Security Vulns, Cabling Installation & Maintenance Magazine, milw0rm, Packet Storm, BNet, Security Reason, Exotic Liability Podcast

 

Helen Gao
OWASP Long Island board member

To view past meetings, go to https://www.owasp.org/index.php/Long_Island or click here.

To subscribe to the the chapter mailing list, go to https://lists.owasp.org/mailman/listinfo/owasp-longisland or click here.  Your email address will be used for OWASP related notifications only.  We will not share it with any third party.  You can cancel your subscription anytime you want.

ATT00001..txt
Reply all
Reply to author
Forward
0 new messages