OWASP Chicago Suburbs Chapter
Wednesday, February 19, 2014 from 6:00 PM to 9:00 PM (CST)
OWASP Chicago Suburbs chapter meeting #3 is set for the week following Valentine's Day.
What: An unbiased, practical, cost-effective gathering to discuss application security. Presentation abstracts below.
When: Wednesday, February 19th @ 6pm CST
Where: US Foods, 6133 N River Rd, Rosemont, IL 60018 - Glenview Farms Conference Room, 11th floor
Cost: Absolutely nothing!
6: Food and soft drinks
630 - 9pm: Presentations
Please register in advance so building security can let you in with your ID:
Abstracts & Bios:
Presentation 1: Healthcare Data Analytics by Daniel Fabbri
Recent U.S. legislation such as the Affordable Care Act, HIPAA and HITECH outline rules governing the appropriate use of personal health information (PHI). Unfortunately, current technologies do not meet the security requirements of these regulations. In particular, while electronic medical records (EMR) systems maintain detailed audit logs that record each access to PHI, the logs contain too many accesses for compliance officers to practically monitor, putting PHI at risk. In this talk I will present the explanation-based auditing system, which aims to filter appropriate accesses from the audit log so compliance officers can focus their efforts on suspicious behavior. The underlying premise of the system is that most appropriate accesses to medical records occur for valid clinical or operational reasons in the process of treating a patient, while inappropriate accesses do not. I will discuss how explanations for accesses (1) capture these clinical and operational reasons, (2) can be mined directly from the EMR database, (3) can be enhanced by filling-in frequently missing types of data, and (4) can drastically reduce the auditing burden.
Presentation 2: A Novel Approach to Solving SQL Injection by Karen Heart
Injection attacks, particularly SQL Injection, remains the top risk in software, despite extensive research on methods to prevent these attacks. All of the reported techniques for preventing or mitigating injection attacks work well to some extent, however, no approach so far has succeeded in preventing all of them precisely. A novel approach is proposed that would prevent injection attacks in all cases, including secondary injection, without raising any false positives. The technique is based on a simple algorithm, rather than on a particular technology. As such, the proposed solution would apply to all programming languages and databases, including NoSQL databases.
Karen has many years of programming experience, developing a variety of software using Java, C++, PHP, and other tools. She is primarily interested in computer security and privacy, and she focuses currently on approaches to increasing the safety of software through improved programming practices and tools. She holds an MS in Computer Science from DePaul University, a JD from the University of Texas, and she is presently a 2nd year PhD student in Computer Science at UIC.
For more information please visit https://www.owasp.org/index.php/Chicago_Suburbs
Click here to join the local chapter mailing list.
See you at the event!
When & Where
OWASP Chicago Suburbs
OWASP Chicago Suburbs is a local chapter of the OWASP Foundation. You can learn more about OWASP Chicago Suburbs here: https://www.owasp.org/index.php/Chicago_Suburbs
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.