1. Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, OWASP Thailand +66832975101, tim@unix.com
3. My Contact Info and Web Places www.linkedin.com/in/timbass LinkedIn www.unix.com The UNIX and Linux Forums www.acisonline.net ACIS Professional Center blog.isc2.org Blog – The (ISC)2 Blog www.thecepblog.com Blog – The CEP Blog [email_address] Email +66832975101 Mobile, Thailand Tim Bass Me
4.
5.
6.
7. Brief OWASP Top 10 Review 7. Broken Authentication and Session Management
27. Testing Scenario- Single Server, Single Cache Simple Test Scenario (HTTP and HTTPS) WEB SERVER WEB CLIENT WEB CLIENT WEB CLIENT Very Aggressive Proxy Cache
28. Testing Scenario- Test Third Party Web Apps Anyone can build and test against their own aggressive proxy! Illustrative Purposes Only Google Docs! WEB CLIENT WEB CLIENT WEB CLIENT Your Very Aggressive Proxy Cache