Just a reminder about next week's San Antonio OWASP chapter meeting.
See below for the info. Hope to see you all there!
San Antonio OWASP Chapter: April 2006 Meeting
Topic: AJAX Security: Here We Go Again
Presenter: Dan Cornell of Denim Group, Ltd.
Date: Wednesday April 19th, 2006 11:30am - 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
technique being used to create rich Internet applications. By
interacting with the server behind the scenes and updating web page
DOMs, AJAX applications bring a new level of responsiveness to the web
and opens exciting new possibilities for creating new classes of
applications. The success of applications such as Google Maps and
Flickr is a testament to the exciting potential AJAX techniques bring to
the discipline of web application development.
Unfortunately many organizations implementing these techniques are doing
so without considering the security implications on application design
and development. Furthermore, because these techniques are so new the
threats and countermeasures are not well understood. This presentation
will give an explanation of AJAX techniques and will examine the
underlying constructs and their behavior. Next it will examine how
common web application vulnerabilities translate to AJAX environments
well as new threats that are specific to AJAX applications. The
presentation will conclude with a demonstration of "sprajax," an
alpha-release open-source tool developed by Denim Group that analyzes
web applications for potential security vulnerabilities exposed through
the use of AJAX.
Dan Cornell is a Principal of the Denim Group, a Texas-based consultancy
providing software development and application security services. He
has extensive experience architecting and developing enterprise web
applications on a variety of platforms as well as training and mentoring
development teams on application security and secure coding techniques.
Dan is the creator and primary author of the sprajax open source AJAX
security assessment tool. He is an MCSD as well as a Java 2 Certified
Sodas and snacks will be provided. Feel free to bring a brown-bag
Please RSVP: E-mail owasprsvp@... or call (210) 572-4400.