Home
From the President
Membership
Calendar of Events
Job Postings
Presentations
ISSA Journal
Sponsors
Contact Us

Archived Event Description

February 28th
Our next meeting will be WEDNESDAY, FEBRUARY 28th at 1 PM

Event Details:

NEW JERSEY CHAPTER
INFORMATION SYSTEMS SECURITY ASSOCIATION (ISSA)

WEDNESDAY, FEBRUARY 28th EDUCATIONAL SESSION FOCUSES ON PROTECTING WEB APPLICATIONS

DATE: WEDNESDAY, FEBRUARY 28th AT 1:00 PM

VENUE: Cisco’s Offices, 499 Thornall Road, Edison, NJ – Gotham City Room, 8th Floor (Please see accompanying directions.)

TO REGISTER: Please send an e-mail to doris.vasquez@us.pwc.com by February 27th Admission is free and ISSA membership is not required. Please feel free to invite your colleagues and clients! Light refreshments will be provided courtesy of Cisco Systems.

HOW TO SAFEGUARD YOUR COMPANY BY PROTECTING YOUR APPLICATIONS
SPEAKER: TOM STRACENER, Senior Security Analyst, CENZIC’S CIA LABS

ABSTRACT*: Securing data and applications that run on the web is one of the most pressing information technology challenges for many organizations today. Attacks made through common hacking techniques can lead to financial loss, compliance headaches and disastrous issues with customer privacy and overall satisfaction. While business applications are going online at a record pace, security solutions today are not keeping up. The lack of a proper protocol to test for application vulnerabilities can quickly result in large-scale security breakdowns. This session will address the Top 5 things you can do to protect your applications and prevent such security breaches from happening in the first place, including:

1. Watch out for open redirects: Open redirects are a big cause of phishing scams. If an open redirect is left accessible and can be used to redirect data to an arbitrary location, a clever attacker can redirect users from a legitimate-looking site to their spoofed version.
2. Don't rely on client-side input validation: A menacing problem with client-side input validation is that end users can bypass this validation. Doing so can break the security on Web applications and lead to unauthorized access to data, entry of counterfeit information and system failures. It’s therefore easy for attackers to circumvent client-side input validation, using a man-in-the-middle proxy, and attack an application.
3. Expect the unexpected: Use an automated means to check for input validation and parameter tampering. This simple form of attack takes advantage of the fact that many programmers rely on hidden or fixed fields. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.
4. Bounds check all your application inputs
5. Check for SQL injection vulnerabilities throughout your whole application

BIO*: TOM STRACENER was one of the founding members of nCircle Network Security. While at nCircle he served as the head of vulnerability research from 1999 to 2001, developing one of the industry’s first quantitative vulnerability scoring systems, and co-inventing several patented technologies. Mr. Stracener is an experienced security consultant, penetration tester and vulnerability researcher. One of his patents, “Interoperability of vulnerability and intrusion detection systems,” was granted by the USPTO in October 2005. Tom is the senior security analyst for Cenzic’s CIA Labs.
*As provided by the presenter.

WATCH OUR WEBSITE FOR DETAILS OF FUTURE EVENTS! NEXT EVENT: TUESDAY, APRIL 25th –Jersey City – 8:30 – 4:00 – Technical Sessions & Exhibits – WATCH FOR DETAILS!


Directions:
Directions to
Cisco Systems, Inc.
8th floor “Gotham City” Conference Room
499 Thornall Road, Edison, NJ 08837
732-635-4200


From Route 287 South
Follow Interstate 287 South to NEW Route 24 East (Exit 37)
Take the I-78 EAST LOCAL exit toward RT-124/GARDEN STATE PARKWAY/RT-82.
Merge onto I-78 E.
Take the GARDEN STATE PARKWAY exit- exit number 52.
Take the PARKWAY SOUTH exit.
Merge onto GARDEN STATE PKWY S (Portions toll).
Take the RT-27 exit- exit number 131- toward ISELIN/RAHWAY/METUCHEN.
Take the ramp toward EDISON/METUCHEN.
Turn SLIGHT RIGHT onto NJ-27/LINCOLN HWY.
Turn LEFT onto WOOD AVE S.
Turn RIGHT onto CR-657/THORNALL ST.
End at 499 Thornall St Edison NJ.

The meeting Conference Room is located on the 5th floor – it is called “Yankee/Shea”.
PLEASE NOTE THE OFFICE ADDRESS, AS THERE IS NO SIGNAGE OUTSIDE OR INSIDE THE BUILDING OTHER THAN THE ADDRESS.


From Route 287 North
Follow Interstate 287 North to NEW Route 24 East (Exit 37)
Take the I-78 EAST LOCAL exit toward RT-124/GARDEN STATE PARKWAY/RT-82.
Merge onto I-78 E.
Take the GARDEN STATE PARKWAY exit- exit number 52.
Take the PARKWAY SOUTH exit.
Merge onto GARDEN STATE PKWY S (Portions toll).
Take the RT-27 exit- exit number 131- toward ISELIN/RAHWAY/METUCHEN.
Take the ramp toward EDISON/METUCHEN.
Turn SLIGHT RIGHT onto NJ-27/LINCOLN HWY.
Turn LEFT onto WOOD AVE S.
Turn RIGHT onto CR-657/THORNALL ST.
End at 499 Thornall St Edison NJ.

The meeting Conference Room is located on the 5th floor – it is called “Yankee/Shea”.
PLEASE NOTE THE OFFICE ADDRESS, AS THERE IS NO SIGNAGE OUTSIDE OR INSIDE THE BUILDING OTHER THAN THE ADDRESS.


From Newark International Airport
Take the NJ Turnpike South to Exit 11 - toward US-9/GARDEN STATE PARKWAY/WOODBRIDGE.
Once you exit, take the Garden State Parkway North to Exit 131B - toward METRO PARK.
From the exit continue straight through three lights (the Metro Park Train Station will be on the right).
After the third light, the second building on the left is 499 Thornall Street.

The meeting Conference Room is located on the 8th floor – it is called “Gotham City”.
PLEASE NOTE THE OFFICE ADDRESS, AS THERE IS NO SIGNAGE OUTSIDE OR INSIDE THE BUILDING OTHER THAN THE ADDRESS.


From NJ Turnpike
Take the NJ Turnpike Exit 11 - toward US-9/GARDEN STATE PARKWAY/WOODBRIDGE.
Once you exit, take the Garden State Parkway North to Exit 131B - toward METRO PARK.
From the exit continue straight through three lights (the Metro Park Train Station will be on the right).
After the third light, the second building on the left is 499 Thornall Street.

The meeting Conference Room is located on the 5th floor – It is called “Yankee/Shea”.
PLEASE NOTE THE OFFICE ADDRESS, AS THERE IS NO SIGNAGE OUTSIDE OR INSIDE THE BUILDING OTHER THAN THE ADDRESS.





Back to Calendar Archives


Home | Membership | Calendar | Presentations | Journal | Sponsors | Contact Us

© 2004 ISSA, NJ Chapter