Blog
Our Blog| Blog Home | About | Entries By Date | Search |
|
March 2012 meeting
Entry posted 03/14/12 by MarkDuBois , tagged: Event, Development, Design, Mobile
1,756 views, 0 comments.
Title
March 2012 meeting
Entry
Web Professionals and Adobe User Group Meeting-March 13, 2012
Our meeting was held in conjunction with the local chapter of OWASP (Open Web Application Security Project). Joe Kraft gave a presentation introducing OWASP, current security news, and SQL Injection.
He gave several examples of SQL injection using a tool called WebGoat, and a general discussion about security followed. https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
On a side note, Jonathan Worent suggested visiting a site: http://xkcd.com , which is a gentleman who does 3x a week comics. Note from Mark: Don’t forget to hover over each comic to read the title information.
If you are interested in security and the local chapter of OWASP, here is their contact information:
Subscribe to Peoria Chapter mailing list:
https://lists.owasp.org/mailman/listinfo/owasp-peoria
Their website is at https://www.owasp.org/index.php/Peoria
The national site is at: http://www.owasp.org
The next meeting will probably be in May, and OWASP will be having someone from the FBI there to discuss what they do.
Larry Ball spoke about how security should be incorporated into a corporate culture. Some topics he covered included Threat Modeling (including asset identification, deconstructing the application to identify security regions (authentication/authorization, logging, etc.)), Code review (with mitigation of threats in the development phase), Security Assessment Tools (Including Sprajax, MetaSploit, and Nessus 5).
- https://www.owasp.org/index.php/Category:OWASP_Sprajax_Project
- http://www.metasploit.com/
- http://www.tenable.com/products/nessus
He has made his presentation available for download at:
http://blog.larryaball.net/eisa-considerations-for-web-application-security/
Mark DuBois (http://blog.markdubois.info) provided an overview of Adobe Shadow; he recently wrote a review on his blog that is available. You install Shadow on your computer, then install the plugin into Chrome, then for each device you have, you need to download the Shadow application to each of your devices. It generates a passcode for each one, and once you enter the passcode into the Shadow app, you can easily test on all of the devices, and you can go in and change it, which is reflected on all of the devices. If you switch tabs or click on a link, all of the devices change at once. All devices do need to be on the same network. You can download it from http://labs.adobe.com/technologies/shadow/
For our next meeting, Jonathan will continue the “Development Process Overview” series, and will talk about the next step after Wireframing – implementing the wireframe..
Larry Ball will give an introduction to node.js, a server-side JavaScript environment.
Next meeting will be on Tuesday, April 10th at ICC, room to be announced.
Many thanks to Shari Tripp for developing these notes.
Copyright © 2013 Adobe Systems Incorporated. All rights reserved.
Use of this website signifies your agreement to the Terms of Use and Online Privacy Policy (updated 07-14-2009).
Site powered by the all powerful, super charged, amazing ColdFusion 9!