BEGIN:VCALENDAR PRODID;X-RICAL-TZSOURCE=TZINFO:-//Calagator//EN CALSCALE:GREGORIAN X-WR-CALNAME:Calagator METHOD:PUBLISH VERSION:2.0 BEGIN:VTIMEZONE TZID;X-RICAL-TZSOURCE=TZINFO:America/Los_Angeles BEGIN:STANDARD DTSTART:20131103T020000 RDATE:20131103T020000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 TZNAME:PST END:STANDARD END:VTIMEZONE BEGIN:VEVENT CREATED;VALUE=DATE-TIME:20140121T051616Z DTEND;TZID=America/Los_Angeles;VALUE=DATE-TIME:20140220T130000 DTSTART;TZID=America/Los_Angeles;VALUE=DATE-TIME:20140220T113000 DTSTAMP;VALUE=DATE-TIME:20140121T051616Z LAST-MODIFIED;VALUE=DATE-TIME:20140219T234839Z UID:http://calagator.org/events/1250465555 DESCRIPTION:Presentation: \;\nPitfalls of Web Session Management \; \n \;\nLogin session management in modern web applications is largely applications dominated by use of HTTP cookies. However\, HTTP cookies w ere never designed for secure applications\, which has led to a signific ant number of protocol security problems. In this talk\, the speaker wi ll start with a brief background on why HTTP cookies are a poorly-concei ved mechanism to begin with\, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based se ssion management problems that remain wide spread and allow for session hijacking through a variety of clever attacks. \;\n \;\nWho: \ ;\nTimothy D. Morgan \;\nPrincipal Security Consultant - Blindspot Se curity LLC \;\nAs an application security consultant and vulnerabilit y researcher\, Tim has been taking deep technical dives in security for over a decade. In that time\, he has been credited with the discovery a nd responsible disclosure of numerous security vulnerabilities in a vari ety of software products\, including: IBM Tivoli Access Manager\, Sun J ava Runtime Environment\, Google Chrome Web Browser\, OpenOffice\, Oracl e WebLogic Application Server\, and IBM Websphere Commerce. His current research interests include applied cryptanalysis\, IPv6 security and XM L external entities attacks. Tim develops and maintains several open so urce forensics tools in addition to Bletchley\, an application cryptanal ysis toolkit. \;\n \;\nTim works to secure his customers' environ ments through black box testing\, code reviews\, social engineering eval uations\, security training and a variety of other services. Tim earned his computer science degrees from Harvey Mudd College and Northeastern University and currently resides in Portland Oregon where he leads the l ocal OWASP chapter \;\n \;\nCost: \;\n $10 (member) / $15 (non- member) / $2 (at-the-door) \;\n \;\n \;\nCPEs: \;\nThe ISS A meetings are appropriate for CPE credit. The chapter maintains proof o f attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts. \;\n \ ;\n\n\nImported from: http://calagator.org/events/1250465555 URL:http://www.eventbrite.com/e/february-lunch-program-pitfalls-of-web-se ssion-management-tickets-8163777077 SUMMARY:ISSA February Luncheon meeting LOCATION:Con-Way: 2055 NW Savier St\, Portland OR 97209 US SEQUENCE:3 END:VEVENT END:VCALENDAR