ISSA Phoenix Special Security Forum
The Future of Mass Hacking Campaigns Against Web Applications & Databases

What:

This is a special ISSA Security Forum event and is *FREE* to members and guests, but you MUST register (see below).

This event immediately preceeds the regularly scheduled AZSPF meeting. Stick around afterwards for a presentation on VMware Security from VMware's own Rob Randell. See the meeting announcement and description here.

Join us and find out the latest on

• Web application and database security threats and trends

• Evolution of cross-site scripting and SQL injection attacks, and how they are becoming increasingly more sophisticated and devious
• Generic hacking used against servers and databases to exploit web-facing applications
• Mitigating the risks and vulnerabilities associated with web security attacks
• Java, AJAX, cookie and html security trends and best practices for software developers
• Live case studies of real attacks

How:

RSVP required. Send your RSVP to: rsvp@phoenix.issa.org
Register NOW, because space is limited! You must RSVP so we have a headcount for food and seating. THERE IS NO COST TO ATTEND WHEN YOU REGISTER BY AUG 18. Late registrations and walk-ins $25.
Guests are welcome... forward this message to invite your colleagues and managers.

Why:

"… Analysts estimate that 75% of attacks against web servers enter at the application, not the network level."
- Jeremiah Grosmann, 8/4/08 online interview with Linda McGlasson, Managing Editor, at Bank Info Security.

The picture isn't pretty for web sites and open source software programs, according to industry reports on growing software vulnerabilities and exploits.

"Sixty percent of the of 100 most-popular Web sites have been hosting malicious code or inadvertently distributing it, … 75% of malicious Web sites in general are actually legitimate Web sites that are compromised”, says Stephan Chenette of Websense Security Labs
– Ellen Messmer, Network World, 07/29/2008, “Mid-year security report: Web sites, open source, social networking at risk”