[SASAG] Next Meeting: August 14th, 2008
kacoroski at gmail.com
Wed Jul 23 08:13:35 PDT 2008
There will be dinner sponsored by Silicon Mechanics. Check them out
There will also be several CACert assurers present.
The meeting will be at the Electrical Engineering building on the
University of Washington Campus, aka EE1. Directions are linked to the
EE Department's web site below. Parking is $5 after 4pm.
Date: August 14th, 2008
Place: EE1 Building (Electrical Engineering)
University of Washington Campus
Subject: Web Application Security
Presenters: Damon Cortesi
Web Application Security is still a hot topic in the security industry,
especially with the recent Payment Card Industry (PCI) requirement
coming into full effect requiring code review of web applications or a
web application firewall. Despite all this attention, developers are not
always familiar with the basic attacks against web applications and the
abundance of tools available to assist malicious individuals in
automating attacks. This talk will demonstrate some basic attacks
against web applications including SQL Injection, Cross-Site Scripting,
and Privilege Escalation. In addition, common tools that automate these
attacks with merely the click of a button will be demonstrated. Finally,
options for securing web services without diving into code will be
discussed to assist administrators in making a more secure network.
Damon Cortesi has worked in network and application security for nearly
a decade, beginning his work as a Systems and Security Administrator,
where he was responsible for the security of several NT systems exposed
to the internet without a firewall. Most recently he was on a long-term
engagement overseas helping a large retail company secure their web
applications and is now back in Seattle full-time doing freelance
security consulting and developing tools to ease security management.
More information about the Members