February 16, 2010

Dangers of Web Application Vulnerabilities
by Jack Mannino

 

Abstract:
Web applications have become an attacker's best friend in recent years, and a security team's worst nightmare. Nearly every organization has a public web presence, and these numbers continue to grow daily with initiatives such as Government 2.0 and the rapid shift to cloud computing. While many groups have invested heavily in securing their networking infrastructure, web applications generally have not been afforded the same level of attention. The result is that nearly 70% of all public web applications contain critical vulnerabilities that may result in significant data losses.

Most people have heard of vulnerabilities such as Cross Site Scripting and SQL Injection. While these issues get the most attention, there is certainly more than one way to skin a cat. An attacker doesn't always need to gain root level access to a system or use cutting-edge techniques in order to achieve his or her goals. The purpose of this presentation is to move beyond industry buzzwords and acronyms to demonstrate how various other techniques can be used to compromise your critical applications and networks.

Speaker Bio
Jack Mannino is the CEO of nVisium Security Inc., an emerging security firm within the DC area. Specializing in the application security field, nVisium Security regularly provides expert solutions such as vulnerability assessments, penetration testing, and source code reviews. Jack is a huge believer in the idea that a little security planning upfront will pay huge dividends throughout the duration of an application or system's lifetime.  His recent research projects include discovering new ways to leverage Flash vulnerabilities, as well as developing new techniques to improve the efficiency of web fuzzing technologies.

Prior to founding nVisium Security, Jack held several positions in both the government and private sectors. He was a senior application security engineer at Engineering Services Network, where he helped institute security programs for organizations such as the DOD, VA, and SBA. Jack was also a member of BT's Ethical Hacking group in which he performed web application penetration testing and vulnerability assessments for Fortune 500 companies and financial institutions. He is also a veteran of the United States Navy.

 February 16, 2010 6:30 PM

George Washington University
801 22nd Street NW
Room B149 (One floor below lobby)
Washington, DC 20052
View details

Please RSVP if you plan to attend.