addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

January Meetup - Injection Attacks: Builder/Breaker Style

We are kicking off the new year by going back to basics. We will be meeting at the usual location in Reston, and good food + drinks will be provided as always.

This month, we are featuring a Builders vs. Breakers style of presentation. We will have two presenters, each presenting from their own perspective on Injection attacks. This includes SQL Injection, LDAP Injection, and other common injection types.

Our Builder presentation focuses on how to build applications that can withstand injection attacks and live to tell about it. The goal is to prevent them from being introduced into real-world applications in the first place.

Our Breaker presentation will be filled with real-world examples of how attackers and pentesters exploit injection vectors. Where applicable, examples will be shown of how to circumvent commonly weak controls which developers are often unaware of.

Bios:

Mike McBryde is a web app developer and security analyst. Formerly from San Antonio, he worked for seven years at Denim Group, a web application development and security consultancy, ending up as one of their Lead Application Security Consultants. He now works in the DC area, building out an application security program for The Advisory Board Company.

Jonn Callahan studied Computer Science at James Madison University and graduated in 2012. He currently works for CGI Federal on a large government contract with a team in charge of securing web applications.

Join or login to comment.

  • Hari P.

    Need to come up with better working examples...

    January 17, 2014

    • Ari E.

      Sorry for the multiple messages - every time I hit enter to add a line break, meetup posts the message prematurely. Grrrrr.... Anyway, last link: http://webappsecmovie...­

      1 · January 17, 2014

    • Jonathan C.

      You can check out my (pretty inactive) blog for some SQLi stuff. I'll probably steal some of the material from the talk and put up a second order and xml injection section as well over the weekend. Keep an eye out.

      aer0.net

      January 17, 2014

  • Norman W.

    Love the format of the topic! Very comprehensive where one person presents the breaking and another fixes it.

    January 17, 2014

  • McKinney

    This was a fantastic presentation. Very informative, intelligently designed and presented by two excellent presenters.

    January 16, 2014

  • Jack M.

    If you see a huge pile of beer and soda in front of the building, that's ours. Please grab what you can and bring it in.

    January 16, 2014

  • Mehmet Y.

    Sorry guys, complications mean I gotta skip this one, see you next time around

    January 16, 2014

    • Jack M.

      See you at DC next week.

      1 · January 16, 2014

  • Jack M.

    If you don't plan to attend this evening, please change your RSVP to NO since we're ordering food today and have a pretty big crowd tonight. See everyone at the meetup!

    January 16, 2014

  • Richard G.

    Hey, come on out to the beach in sunny California for two days of awesome speakers, including your own Jim Mannino, and attend AppSec California 2014. It's January 27-28 at the Annenberg Beach House in Santa Monica.
    appseccalifornia.org

    1 · January 15, 2014

    • Ari E.

      Dude - just change your name so people don't keep typing it wrong. :-)

      January 15, 2014

    • Richard G.

      Sorry JACK JACK JACK...I think I got it now. See you soon.

      1 · January 15, 2014

  • Jack M.

    Ok next to last reminder to change your RSVP status from YES to NO if you don't plan on attending this Thursday.

    January 13, 2014

  • Michael M.

    We're trying to get more feedback from our group and learn who our members are. Please take a few moments to fill out this simple poll about what your role in your company is. Thanks!

    http://www.meetup.com/OWASP-Northern-Virginia-Chapter/polls/983632/

    January 12, 2014

  • Jack M.

    We're getting close to the meetup date. If you aren't going to make it, this is your monthly friendly reminder to change your RSVP status to "NO". We buy our food and drinks every month based on how many people we anticipate showing up.

    January 11, 2014

  • Jack M.

    Due to a scheduling conflict at the facility, we've moved the meetup to 1/16. Please don't show up on 1/9 because you'll be pretty lonely :-)

    1 · December 24, 2013

Our Sponsors

  • Blue Canopy

    Blue Canopy is hosting the meetup and providing food and drinks.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy