[SASAG] Next Meeting: August 14th, 2008

Ski Kacoroski kacoroski at gmail.com
Wed Jul 23 08:13:35 PDT 2008 

There will be dinner sponsored by Silicon Mechanics.  Check them out
at http://www.siliconmechanics.com/

There will also be several CACert assurers present.

The meeting will be at the Electrical Engineering building on the
University of Washington Campus, aka EE1. Directions are linked to the
EE Department's web site below. Parking is $5 after 4pm.

-------------------------------------------------------------------

Date: 	August 14th, 2008
Time: 	7pm
Place: 	EE1 Building (Electrical Engineering)
Room 403
University of Washington Campus
Directions: 	http://www.ee.washington.edu/contact.html
Subject: 	Web Application Security
Presenters: 	Damon Cortesi

Web Application Security is still a hot topic in the security industry, 
especially with the recent Payment Card Industry (PCI) requirement 
coming into full effect requiring code review of web applications or a 
web application firewall. Despite all this attention, developers are not 
always familiar with the basic attacks against web applications and the 
abundance of tools available to assist malicious individuals in 
automating attacks. This talk will demonstrate some basic attacks 
against web applications including SQL Injection, Cross-Site Scripting, 
and Privilege Escalation. In addition, common tools that automate these 
attacks with merely the click of a button will be demonstrated. Finally, 
options for securing web services without diving into code will be 
discussed to assist administrators in making a more secure network.

—–

Damon Cortesi has worked in network and application security for nearly 
a decade, beginning his work as a Systems and Security Administrator, 
where he was responsible for the security of several NT systems exposed 
to the internet without a firewall. Most recently he was on a long-term 
engagement overseas helping a large retail company secure their web 
applications and is now back in Seattle full-time doing freelance 
security consulting and developing tools to ease security management.

More information about the Members mailing list