Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Owasp-London Chapter meeting: "Web Application Firewalls (WAF): Where do

from [Dinis Cruz] Network Security [Permanent Link]
Subject: Owasp-London Chapter meeting: "Web Application Firewalls (WAF): Where do they add value and who should be using them"
Date: Thu, 20 Apr 2006 01:30:30 +0100 
On April 25th 2006, the Owasp-London chapter is hosting a meeting on the
topic *"Web Application Firewalls: Where do they add value and who
should be using them"*

This event will take place on the Priory House pub (see
http://www.priorybars.com/prioryhouse/findus.asp for more details and
maps), which is walking distance from the Olimpia exposition center. The
25th will be the first day of London's InfoSec Conference, so I expect
that most of you will go to the conference during the day and end up in
the Priory House pub for drinks, food and WAF talks.

The theme of the night will be WAFs (Web Application Firewalls) and the
idea is to bypass the WAF vendor's marketing materials and see where
WAFs can be used to increase the security of web applications. To
achieve this objective there will be 4 presentations from 4 different
WAF vendors: F5, NetContinuum, Imperva and Fortify Software.

Each vendor will be given 15-20 minutes to explain how their product is
able to protect a website that is vulnerable to a pre-defined set of
vulnerabilities (if you want their marketing material you can visit them
at Info Sec :). Basically the WAF vendor's brief is "... here is a
website which has X number of vulnerabilities AND (very important) it is
under attack. The client needs to patch these issues ASAP (no time to
wait for the developers to fix, test and deploy a new version of the
application (i.e. change the source code)). Basically the vulnerable
application must be protected without touching its source code..."

The Asp.Net website that these WAF need to defend is one created by
Owasp SiteGenerator (current version 0.70) and will contain
vulnerabilities such as: SQL Injection, XSS, Authorization issues,
Remote Command Execution, File disclosure,ViewState Information
Disclosure and Poor Crypto.

Agenda:

17:30 - InfoSec closes
18:00 - First drinks at Priory House and socialize
19:00 - (20m) Presentation:  "Owasp SiteGenerator" and
            "Web Application Firewalls (WAF): Where do they add value
and who should be using them" - Dinis Cruz
19:20 - (20m) F5 slot
19:40 - (20m) Imperva slot
20:00 - Break for drinks
20:20 - (20m) NetContinuum slot
20:40 - (20m) Fortify Software slot
21:00 - (20m) Panel with all vendors (with Q&A from audience) moderated
by Dinis Cruz
21:30 - Find food

For the ones that cannot attend, I will record this event and release it
as a podcast (now that I have mastered the way to do it :).

If you are planning to attend, RSPV to dinis.cruz@owasp.net so that we
have an idea of the numbers.

Finally I just want to thank F5 who is sponsoring this event (with the
Priory House venue, a Projector and maybe some drinks :)

Best regards

Dinis Cruz
Owasp .Net Project
www.owasp.net





 


 



-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Owasp-London Chapter meeting: "Web Application Firewalls (WAF): Where do they add value and who should be using them", Dinis Cruz <=
Previous by Date:  Re: Is disabling browser caching secure?, Reid Nichol
Next by Date:  Re: Canonicalization, Rossen Raykov
Previous by Thread:  risk management in software development lifecycle, test . future
Next by Thread:  OT: Inserting Ads without breaking the SSL, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]