In the second installment of Safelight’s Lightning Talk series, Rob Cheyne will present the basics of cross-site scripting (XSS) at OWASP Boston.

He will cover the two primary methods of XSS attack, reflected and persistent, as well as provide detailed demonstrations that show how an attacker would use these methods in the real world.

As part of the demo, Rob will go beyond proof of concept and present an example of a “weaponized” JavaScript that could be used to steal another user’s session information.

Rob will also offer practical tips for defending against cross-site scripting flaws in your own applications.

When: June 2, 2010

Time: 6:30 p.m.

Where: Microsoft offices at the Waltham Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA

IT Security Education Key to Defending Against OWASP Top 10 Most Critical Web Application Vulnerabilities

In the first of the Safelight Security Advisors Lightning Talk Series, CEO Rob Cheyne will discuss “An Introduction to SQL Injection,” at the Open Web Application Security Project (OWASP) Boston chapter meeting, Monday, May 3.

Rob will cover the methodology used by professional attackers, along with detailed demonstrations of one of the most common and dangerous OWASP Top 10 issues.

After demonstrating how SQL injection can be used to run system commands and gain root access on a database server, Rob will provide practical tips for defending against SQL injection flaws.

Safelight’s Lightning talks are designed for members newer to OWASP interested in understanding the basics of web application security, although everyone should feel free to attend.

When: May 3, 2010, with subsequent meetings typically the first Wednesday of the month

6:30 – 7:00 p.m. Networking 7:00 – 9:00 p.m. Main Presentations Join the Boston mailing list.