Darian Anthony Patrick on 13 Feb 2008 09:28:21 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] [Fwd: [OWASP-Philadelphia] February 19th 2008, 6:00 PM - 8:00 PM *Patten Auditorium Drexel University*]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

Just a heads up regarding the next Philly OWASP meeting, next Tuesday.

Please RSVP to darian@criticode.com if you plan on attending.

Thanks!

- -
-
-------------------------------------------------------------------------------------------
- - - Philadelphia OWASP  Patten Auditorium Drexel University    -
- -
-
-------------------------------------------------------------------------------------------

Come join us in Philadelphia as we discuss web application security
and determine the content for upcoming meetings this year! We are
looking forward to a good year in web application security. At this
meeting we'll discuss what's happening in web application security,
plan our upcoming meetings, and then discuss secure PHP development
and a fun way to spam your printer using JavaScript.

Please RSVP to darian@criticode.com if you plan on attending.

- - ---------------------------------------------------------------------
- - - HOW-TO: Secure PHP Deployment Patterns -
- - ---------------------------------------------------------------------

Philadelphia-area application security consultant and Philly OWASP
Chapter Leader Darian Anthony Patrick will present secure PHP
deployment patterns in shared hosting and application-dedicated
deployment environments.

PHP has become one of the most frequently noted development platforms
of vulnerable web applications.  This talk will describe best
practices for separation of PHP applications to minimize effect of a
successful penetration, and the hardening and isolation of PHP itself
to mitigate the effect of successful exploitation of problems in the
language implementation.

- - ----------------------------------------------------------------------
- - - HACK: Cross Site Printing                             -
- - ----------------------------------------------------------------------

Philadelphia-area security researcher and Philly OWASP Chapter Leader
Aaron Weaver will be discussing Cross Site Printing[1], a notable
variation on intranet application exploitation.

Aaron's research has well received by the web security industry, with
coverage by Robert Hansen aka RSnake[2] of SecTheory and ha.ckers.org,
Jeremiah Grossman of White Hat Security[3] and has been named number 4
of the Top Ten Web Hacks of 2007[4] in informal polling conducted by
Jeremiah, and is noted as one of the Coolest Hacks of 2007 by Dark
Reading[5].  You don't want to miss this exciting presentation!

[1]http://en.wikipedia.org/wiki/XSP_(cross_site_printing)
[2]http://ha.ckers.org/blog/20080108/cross-site-printing/
[3]http://jeremiahgrossman.blogspot.com/2008/01/cross-site-printing-printer-spamming.html
[4]http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html
[5]http://www.darkreading.com/document.asp?doc_id=145319&WT.svl=news1_3


 **Also if there are some companies on the list who would like to
sponsor the food – we would definitely welcome it.

Next Meeting:
 February 19th 2008, 6:00 PM - 8:00 PM
 OWASP Philly Meeting

Patten Auditorium (Room 109)
Matheson Hall
3220 Market St. (32nd and Market Streets) Philadelphia, PA

Special thank you to our location sponsor Chariot Solutions.  Chariot
Solutions is organizing the 2008 Emerging Technologies for the
Enterprise conference at Drexel University, March 26-27, 2008.
Speakers include Floyd Marinescu of InfoQ.com, David Brussin of
TurnTide, Obie Fernandez, Yehuda Katz, and many more.  You don't want
to miss this exciting event!  More information at
http://www.phillyemergingtech.com/.

- --
Darian Anthony Patrick, GWAS, GSSP-Java, ZCE
Principal, Application Development
Criticode LLC
Office:     (215) 240-6566
Facsimile:  (866) 789-2992
Email/XMPP: darian@criticode.com
Web:        http://criticode.com
-----BEGIN PGP SIGNATURE-----

iD8DBQFHsyipKpzEXPWA4IcRAobFAJ9ri5TleO4IhMhC60+jb+YqPmBEPACfQZz6
e7M2BMkR/Ggecjxg2/zcQx0=
=1R8h
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug