Training -SQL Injection real exploit, OWASP ZED Attack Proxy

Time - 6:30 pm
general networking, news discussion, announcements.

7:00 - main presentations

The June 4th meeting will be the second in our series of 2014 training meetings. Rob Cheyne will continue explaining and exploring SQL Injection by conducting an actual injection attack.

This will be a demo-based discussion to get into the
mindset of an attacker, and show how an attacker goes after a site. Demo will include:

• BurpProxy demo
• Common authentication flaws
• SQL Injection Demo that shows the process and how it builds to a full compromise

Rob is currently CEO of Big Brain Security. In addition to security consulting for Fortune 500 customers, he was the author of LC4, a version of the award-winning L0phtCrack password auditing tool, and he also worked on the code scanning technology that was eventually spun off as Veracode. Rob was at @stake from the very first customer all the way through to the $50M acquisition by Symantec.

Jim Weiler will introduce the OWASP Zed Attack Proxy (ZAP). This is a very powerfull free OWASP intercepting proxy that lets you see, analyse, change, replay etc. every browser request and response, analyse your session, scan and attack web sites, save the results and run reports. We can't cover all the functionality but we'll show some practical tips and techniques.

Location -
Akamai 8 Cambridge Center Cambridge, MA 02142
The entrance is on Broadway, between Ames st. and Galileo Galilei Way, just west (away from Boston) of the Residence Inn. The T stop is Kendall on the red line.
http://www.akamai.com/html/about/driving_directions.html
Pizza, salad and soda courtesy of Akamai

https://www.meetup.com/owaspboston/
http://www.owasp.org/index.php/Boston