Speaker: Dave Epler
March 12, 2014
Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code.
This session aims to be different in that the tools that are available to penetration testers and hackers will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Several tools will be highlighted: sqlmap, BeEF (Browser Exploitation Framework), Metasploit, and just a web browser.
Meeting links
Dave Epler
David Epler is a Software Architect with AboutWeb in Rockville, MD. As a member of AboutWeb's solutions team, he has built, deployed, and maintained systems compliant with the most demanding regulations and mandates needed to pass security certification and accreditation for Federal Government clients. He has been developing with ColdFusion since version 4 and is an active member of the ColdFusion community.
David has contributed to several open source ColdFusion projects and frameworks, along with the blog he maintains (http://www.dcepler.net/). He was responsible for creating and maintaining Unofficial Updater 2 (http://uu-2.info/) which makes patching ColdFusion 8 and 9 significantly easier before the Hotfix installer was introduced in ColdFusion 10. He also contributed the Security chapter for Learn CF in a Week (http://www.learncfinaweek.