Difference between revisions of "SanDiego"

From OWASP
Jump to: navigation, search
(One intermediate revision by one user not shown)
Line 7: Line 7:
 
<u>'''Local News'''</u>  
 
<u>'''Local News'''</u>  
  
'''OWASP San Diego – Things That Go Wrong With Web Application Encryption''' <br>
+
'''OWASP San Diego – A Big Dose of SQL Injection''' <br>
The Open Web Application Security Project (OWASP) Chapter in San Diego is convening to discuss the latest developments in the OWASP organization, and new ideas in leading-edge secure web developmentWhile the CRIME, BEAST, and padding oracle attacks have received a lot of recent attention, there are plenty of things that can go wrong with web application cryptography before even getting to those exploits. Gabriel Lawrence will guide us into a look at how documentation fails developers and how their use of cryptography within their applications is commonly broken. Whether you’re a seasoned security professional or an executive with high focus on mitigating IT risk, this event will take you beyond the OWASP Top 10 by providing valuable insight into common mistakes that can put your organization at riskEnjoy refreshments from our friends at HP as you network with some of the best security researchers, auditors, and developers in the San Diego area. Intuit is graciously hosting this event at their San Diego office and we look forward to seeing you there!<br>
+
The Open Web Application Security Project (OWASP) Chapter in San Diego is convening to take a deep-dive on SQL Injection.  Attacking and defending will be covered to allow individuals to test their own applications as well as secure themMarcus has been working in the field close to eight years, has competed in many Capture The Flag (CTF) contests, and has discovered and disclosed numerous zero-day vulnerabilitiesCome network with some of the best security auditors, researchers, and developers in the San Diego area. Intuit is graciously hosting this event at their San Diego office and we look forward to seeing you there! Below is an overview of the agenda.
 +
 
 +
<ul>
 +
<li>General SQL Injection Overview</li>
 +
<li>Triggering SQL Injection</li>
 +
<li>Error Based SQL Injection (MSSQL, MySQL, Oracle, Postgres)</li>
 +
<li>Union Based SQL Injection</li>
 +
<li>Blind SQL Injection</li>
 +
<li>Out Of Band SQL Injection</li>
 +
<li>OS SQL Injection (Getting Shells Out of the OS),  (MSSQL, Oracle, MySQL)</li>
 +
<li>SQL Injection Tools</li>
 +
<li>Custom automation of SQL Injection</li>
 +
<li>Difficulties injecting into INSERT, UPDATE and DELETE statements</li>
 +
<li>Second Order SQL Injection</li>
 +
<li>Defeating IDS, IPS and WAFs</li>
 +
<li>SQL Injection on unfamiliar databases (SQLite)</li>
 +
<li>SQL Injection Defense <br>
 +
</li>
 +
</ul>
 +
 
  
 
'''Date'''<br>
 
'''Date'''<br>
Wednesday May 9th, 2013<br>
+
September 11th 2013<br>
  
 
'''Time'''<br>
 
'''Time'''<br>
Line 23: Line 42:
 
'''Please RSVP''' <br>
 
'''Please RSVP''' <br>
 
[mailto:rsvp@owasp-sd.org rsvp@owasp-sd.org] <br>
 
[mailto:rsvp@owasp-sd.org rsvp@owasp-sd.org] <br>
858-754-9701 <br>
+
619-519-2405 <br>
  
'''Speaker Bio'''<br>
 
Gabriel Lawrence has been a system administrator, application developer, entrepreneur, information security professional. He currently manages the Application Security group in Information Security and Risk Management at Qualcomm where he spends his days breaking web applications for fun and profit.<br>
 
 
<u></u>
 
  
----
 
<br>
 
  
<u></u>
 
  
 
<u></u>  
 
<u></u>  
  
<u>OWASP San Diego Board</u><br> [mailto:jeromie@owasp-sd.org Jeromie Jackson] - President<br>[mailto:jeff@owasp-sd.org Jeff Sutton] - Vice President<br>[mailto:tom@owasp-sd.org Tom Spencer] - Program Director<br>[mailto:andy@owasp-sd.org Andy Stovall] - Technical Director<br> [mailto:stephan@owasp-sd.org Stephan Chenette] - Research Director
+
<u>OWASP San Diego Board</u><br> [mailto:jeromie@owasp-sd.org Jeromie Jackson] - President<br>[mailto:jeff@owasp-sd.org Jeff Sutton] - Vice President<br>[mailto:tom@owasp-sd.org Tom Spencer] - Technical Director<br> [mailto:stephan@owasp-sd.org Stephan Chenette] - Research Director
  
 
&nbsp;  
 
&nbsp;  
  
 
[[Category:California]]
 
[[Category:California]]

Revision as of 11:42, 29 August 2013

OWASP San Diego

Welcome to the San Diego chapter homepage. The chapter leader is Jeromie Jackson
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG 


Local News

OWASP San Diego – A Big Dose of SQL Injection
The Open Web Application Security Project (OWASP) Chapter in San Diego is convening to take a deep-dive on SQL Injection. Attacking and defending will be covered to allow individuals to test their own applications as well as secure them. Marcus has been working in the field close to eight years, has competed in many Capture The Flag (CTF) contests, and has discovered and disclosed numerous zero-day vulnerabilities. Come network with some of the best security auditors, researchers, and developers in the San Diego area. Intuit is graciously hosting this event at their San Diego office and we look forward to seeing you there! Below is an overview of the agenda.

  • General SQL Injection Overview
  • Triggering SQL Injection
  • Error Based SQL Injection (MSSQL, MySQL, Oracle, Postgres)
  • Union Based SQL Injection
  • Blind SQL Injection
  • Out Of Band SQL Injection
  • OS SQL Injection (Getting Shells Out of the OS), (MSSQL, Oracle, MySQL)
  • SQL Injection Tools
  • Custom automation of SQL Injection
  • Difficulties injecting into INSERT, UPDATE and DELETE statements
  • Second Order SQL Injection
  • Defeating IDS, IPS and WAFs
  • SQL Injection on unfamiliar databases (SQLite)
  • SQL Injection Defense


Date
September 11th 2013

Time
6:00pm - 8:00pm

Location
Intuit (Building 3, Cook Room)
7535 Torrey Santa Fe Rd.
San Diego, CA 92129

Please RSVP
rsvp@owasp-sd.org
619-519-2405



OWASP San Diego Board
Jeromie Jackson - President
Jeff Sutton - Vice President
Tom Spencer - Technical Director
Stephan Chenette - Research Director