[PhillyOnRails] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM -

Darian Anthony Patrick on 13 Feb 2008 09:53:17 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PhillyOnRails] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*]

From: Darian Anthony Patrick <darian@criticode.com>

To: talk@phillyonrails.org

Subject: [PhillyOnRails] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*]

Date: Wed, 13 Feb 2008 12:52:35 -0500

List-archive: <http://lists.phillyonrails.org/pipermail/talk>

Organization: Criticode LLC

Reply-to: talk@phillyonrails.org

Sender: talk-bounces@phillyonrails.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everyone, Apologies for the short notice. Next Tuesday is the first Philly OWASP meeting of the year. I will be talking about secure PHP deployment patterns (some of which is applicable to Ruby and Rails apps) and Aaron Mulder will be discussing and demonstrating Cross Site Printing, which should be lots of fun. Please RSVP to darian@criticode.com if you plan on attending. Thanks, and stay warm and dry, Darian p.s. Is there a PhillyOnRails meeting happening this month? I saw Colin's note about organizing one, but haven't seen anything about it since then. - - - ------------------------------------------------------------------------------------------- - - - Philadelphia OWASP Patten Auditorium Drexel University - - - - ------------------------------------------------------------------------------------------- Come join us in Philadelphia as we discuss web application security and determine the content for upcoming meetings this year! We are looking forward to a good year in web application security. At this meeting we'll discuss what's happening in web application security, plan our upcoming meetings, and then discuss secure PHP development and a fun way to spam your printer using JavaScript. Please RSVP to darian@criticode.com if you plan on attending. - - --------------------------------------------------------------------- - - - HOW-TO: Secure PHP Deployment Patterns - - - --------------------------------------------------------------------- Philadelphia-area application security consultant and Philly OWASP Chapter Leader Darian Anthony Patrick will present secure PHP deployment patterns in shared hosting and application-dedicated deployment environments. PHP has become one of the most frequently noted development platforms of vulnerable web applications. This talk will describe best practices for separation of PHP applications to minimize effect of a successful penetration, and the hardening and isolation of PHP itself to mitigate the effect of successful exploitation of problems in the language implementation. - - ---------------------------------------------------------------------- - - - HACK: Cross Site Printing - - - ---------------------------------------------------------------------- Philadelphia-area security researcher and Philly OWASP Chapter Leader Aaron Weaver will be discussing Cross Site Printing[1], a notable variation on intranet application exploitation. Aaron's research has well received by the web security industry, with coverage by Robert Hansen aka RSnake[2] of SecTheory and ha.ckers.org, Jeremiah Grossman of White Hat Security[3] and has been named number 4 of the Top Ten Web Hacks of 2007[4] in informal polling conducted by Jeremiah, and is noted as one of the Coolest Hacks of 2007 by Dark Reading[5]. You don't want to miss this exciting presentation! [1]http://en.wikipedia.org/wiki/XSP_(cross_site_printing) [2]http://ha.ckers.org/blog/20080108/cross-site-printing/ [3]http://jeremiahgrossman.blogspot.com/2008/01/cross-site-printing-printer-spamming.html [4]http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html [5]http://www.darkreading.com/document.asp?doc_id=145319&WT.svl=news1_3 **Also if there are some companies on the list who would like to sponsor the food – we would definitely welcome it. Next Meeting: February 19th 2008, 6:00 PM - 8:00 PM OWASP Philly Meeting Patten Auditorium (Room 109) Matheson Hall 3220 Market St. (32nd and Market Streets) Philadelphia, PA Special thank you to our location sponsor Chariot Solutions. Chariot Solutions is organizing the 2008 Emerging Technologies for the Enterprise conference at Drexel University, March 26-27, 2008. Speakers include Floyd Marinescu of InfoQ.com, David Brussin of TurnTide, Obie Fernandez, Yehuda Katz, and many more. You don't want to miss this exciting event! More information at http://www.phillyemergingtech.com/. - -- Darian Anthony Patrick, GWAS, GSSP-Java, ZCE Principal, Application Development Criticode LLC Office: (215) 240-6566 Facsimile: (866) 789-2992 Email/XMPP: darian@criticode.com Web: http://criticode.com -----BEGIN PGP SIGNATURE----- iD8DBQFHsy5jKpzEXPWA4IcRApN8AJwJB6WQOOxjXP7PMg7+UfPb23VsMACfU5wo JXrGEFt7WcMvTkkSSlcZ8gs= =DFpa -----END PGP SIGNATURE----- _______________________________________________ To unsubscribe or change your settings, visit: http://lists.phillyonrails.org/mailman/listinfo/talk

Follow-Ups:

Re: [PhillyOnRails] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*]
From: "Colin A. Bartlett" <phillyonrails@colinabartlett.com>

Prev by Date: [PhillyOnRails] PubNite, 2/18

Next by Date: Re: [PhillyOnRails] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*]

Previous by thread: [PhillyOnRails] PubNite, 2/18

Next by thread: Re: [PhillyOnRails] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*]

Index(es):

Date

Thread