OWASP San Jose
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Thursday, December 13, 2007
OWASP Bay Area will host its next meeting at the Stanford University Alumni Association Center on Thursday, December 13. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.
Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages) 6:30pm - 7:15pm ... Ghosts in the Browser – Niels Provos, Google 7:15pm - 8:00pm ... Ph.D. Student Presentations – Adam Barth & Collin Jackson, Stanford University 8:00pm - 8:30pm ... Networking Session
Stanford Alumni Association Center Stanford University 326 Galvez Street Stanford, CA 94305 Map and Directions:
Ghosts in the Browser Presented by: Niels Provos, Ph.D., Google, Inc.
Abstract: As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.
Bio: Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc. His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security. Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science. He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection.
Ph.D. Student Presentations Presented by: Adam Barth & Collin Jackson, Stanford University
Preview of OWASP Bay Area, Mandeep Khera Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.
Please RSVP by responding to this email or visit http://owaspdec2007.eventbrite.com
Special thanks to Stanford University Alumni Association for hosting this event and to Cenzic and AppSec Consulting for sponsoring.