WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

OWASP May chapter meetings

From: Andrew van der Stock <vanderaj () greebo net>
Date: Wed, 3 May 2006 23:17:13 +1000
Here's the known May OWASP meetings around the world. If there's no meeting close to you, it could be an oversight. Directions to the meetings and times for the meetings can be found on the relevant chapter pages. Please check: 

http://www.owasp.org/docroot/owasp/maps/index.jsp
to see if there's a chapter meeting happening in your neck of the woods. If there is no chapter close to you, please contact me or Jeff Williams about starting your own chapter. OWASP meetings count towards CISSP CPE Credits.
May 2 - Melbourne, Australia. Already passed. My bad - many apologies to Jean-Marie for not getting this out during my recent illness. 


May 3 - Boston, MA, USA

6:30 pm - Fortify Software - 2 parts
Application Defense-Software That Fights Back
New Tools and Techniques to Help Discover Software Security Flaws
**********************************
8:00
Short Topic - open redirects in URLs + phishing

*********************************
8:15 - Using Paros Proxy Server as a Web Application Vulnerability tool - Part 2 
reusing Paros sessions; web crawling and vulnerability scans

http://www.owasp.org/local/boston.html


May 8 - Brussels, Belgium

Where: Deloite Diegem
http://www.deloitte.com/dtt/cda/doc/content/RouteDescriptionDiegem.pdf

PROGRAM

18h00 - 18h30: Welcome, get drink & snack

18h30 - 18h45: Sebastien Deleersnyder, Ascure
OWASP Update

18h45 - 19h15: Hillar Leoste, Zone-H
2005 Internet Attack Statistics for Belgium Presentation + Discussion
Zone-h maintains the largest archive of information about attacks against Internet web servers. Every day the Zone-H volunteers receive an average of 2,500 notifications related to web server intrusions. Hillar will filter out the 2005 statistics for Belgium. I am sure this will provide an interesting topic to discuss about! 

19h15 - 20h30: Johan Peeters, Program Director secappdev.org
Can "Agile" Development Produce Secure Applications? Presentation + Discussion
Received wisdom has it that secure development and agile processes do not mix. Is that really so? Agile practices have proven in many projects to yield applications with fewer functional defects. Can they 
also be put to work to reduce the number of security vulnerabilities?

http://www.owasp.org/local/belgium.html


May 9 - Hong Kong
Anthony Lai (HK Chapter Lead) will be speaking at the 21st Century Info-Security Project. 

Details:
http://www.infosecurityproject.com/


May 10, Ottawa, Canada

Location:
180 Preston Street, 3rd Floor
Ottawa, K1R 7P9

Agenda
6:00pm-6:30pm - Reception
6:30pm-8:00pm - Main Presentation

Speaker: Marc Graveline - Cognos
Subject: Marc is head of security at Congonos and he is going to speak to us about his practical experience with security threats and what Cognos has been doing with respect to these threats. 

http://www.owasp.org/local/ottawa.html


May 10, NoVA, VA, USA
Our next NoVA OWASP meeting will be on 10 May from 6-9pm. Richard "Doc" Baum (ATT) will start by providing an example application for the group to review for security issues.
The 2nd presentation will be by John Steven (Cigital) on how to choose a source code analysis tool. Pravir Chandra (Secure Software) will follow up with a discussion on how CodeAssure actually works under the hood. It should be quite interesting. 


May 12, Rochester, NY, USA
The next meeting of the Rochester, NY chapter of OWASP will meet Monday, May 15, 2006 at 6:00 PM. This meeting will be an open discussions on web application security and a planning meeting held at Tully's on Jefferson Rd. in Henrietta. Suggest a discussion topic on the Rochester OWASP list, or bring it with you. Because we need to reserve seats at Tully's, please RSVP to Ralf Durkee <rd () rd1 net> by Friday, May 5. 


May 24, San Antonio, TX, USA
http://www.owasp.org/local/antonio.html

San Antonio OWASP Chapter: May 2006 Meeting
Topic: How to Prevent Forceful Browsing
Presenter: Dan Ross of PIC Business Systems
Date: Wednesday May 24th, 2006 11:30am - 1:00pm
Location:
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio, +TX+78 
229

Abstract:
By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With 
this technique, you may be assured that clients may only visit pages for
which links have been presented.
Granularity may be adjusted for an entire page, as well as for specific page 
parameters. For example, you may prevent a user from deleting customers
altogether, or you may permit a user to delete customer #1, but not customer #2. In addition, a notification system can alert you when users are forceful 
browsing.

The implementation will be presented using PHP.

Presenter Bio:
Dan Ross has been VP Engineering for 17 years at PIC Business Systems, which provides integrated business software for the Window Coverings and Apparel 
Industries. He has led the design, development, and maintenance of many
commercial web applications and programs. He has a BS in Industrial
Engineering from St. Mary's University in San Antonio.

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp _at_ denimgroup _dot_ com or call (210)
572-4400.

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: