Meeting notes from October 22, 2009:
I figured I should post this before I forget.
We covered the fundamentals.... what is input validation, the basic relationship between a client and a server.
Next, showed how HTML forms work, and how you can use server response from forms to manipulate data. Used this to explain cross site scripting.
Covered basic security resolutions: whitelisting (hash tables, regex, dictionaries...), NoScript, and a few other things.
A few good resources for those who attended (or those who missed):
Tools of the trade: LiveHTTPHeaders, NoScript, Web Developer Toolkit, Paros Proxy, Burpsuite Names to follow: Jeremiah Grossman, Billy Hoffmann, RSnake Sites to check out: gnucitizen.org, ha.ckers.org