Difference between revisions of "Kansas City December 2006 Meeting"

From OWASP
Jump to: navigation, search
 
m
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
The OWASP Kansas City chapter meeting in December 2006 was held from 6:30 to 8:30 pm on 12/6/2006.  The location of the meeting was:
+
The OWASP [[Kansas City|Kansas City chapter]] meeting in December 2006 was held from 6:30 to 8:30 pm on 12/6/2006.  The location of the meeting was:
  
 
American Century Investments
 
American Century Investments
Line 8: Line 8:
 
After welcome and introductions, Dave Ferguson from FishNet Security presented a variety of ways that attackers can subvert web applications.  These were real-life examples he has encountered in his consulting work. Vulnerabilities discussed were cross-site scripting, cross-site request forgery, and parameter tampering.
 
After welcome and introductions, Dave Ferguson from FishNet Security presented a variety of ways that attackers can subvert web applications.  These were real-life examples he has encountered in his consulting work. Vulnerabilities discussed were cross-site scripting, cross-site request forgery, and parameter tampering.
  
Following a break, Rohini Sulatycki from VML discussed her experience with AJAX and explained that the technology is not inherently secure or insecure, but is simply one approach that can be taken when developing a web application.  The specific implementation of the approach is what determines the level of security.
+
Following a break, Rohini Sulatycki from VML discussed her experience with AJAX and explained that the technology is not inherently secure or insecure, but is simply one approach that can be taken when developing a web application.  The specific implementation of the approach is what determines the level of security of the application.
  
 
Finally, Barry Archer from American Century Investments led a discussion about web application firewalls (WAF's).  Barry covered deployment architecture, protocol support, detection/protection techniques, performance, and evaluation criteria.
 
Finally, Barry Archer from American Century Investments led a discussion about web application firewalls (WAF's).  Barry covered deployment architecture, protocol support, detection/protection techniques, performance, and evaluation criteria.
 +
 +
=== Documents ===
 +
[[Media:KC_Dec2006_Attacking_The_App.pdf|Attacking the Application]] (pdf)<br/>
 +
[[Media:KC_Dec2006_Ajax_Security_Concerns.pdf|AJAX Security Concerns]] (pdf)<br/>
 +
[[Media:KC_Dec2006_Web_App_Firewalls_Intro.doc|Introduction to Web Application Firewalls]] (doc)

Latest revision as of 10:40, 27 December 2006

The OWASP Kansas City chapter meeting in December 2006 was held from 6:30 to 8:30 pm on 12/6/2006. The location of the meeting was:

American Century Investments 4520 Main Street, Tower II (South Tower), Room 2A

Meeting Summary

After welcome and introductions, Dave Ferguson from FishNet Security presented a variety of ways that attackers can subvert web applications. These were real-life examples he has encountered in his consulting work. Vulnerabilities discussed were cross-site scripting, cross-site request forgery, and parameter tampering.

Following a break, Rohini Sulatycki from VML discussed her experience with AJAX and explained that the technology is not inherently secure or insecure, but is simply one approach that can be taken when developing a web application. The specific implementation of the approach is what determines the level of security of the application.

Finally, Barry Archer from American Century Investments led a discussion about web application firewalls (WAF's). Barry covered deployment architecture, protocol support, detection/protection techniques, performance, and evaluation criteria.

Documents

Attacking the Application (pdf)
AJAX Security Concerns (pdf)
Introduction to Web Application Firewalls (doc)