Skip Main Navigation
Page Content
This event has ended

OWASP Chicago Suburbs Chapter

OWASP Chicago Suburbs

Wednesday, February 19, 2014 from 6:00 PM to 9:00 PM (CST)

OWASP Chicago Suburbs Chapter

Ticket Information

Type End Quantity
OWASP Chicago Suburbs Ended Free  

Who's Going

Loading your connections...

Share OWASP Chicago Suburbs Chapter

Event Details

OWASP Chicago Suburbs chapter meeting #3 is set for the week following Valentine's Day.

 

What: An unbiased, practical, cost-effective gathering to discuss application security. Presentation abstracts below.

 

When:  Wednesday, February 19th @ 6pm CST

 

Where: US Foods, 6133 N River Rd, Rosemont, IL 60018 - Glenview Farms Conference Room, 11th floor

 

 

Cost: Absolutely nothing!

 

Agenda: 

6: Food and soft drinks

630 -  9pm: Presentations

 

Please register in advance so building security can let you in with your ID: 

https://owaspchicagosuburbs.eventbrite.com

 

Abstracts & Bios:

Presentation 1: Healthcare Data Analytics by Daniel Fabbri

Recent U.S. legislation such as the Affordable Care Act, HIPAA and HITECH outline rules governing the appropriate use of personal health information (PHI). Unfortunately, current technologies do not meet the security requirements of these regulations. In particular, while electronic medical records (EMR) systems maintain detailed audit logs that record each access to PHI, the logs contain too many accesses for compliance officers to practically monitor, putting PHI at risk. In this talk I will present the explanation-based auditing system, which aims to filter appropriate accesses from the audit log so compliance officers can focus their efforts on suspicious behavior. The underlying premise of the system is that most appropriate accesses to medical records occur for valid clinical or operational reasons in the process of treating a patient, while inappropriate accesses do not. I will discuss how explanations for accesses (1) capture these clinical and operational reasons, (2) can be mined directly from the EMR database, (3) can be enhanced by filling-in frequently missing types of data, and (4) can drastically reduce the auditing burden.

Presentation 2: A Novel Approach to Solving SQL Injection by Karen Heart

Injection attacks, particularly SQL Injection, remains the top risk in software, despite extensive research on methods to prevent these attacks. All of the reported techniques for preventing or mitigating injection attacks work well to some extent, however, no approach so far has succeeded in preventing all of them precisely. A novel approach is proposed that would prevent injection attacks in all cases, including secondary injection, without raising any false positives. The technique is based on a simple algorithm, rather than on a particular technology. As such, the proposed solution would apply to all programming languages and databases, including NoSQL databases.

Karen has many years of programming experience, developing a variety of software using Java, C++, PHP, and other tools. She is primarily interested in computer security and privacy, and she focuses currently on approaches to increasing the safety of software through improved programming practices and tools. She holds an MS in Computer Science from DePaul University, a JD from the University of Texas, and she is presently a 2nd year PhD student in Computer Science at UIC.

 

For more information please visit https://www.owasp.org/index.php/Chicago_Suburbs

 

Click here to join the local chapter mailing list.

 

See you at the event!

Have questions about OWASP Chicago Suburbs Chapter? Contact OWASP Chicago Suburbs

When & Where


US Foods
6133 N River Rd
11th Floor
Rosemont, IL 60018

Wednesday, February 19, 2014 from 6:00 PM to 9:00 PM (CST)


  Add to my calendar

Organizer

OWASP Chicago Suburbs

OWASP Chicago Suburbs is a local chapter of the OWASP Foundation.  You can learn more about OWASP Chicago Suburbs here: https://www.owasp.org/index.php/Chicago_Suburbs

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org.

OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.

  Contact the Organizer

Interested in hosting your own event?

Join millions of people on Eventbrite.

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.