We’ve been involved with the Columbus, Ohio Chapter of OWASP and have met some great folks. If you’re involved with information security and haven’t visited yet, you’ll want to be at this meeting! Below are the details with a link to register. We look forward to seeing you there!
When? August 18, 2011, from 1PM to 4PM
Where? The Conference Center of BMW Financial
The Columbus OWASP chapter will be presenting its Third Quarter Meeting, specifically on the subject of Web Application Security Analysis. We are pleased to present two local speakers leading discussions on malware, and the OWASP Enterprise security framework.
Speaker: Brent Huston CEO & Security Evangelist of MicroSolved, Inc. (MSI)
This presentation will discuss PHP and ASP malware, discovery techniques, how the attackers are staging and processing malware-based attacks, as well as the relevance of anti-virus against these forms of malware. Drawn from real world attacks and compromises, examples will be displayed and discussed. Take aways will include the architecture of attacker cells, their targeting and use of compromised hosts and insight into how simple, basic controls can assist us in fighting these forms of assault.
Speaker: Kevin Wall – ESAPI Committer / Owner at OWASP & Staff Security Engineer at CenturyLink
OWASP Enterprise Security API (ESAPI) is one of the flagship projects at OWASP, but as of yet, not many application development teams have adopted it. This presentation will provide a brief history and overview of ESAPI, including its goals and all its language implementations, before taking a deeper dive into ESAPI for Java.
The ESAPI for Java portion will discuss major changes from ESAPI 1.4 to ESAPI 2.0 and how the various ESAPI 2.0 security controls map as mitigations for the OWASP Top Ten. We will also examine the relative maturity of each security control.
This will be followed by a few examples of how to use ESAPI, including an in-depth one of using ESAPI’s symmetric encryption. Finally, we will briefly describe how the OWASP AppSensor project has the ESAPI’s Intrustion Detection mechanism to provid an powerful intrustion detection system at the application layer and describe some of the advantanges of this versus an more traditional IDS.