Denver

Next Meeting
The next meeting of the Denver OWASP chapter will be on June 21st at 7:00PM. The location will be announced shortly. Refreshments will be provided by Symplified.

http://maps.google.com/maps/ms?ie=UTF8&hl=en&om=1&msa=0&ll=39.745804,-104.989911&spn=0.003473,0.007296&z=17&msid=110637952161429929739.000001131c9ad0e7b2c31

The technical presentation will be by David Byrne from EchoStar Satellite. He will speak on Anti-DNS pinning attacks, a technique that allows an attacker to leverage cross-site-scripting to turn a web browser into a proxy server. This is done using standard browser functionality; no client-side vulnerabilities are required. The end-result is that internal servers are not well protected by standard network firewalls. The presentation will focus on a live demonstration of an attack.

The non/less technical presentation will be by David Stevens from Symplified. He will discuss methods to calculate Return on Security Investment (ROSI). Considering how difficult it often is to get funding for security initiatives, this is a useful skill for any security professional or security manager.

Future Meetings
Below is a list of potential topics for future meetings. If you are interested in presenting, or at least contributing to the content of a presentation on any topic, please send [mailto:davidribyrne@yahoo.com David Byrne] an e-mail. Feel free to submit ideas for other topics as well.


 * Common security mistakes and best practices for
 * .Net
 * J2EE
 * Performing security-oriented code reviews
 * HTTP message spliting attacks
 * Sarbanes Oxley (SOX) compliance, relating to web apps

Past Meetings
April 2007

February 2007

January 2007

November 2006