San Antonio

Local News
San Antonio OWASP Chapter: October 2007 Meeting

Topic: Business Logic Flaws

Presenter: Jeremiah Grossman

Date: October 11th, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)

3463 Magic Drive

San Antonio, TX 78229

http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Hard hitting trifecta. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

As the number of common vulnerabilities such as SQL Injection and Cross-Site Scripting are reduced, the bad guys will increase their attacks on business logic flaws.

This presentation will provide real-world demonstrations of how pernicious and dangerous business logic flaws are to the security of a website. We’ll also show how best to spot them and provide organizations with a simple and rational game plan to prevent them.

Presenter Bio:

Jeremiah Grossman is the founder and CTO of WhiteHat Security and a world-renowned expert in Web security. He is also a co-founder of the Web Application Security Consortium and was named one of InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA, CSI, ISACA, ISSA and Defcon. He is a co-author of Cross Site Scripting Attacks; has authored dozens of articles and white papers; and is credited with the discovery of many cutting-edge attack and defensive techniques. Mr. Grossman is a trusted media resource and has been quoted in USA Today, CSO Magazine, InfoWorld, PC World, Information Week, Dark Reading, SC Magazine, and CNET. Prior to WhiteHat, he was an information security officer at Yahoo!

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch. Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

Previous News

The slide deck from OWASP San Antonio September 2007 meeting available online here: .

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here: .

The slide deck from OWASP San Antonio August 2006 meeting available online here: .

The slide deck from OWASP San Antonio June 2006 meeting available online here:.

The slide deck from OWASP San Antonio May 2006 meeting available online here:.

The slide deck from OWASP San Antonio September 2004 meeting available online here: .