addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartrashtriangle-downtriangle-uptwitteruseryahoo

Fwd: OWASP Orlando Q3 2012 Meeting September 12

From: Tony T.
Sent on: Tuesday, September 11, 2012 4:56 PM
First off, I apologize for cross-posting to a few different meetup groups but wanted to make sure we got the word out for an exciting speaker at our next OWASP Orlando meeting tomorrow night. Kevin Johnson, a senior instructor with the SANS Institute and creator of such noted open source projects as Laudanum, Yokoso, Base, Samurai-WTF, Damn Vulnerable Web Services (integrates with Damn Vulnerable Web App) will be giving a presentation on hacking web services. If you have not seen Kevin speak before, you are really missing out. I know of no better presenter on web application security topics than Kevin. There is no cost to attend, but we ask that you register at the link below so I know how much food to buy. We hope to see you there!

Check out the details below

  • Meeting Date: September 12,[masked]:00 - 8:00 PM (or until we decide to go home)
  • Meeting Location: UCF College of Medicine
  • Google maps link:

Registration link at

Q3 2012 Meeting September 12

5:45 - 6:00 Arrive

6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia

6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.

7:00 - 7:15 Break

7:15 - 8:00+ "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.

In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at Defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques.

  • Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Twitter: @secureideas

We do not currently have a sponsor for this event but refreshments will be provided out of chapter funds. If you are interested in sponsoring please contact [address removed]

University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.

College of Medicine 6850 Lake Nona Blvd. Orlando, FL 32827

UCF College of Medicine Directions

Park in the lot labeled on the map P3 and enter through the front of the COM building. This is a "U" shaped building facing Lake Nona Blvd. Once you enter the front doors, go down the hall to the left and you will see OWASP members directing folks to the meeting room on the right hand side. If you have questions please email me or [address removed]

Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
[address removed]

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy