CTI Home Page
UWM Home Page Lubar School Home Page SAP UCC Home Page Search UWM
University of Wisconsin-Milwaukee


Center for Technology Innovation

 

Program Detail

►CTI Home Page
►About CTI
►Events
►Members
►Faculty
►Custom Programs
►Decision Lab

 

Center for
Technology Innovation
UW-Milwaukee
PO Box 742
Milwaukee, WI   53201
Lubar Hall N334 

PHONE: 414-229-3939
Fax: 414-229-4477

Please direct questions and comments to: daveh@uwm.edu

Last updated July 20, 2007


Web Application Security

featuring Michael Andrews, Foundstone, a division of McAfee, Inc.

Friday, June 22, 2007
8:30 AM - 4:15 PM
Breakfast and check-in at 8 AM
UWM Lubar School of Business
Lubar Hall, Room N146
Printable Brochure



A full day seminar featuring Mike Andrews, from Foundstone, a division of McAfee. This workshop is being coordinated by Dr. K. Ramamurthy, Professor in the MIS area at the Lubar School of Business, University of Wisconsin - Milwaukee.

Overview

This workshop looks at the major problems with building secure web-based applications and ways to test for common flaws in their development and deployment. Drawing from the lessons learned from auditing hundreds of commercial websites, the presenter will walk though the common attacks, why they exist, where and when to look for them, as well as mitigation strategies. Attendees will leave with an understanding of the current best practices necessary for secure websites.

Topics

TOPICS Why the Web Is Broken - Although everyone thinks the web has been around for a long time, in real software engineering terms it’s still an infant. In this topic we discuss why web security is currently in such a poor state and what its apparent future is. Building on a Secure Base - It’s not just the code that can have flaws – the underlying web server is just as important. Common configuration errors are discussed in terms of their impact on security. Stop! Who Goes There? - The most critical part of any website is to know who the users are and what they are able to access. If the portion of the website that deals with authorization, authentication, and session management fails, you’ve effectively given the keys of the kingdom to the hackers. Attack Road Show - In this final part of the workshop, the presenter shows in detail some of the common attacks against websites, invites discussion, and encourages attendees to try out for themselves some of the things they have learnt.

About the speaker

Mike Andrews is a senior consultant at Foundstone, a division of McAfee, Inc., who specializes in software security and leads web application security assessments and Ultimate Web Hacking classes. He has worked with various clients ranging from small independent sites though multi-national corporations and government research departments. His book with long-time collaborator James Whittaker, “How To Break Web Software,” is one of the most popular books on the subject and was a finalist in the Jolt Excellence Awards.

Who should Attend?

This web security workshop is intended for business and technical professionals who are responsible for the development, quality assurance, and operation of websites. The content will vary from a high-level look at web vulnerabilities to detailed information on how to attack and close these flaws. Due to the breadth of the topic area, not every possible attack method will be covered, but anyone interested in the security of a website, either as a user or those accountable to the user, should attend to understand how to minimize their exposure.

Coordinator

Dr. K. Ramamurthy, Professor in the MIS area at the Lubar School of Business, University of Wisconsin-Milwaukee, will coordinate this workshop.