Chapter Meeting
| Overview: |
March ISSA Chapter Meeting |
| | This month, we bring Foundstone (a division of McAfee) to Sacramento. | | Presentation: | Web Application Hacking | | | See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.
Even if you've seen XSS and SQL Injection before, advanced techniques will be presented that can slip through many protections. Although countermeasures are briefly covered, this is first and foremost a shock and awe presentation that will motivate you to secure your applications. A CD with all the Hacme applications used during the presentation will be available so you can practice your new “skillz.” | | Speaker: | Roman Hustad | | | Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits. | | Organization: | Foundstone | | | Foundstone was formed over seven years ago by the industry leading security experts who first built the network security consulting practices at two Big 6 accounting firms. As an independent firm Foundstone built its reputation as enterprise network security experts through publication of numerous books and articles that enhanced the knowledge base of the network security community. Foundstone's practice includes strategic functions such as overall network security policy development, secure software lifecycle development, patch management program development and other process related program development projects. From the tactical perspective Foundstone will perform in-depth technical testing of networks, applications, and various security related infrastructure components such as firewalls, VPNs, and wireless networks. |
| Comments: |
|
| Status: |
Completed |
To RSVP for this event: Click Here
On behalf of the Board of Directors, Thank You for your continued involvement and participation.
|
