OWASP San Jose
Next Meeting - Wednesday, July 25, 2007
Open to the public, attendance is free
Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and reception (food & bev)
6:30pm - 8:00pm ... Attacking XML Security - Brad Hill
8:00pm - 8:15pm ... Upcoming Security Workshops - Brian Bertacini
8:15pm - 8:35pm ... Networking Session
807 11th Avenue
Sunnyvale, Ca 94089
Map and Directions
Attacking XML Security
Presented by: Brad Hill, iSEC Partners
Brad will present his ongoing research into attacking the XML Digital Signature and Encryption standards that underpin the security of Web Services, mobile code, SAML, federated identity systems and more. The talk will begin with a high-level, critical take on the emerging conventional wisdom about message-oriented security and continue with a detailed discussion of design and implementation weaknesses in the standards. Technical material will include a root cause analysis of the recent iSEC advisory on cross-platform, remote code execution vulnerabilities discovered in multiple XML Digital Signature products.
Bio: Based out of Seattle, Brad Hill is a Senior Security Consultant at iSEC Partners, a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. Brad brings a ten year background as a software developer and architect in the technology and financial services sectors to his work at iSEC, where he does design review, application assessment and development lifecycle improvement for some of the world’s leading software companies.
Upcoming Security Workshops
Presented by: Brian Bertacini, Volunteer Chapter Organizer
Abstract: Introduce local volunteer expert trainers that are planning web application and infrastructure security workshops.