Meeting Details |
||
May 2008 ACFUG Meeting |
||
| Date | Wednesday, May 7, 2008 | |
| Dinner & Schmoozing | 6:00 PM | |
| Meeting Time | 6:30 PM to 9:00 PM | |
| Location | FusionLink [Directions] | |
| Dress | Anywhere from casual to business formal | |
| Price | FREE! |
RSVP for this meeting!
Add to Outlook calendar.
Topics
What to Expect When You’re Expecting (A Web Application Penetration Test)
Penetration testing (a.k.a. “Pen Testing”) of web applications during development, QA or in production is becoming more commonplace. If it hasn’t happened to you yet, be sure that it will at some point in your career due to government or corporate regulations such as PCI-DSS, in response to a security failure or as part of a contractual agreement with users of your software. But what exactly is a web application pen test? What can you do to prepare yourself for a pen test? In this 90 minute talk, Dean H. Saxe will present his view on penetration testing web applications. The discussion will focus around the categories of common security vulnerabilities that organizations look for through pen testing (e.g. proper configuration management, authentication, authorization, data validation, data protection and error/exception handling), and proactive measures organizations can take to eliminate low hanging fruit. Dean will discuss the role of various open source, commercial and even home grown tools in penetration testing and the types of vulnerabilities that can, and cannot, be identified through pen testing. Finally, Dean will explore the role of a penetration test within the SDLC with a long-range view of the changes an organization can make in the areas of People, Process and Technology to minimize the creation of exploitable vulnerabilities.
About The Speakers
Dean Saxe
Dean is a Managing Consultant at Foundstone. He is responsible for conducting web application penetration testing, threat modeling, code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Dean also provides client education services as a lead instructor of these Foundstone courses: Building Secure Software, Writing Secure Code: Java/J2EE, and Writing Secure Code: ColdFusion. Dean has over ten years of software development experience in a variety of industries, including banking, education, and quality control. Since 2001, he has focused on secure software development and web application security. Prior to working at Foundstone, Dean held the position of manager of web application security for a corporate cash-management application service provider. In this position, he implemented the company’s first secure software development and deployment guidelines, development frameworks to support secure coding paradigms, tools used for the semi-automated remediation of application vulnerabilities, and static code analysis tools to expedite conducting secure code reviews. Dean co-founded and remains active in the Atlanta ColdFusion User Group (ACFUG) and is an active member of the Open Web Application Security Project (OWASP) Atlanta Chapter.
-------------------------------------------------------------To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/announcements%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
