Denver January 2010 meeting

From OWASP
Revision as of 13:14, 11 December 2009 by Dc (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Wednesday 20 January 2010, 6pm @ Raytheon Polar Services

John Evans: "Securing WebApps: An Illustrative Session"

That's right baby, it's 2010, and we are very pleased to welcome regular Denver chapter attendee John Evans of MXLogic who will deliver a presentation on common AppSec pitfalls and solutions. He will demonstrate various common appsec problems using code samples in PHP, but developers of any flavor should be able to grasp the concepts.

An outline of his presentation is as follows:

Basic HTTP Transaction Single diagram to get everyone on the same page.

XSS

What it is and what can be done with it.
Reflected
Persistent
DOM-Based
PHP code examples of bad code.
Exploit examples.
PHP code examples of good code.
PHP code examples (and pseudo-code) of better code.

Code Injection

What is is and what can be done with it.
PHP code examples of bad code.
Exploit examples.
PHP code examples of good code.

SQL Injection

What it is what what can be done with it.
PHP code examples of bad code.
Exploit examples.
PHP code examples of good code.

Directory Traversal

What it is and what can be done with it.
PHP code examples of bad code.
Exploit examples.
Code example of how to close directory traversals.

Email Injection

What it is and what can be done with it.
PHP code example of bad code.
Exploit examples.
PHP code example of good code.

Conclusion

Filter Input
Escape Output
Q&A


Agenda


Back to OWASP Denver