Denver June 2007 meeting

From OWASP
Jump to: navigation, search

The June meeting of the Denver OWASP chapter was be on June 21st at 7:00PM. Accuvant hosted the meeting at their downtown office. Refreshments were be provided by Symplified.

The technical presentation was by David Byrne from EchoStar Satellite. He spoke on Anti-DNS pinning attacks, a technique that allows an attacker to leverage cross-site-scripting to turn a web browser into a proxy server. This is done using standard browser functionality; no client-side vulnerabilities are required. The end-result is that network firewalls can are completly bypassed to access internal servers. File:Anti-dns-pinning.ppt Slides

The non/less technical presentation was by David Stevens from Symplified. He discussed methods to calculate Return on Security Investment (ROSI). Considering how difficult it often is to get funding for security initiatives, this is a useful skill for any security professional or security manager.