ISSA Central Plains Chapter
June 2nd,  2006

 

Central Plains Chapter Meeting:

"Advanced Live Hacking: Methodologies and Demonstrations of Web Application Hacks",
David Nester, CISSP

 

David Nester is a Senior Security Engineer for SPI Dynamics, the expert in Web application security assessment and testing. David has over 10 years experience developing and implementing enterprise security solutions for Identity Management, Web applications, and UNIX environments. He has a proven track record of successfully architecting and integrating enterprise security solutions for Fortune 500 businesses; fulfilling mission-critical security objectives and goals, directing cross-functional technology teams, and leading complex projects from conception to deployment. Prior to joining SPI Dynamics, David was an Information Security consultant for iCrew Security that provided integration and consulting security services for small, medium and large businesses throughout Texas and Louisiana. Prior to that, David held security architecture positions with M.D. Anderson Cancer Center, Computer Sciences Corporation, and Citibank. David has been a Certified Information Security Systems Professional (CISSP) since February 2002 and leads the OWASP chapter in Houston Texas.


David will be presenting on Methodologies and Demonstrations of Web Application Hacks

    Web applications by nature are not static. Content is continually being altered and new features are added, in some instances on a very frequent basis. Each time the Web application is changed, a risk is imposed that the application will not be secure. Even the simplest of changes could produce a vulnerability that may pose a major threat to the assets of the company, or just as important, information about a company’s customers. It’s been estimated that three-fourths of today’s successful system hacks are perpetrated not via network security flaws, but by entering directly through the "front door" - exploiting vulnerabilities in customer-facing Web applications.

    Join David as he demonstrates how to defend against common attacks at the Web application layer with examples covering Web application hacking methods such as:
    • SQL Injection
    • Cross Site Scripting
    • Parameter Manipulation
    • Session Hijacking
    • LDAP Injection

    In addition, the session covers the techniques and processes that can be easily implemented into the application development lifecycle to ensure protection from such common attacks without requiring security expertise.
    What attendees will learn:
    • How to defend against common attacks at the Web application layer with examples covering Web application hacking methods such as SQL Injection, Cross Site Scripting, Parameter Manipulation, Session Hijacking, and LDAP Injection.
    • The ramifications that can occur from common Web application attacks.
    • The techniques and processes that can be easily implemented into the application development lifecycle to ensure protection from such common attacks without requiring security expertise.
    • The importance of Web application security throughout the development lifecycle.

     

 

The Information Systems Security Association (ISSA)® is a not-for-profit international organization of information security professionals and practitioners.  It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. We hope the ISSA will provide a chance to interface with other IT professionals and further your awareness of security practices and technologies.

 

This meeting is open to the general public with no expectations of membership.


Date:        Friday, June 2nd, 2006
Location: Rockwell Branch Public Library

                5939 E 9th ST N, Wichita, KS 67208
Time:        1:00 pm until 3:00 pm