O'Reilly European Open Source Convention - October 17-20, 2005 - Amsterdam, The Netherlands
 Convention Coverage

Tutorial

Open Source Web Application Security Kung-Fu & Art of Defense
Shreeraj Shah, Founder and Director, Net Square Solutions Pvt. Ltd.

Date: Monday, 17 October 2005
Time: 8:30 - 12:00
Location: Foyer Room

Web application attacks are growing at rapid rate in last five years. Many innovative ways of breaking systems have come into existence. Web applications are even more vulnerable since they cannot be protected by firewalls and become easy prey for attackers. Next generation web application attacks have arrived and are here to stay. These attacks are targeted towards vulnerable and poorly written web applications.

Web application defense strategies require secure coding at application level, knowing your applications, and protecting them by human intelligence. To perform these tasks one needs some tools and techniques. There are tools out there in open source domain which you can use. Knowing your application can lead to profiling your web assets in logical way. Profiling web assets provides a better picture of various possible attacks set. Knowing entire attack set greatly helps in designing and implementing defense strategies. This presentation will cover attacks in depth with live demonstrations and several open source tools.

Web application assessment and defense can be done using several different open source tools such as crawlers, footprinting utilities, assessment modules, nessus, paros etc. These tools can help in attacking web application and identifying vulnerabilities and loopholes in the system. At the same time one can use open source application layer firewall like mod_security to defend their applications.



Diamond Sponsors

Computer Associates International Inc., (CA)
IBM

Gold Sponsors

Microsoft

Silver Sponsors

ActiveState
Alfresco
Intel Corporation
LINAGORA
MySQL
Oracle
Red Hat
Sleepycat Software
SpikeSource
Zimbra

Media Sponsors

boing boing
C/C++ Users Journal
Hakin9
OpenSourceMag
Ping Wales
Ping Wales
Security Horizon
Software Developers Journal
Software Network
WebDevMagazine
Wydawnictwo Software

Sponsors

EuroOSCON Sponsor Opportunities — Email us at

Download the EuroOSCON Sponsor/Exhibitor Prospectus

EuroOSCON Media Sponsor Opportunities — Call Margi Levin at 707-827-7184 or email at

Press and Media

For media-related inquiries, contact Suzanne Axtell at

Conference News

Want to receive conference news? Sign up for our email newsletter.
O'Reilly Home | Privacy Policy

© 2005, O'Reilly Media, Inc.