Export or edit this event...

ISSA February Luncheon meeting

2055 NW Savier St
Portland, OR 97209, US (map)

Access Notes

Parking: Plenty of free parking in front of the building.

Con-way's reception desk is located at west end (closest to 21st Ave.) of the AdTech II building, best accessed by turning into the entrance located on 21st Ave.

Parking: Con-way has asked that guests park in the two lots to the East of NW 20th Avenue between NW Raleigh and NW Thurman.

Please do not park in spaces that are marked with names other than Con-way since these spaces are leased. The best option is the lot on the NE corner of NW Raleigh and NW 20th.

the main entrance to the building is on Savier Street on the west side of the building. This entrance is manned by a security guard and you will be asked to sign in.
See map below:




Presentation: Pitfalls of Web Session Management

Login session management in modern web applications is largely applications dominated by use of HTTP cookies. However, HTTP cookies were never designed for secure applications, which has led to a significant number of protocol security problems. In this talk, the speaker will start with a brief background on why HTTP cookies are a poorly-conceived mechanism to begin with, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based session management problems that remain wide spread and allow for session hijacking through a variety of clever attacks.

Timothy D. Morgan
Principal Security Consultant - Blindspot Security LLC
As an application security consultant and vulnerability researcher, Tim has been taking deep technical dives in security for over a decade. In that time, he has been credited with the discovery and responsible disclosure of numerous security vulnerabilities in a variety of software products, including: IBM Tivoli Access Manager, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, Oracle WebLogic Application Server, and IBM Websphere Commerce. His current research interests include applied cryptanalysis, IPv6 security and XML external entities attacks. Tim develops and maintains several open source forensics tools in addition to Bletchley, an application cryptanalysis toolkit.

Tim works to secure his customers' environments through black box testing, code reviews, social engineering evaluations, security training and a variety of other services. Tim earned his computer science degrees from Harvey Mudd College and Northeastern University and currently resides in Portland Oregon where he leads the local OWASP chapter

Cost: $10 (member) / $15 (non-member) / $2 (at-the-door)

CPEs: The ISSA meetings are appropriate for CPE credit. The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts.