Jaa

OWASP User Group

  • Artikkeli

Wednesday March 1 – 6:30

Microsoft Waltham Office (Waltham Weston Corporate Center,

201 Jones Rd.

, Sixth Floor Waltham, MA)

 

More information at https://www.owasp.org/local/boston.html

 

Two presentations this week

 

Topic - A case-study of a Web Application vulnerability

Speaker:Matteo Meucci - CISSP, OWASP-Italy Chair

 

We describe a case-study of a public MMS (mobil phone message) service provided by a TELCO.
This vulnerability would allow an attacker to send a spoofed MMS charging the credit of an unaware user. This analysis shows how poor session management of a web application can be used to break the authentication scheme. We want to show how a two factor authentication can be broken if developers write bad code (a trivial error of session management)

 

Topic: Too many applications, not enough time. How to get Quality Results with Automated Vulnerability Testing

Speaker: Ambarish Malpani, VP of engineering and CTO of Cenzic

 

Web application vulnerability scanning (aka fault injection scanning) is a way to test for common input validation errors as well as other errors in functioning web sites. By crawling the site and analyzing the HTML they can test lots of vulnerabilities in a short time. Cenzic will discuss how these test results can be made more meaningful, for example, if an input page does not have it's data displayed in the immediate response page, how can you find cross site scripting vulnerabilities?

Comments