Eric Duprey: "Application Vulnerability Shooting Gallery"

How vulnerabilities make it into your business applications, how to find them, and how to kill them - Laptop recommended

Despite years of publicity, the common classes of web application vulnerabilities remain essentially unchanged. Lists of the most common and important vulnerabilities in application software (the OWASP Top 10, for example) are nearly identical from 2003 to today, and the prevalence of these vulnerabilities remains alarmingly high. One thing that is still clearly lacking is awareness of common and serious vulnerabilities, how they are detected, how they are exploited, and how they can be systematically eliminated.

This is a hands-on presentation which will demonstrate common vulnerabilities in various real-world-like applications. It will cover discovering vulnerabilities at runtime, identifying them in source code, and uniform ways to fix these vulnerabilities using open and freely available tools.

(It is recommended to bring a laptop to this event if possible -- while it is possible to gain benefit from the presentation without it, having a laptop present will enable you to jump into hands-on tactical examples in real-time)

Presenter: Eric Duprey

Eric Duprey is the co-chapter-leader of the Denver OWASP Chapter. For several years, Eric has been performing application security assessments, penetration testing and source code review for major enterprise companies and working with application developers to remediate vulnerable code. Eric has presented talks at major security conferences including DEFCON and SANS penetration testing summit.

Agenda

• 6pm: Pizza & pop, sponsored by FishNet Security
• 6:30pm: Introduction and Chapter business
• 6:45pm --> 8pm: Presentation
• 8pm and later: Beer and ping pong hosted by Hosting.com

For more details see the OWASP wiki page for this event