The Web Hacking Incidents Database - OWASP MSP September 21, 2009 Chapter Meeting

September 2009 OWASP MSP Meeting

Monday, September 21, 2009 - Ryan Barnett (Breach Security, Inc.)
The Web Hacking Incidents Database (WHID) - 2009 Analysis

Date: September 21st, 2009

Location / Venue Sponsor: Midwave, 10050 Crosstown Circle, Suite 500, Eden Prairie, MN 55344-3346

Map and Directions: http://www.midwave.com/ContactUs/MapDirections/tabid/170/Default.aspx

Agenda:

5:30 PM Room opens for networking

6:00 PM Welcome: OWASP chapter updates

6:30 PM Ryan Barnett – The Web Hacking Incidents Database (WHID) – 2009 Analysis

8:00 PM - Upcoming events reminder and meeting wrap-up

Thank You: Midwave for sponsoring this meeting and the meeting location. MN OWASP is currently looking for meeting location suggestions. Please contact Lorna at lorna.alamri@owasp.org or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.

Preview

The Web Hacking Incidents Database (WHID) (MSNBC news segment with WHID splash here) is a Web Application Security Consortium project dedicated to maintaining a list of web application related security incidents. The goal of WHID is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web application security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from the first half of 2009 (January - June) and provide insight into categories such as: 1) Top Attack Methods, 2) Top Compromise Outcomes, 3) Top Target Geographic Region, and 4) Top Vertical Markets Hit. The presenter will also provide some in depth analysis for emerging threats/attack techniques such as planting of malware on websites and reflected cross-site scripting through SQL injection.

Speaker Bio

Ryan Barnett is the Director of Application Security Research at Breach Security where he leads Breach Security Labs. He is a Member of the Web Application Security Consortium (WASC) where he leads the Distributed Open Proxy Honeypot Project. He is also the leader of the OWASP ModSecurity Core Rule Set (CRS) Project (Category:OWASP ModSecurity Core Rule Set Project) which provides web application firewall rules to the public. Mr. Barnett is a frequent speaker at industry conferences such as Black Hat and he has also authored a web security book for Pearson Publishing titled Preventing Web Attacks with Apache.