Difference between revisions of "Denver June 2007 meeting"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
The June meeting of the Denver OWASP chapter was be on June 21st at 7:00PM. [http://www.accuvant.com Accuvant] hosted the meeting at their downtown office. Refreshments were be provided by [http://www.symplified.com Symplified].
 
The June meeting of the Denver OWASP chapter was be on June 21st at 7:00PM. [http://www.accuvant.com Accuvant] hosted the meeting at their downtown office. Refreshments were be provided by [http://www.symplified.com Symplified].
  
The technical presentation was by David Byrne from EchoStar Satellite. He spoke on Anti-DNS pinning attacks, a technique that allows an attacker to leverage cross-site-scripting to turn a web browser into a proxy server. This is done using standard browser functionality; no client-side vulnerabilities are required. The end-result is that network firewalls can are completly bypassed to access internal servers. [[Image:anti-dns-pinning.ppt Slides]]
+
The technical presentation was by David Byrne from EchoStar Satellite. He spoke on Anti-DNS pinning attacks, a technique that allows an attacker to leverage cross-site-scripting to turn a web browser into a proxy server. This is done using standard browser functionality; no client-side vulnerabilities are required. The end-result is that network firewalls can are completly bypassed to access internal servers. [[Image:anti-dns-pinning.ppt]]
  
 
The non/less technical presentation was by David Stevens from Symplified. He discussed methods to calculate Return on Security Investment (ROSI). Considering how difficult it often is to get funding for security initiatives, this is a useful skill for any security professional or security manager.
 
The non/less technical presentation was by David Stevens from Symplified. He discussed methods to calculate Return on Security Investment (ROSI). Considering how difficult it often is to get funding for security initiatives, this is a useful skill for any security professional or security manager.

Latest revision as of 14:20, 2 July 2007

The June meeting of the Denver OWASP chapter was be on June 21st at 7:00PM. Accuvant hosted the meeting at their downtown office. Refreshments were be provided by Symplified.

The technical presentation was by David Byrne from EchoStar Satellite. He spoke on Anti-DNS pinning attacks, a technique that allows an attacker to leverage cross-site-scripting to turn a web browser into a proxy server. This is done using standard browser functionality; no client-side vulnerabilities are required. The end-result is that network firewalls can are completly bypassed to access internal servers. File:Anti-dns-pinning.ppt

The non/less technical presentation was by David Stevens from Symplified. He discussed methods to calculate Return on Security Investment (ROSI). Considering how difficult it often is to get funding for security initiatives, this is a useful skill for any security professional or security manager.