This location is shown only to members
January 2012 Meeting
WHO:: Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.
ABSTRACT:: Organizations today need to be able to easily integrate security testing within their existing processes. In this talk, Kevin Johnson of Secure Ideas will explore various techniques and tools to help organizations assess the security of the web applications. These techniques are designed to be implemented easily and with little impact on the work load of the staff.
COST: Free to all. Bring a Friend. However, please look to join our chapter. Only $50. Greatly appreciated. OWASP is a 501 non-profit org and supports a good cause on web application security awareness.
January 20, 2012
Checkout the slides on the SamuraiWTF sourceforge site: http://sourceforge.net/projects...
January 20, 2012
Meetup site sponsor for 2014 and WebEx sponsor for remote meetings.
A great meeting space for the OWASP ATL chapter.
Financial Sponsorship of ATL Chapter
1,728 Freesiders
907 Developers
239 AlphaRackers
986 Members
505 Members
2,424 Members
— Katie, started NYC ICO
Act now and get 50% off.
Until February 1.
Meetup members, Log in
By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy
Sorry, we can't post the slides for the meeting (SANS) but here are some notes I noted: Tools: RatProxy, Burp, SoapUI, WSFuzzer. We also spoke about analyzing the client (flash) to discover web service features, AMF RTP traffic (tools anyone?), GWT JS --> GWTEnum? we spoke about OWASP's Zed Attack Proxy. Burp has a Java API and a ruby gem that can be used for scripting.