EVENT ANNOUNCEMENT: On April 30, 2009 OWASP Nashville and the local ISSA chapter will be holding an extended meeting and hands-on session on Application Security. Guest Speaker Dean H. Saxe from Foundstone will introduce the OWASP LiveCD and many of the OWASP supported tools on the CD, including WebScarab, WebGoat and CAL9000. Using a combination of lecture, live demos and hands-on labs, we'll examine the WebGoat application by exploiting flaws in authorization, data validation, AJAX and session handling. The demos and labs will utilize a combination of OWASP provided tools in addition to community provided tools available on the LiveCD. Attendees will learn how to mitigate some vulnerabilities through live coding demonstrations using the WebGoat development platform followed by a discussion of alterative code-based solutions using OWASP provided libraries such as ESAPI. Finally, the presentation will end with an open-ended discussion of OWASP, web application security and other topics as requested by the audience.