|Sent on:||Tuesday, September 11, 2012 4:56 PM|
Registration link at http://owasp-orlando.eventbrite.com/
Q3 2012 Meeting September 12
5:45 - 6:00 Arrive
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.
7:00 - 7:15 Break
7:15 - 8:00+ "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at Defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques.
We do not currently have a sponsor for this event but refreshments will be provided out of chapter funds. If you are interested in sponsoring please contact [address removed]
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.
College of Medicine 6850 Lake Nona Blvd. Orlando, FL 32827
Park in the lot labeled on the map P3 and enter through the front of the COM building. This is a "U" shaped building facing Lake Nona Blvd. Once you enter the front doors, go down the hall to the left and you will see OWASP members directing folks to the meeting room on the right hand side. If you have questions please email me or [address removed]