WebApp Sec mailing list archives
OWASP May chapter meetings
From: Andrew van der Stock <vanderaj () greebo net>
Date: Wed, 3 May 2006 23:17:13 +1000
Here's the known May OWASP meetings around the world. If there's no meeting close to you, it could be an oversight. Directions to the meetings and times for the meetings can be found on the relevant chapter pages. Please check:
http://www.owasp.org/docroot/owasp/maps/index.jspto see if there's a chapter meeting happening in your neck of the woods. If there is no chapter close to you, please contact me or Jeff Williams about starting your own chapter. OWASP meetings count towards CISSP CPE Credits.
May 2 - Melbourne, Australia. Already passed. My bad - many apologies to Jean-Marie for not getting this out during my recent illness.
May 3 - Boston, MA, USA 6:30 pm - Fortify Software - 2 parts Application Defense-Software That Fights Back New Tools and Techniques to Help Discover Software Security Flaws ********************************** 8:00 Short Topic - open redirects in URLs + phishing *********************************8:15 - Using Paros Proxy Server as a Web Application Vulnerability tool - Part 2
reusing Paros sessions; web crawling and vulnerability scans http://www.owasp.org/local/boston.html May 8 - Brussels, Belgium Where: Deloite Diegem http://www.deloitte.com/dtt/cda/doc/content/RouteDescriptionDiegem.pdf PROGRAM 18h00 - 18h30: Welcome, get drink & snack 18h30 - 18h45: Sebastien Deleersnyder, Ascure OWASP Update 18h45 - 19h15: Hillar Leoste, Zone-H 2005 Internet Attack Statistics for Belgium Presentation + DiscussionZone-h maintains the largest archive of information about attacks against Internet web servers. Every day the Zone-H volunteers receive an average of 2,500 notifications related to web server intrusions. Hillar will filter out the 2005 statistics for Belgium. I am sure this will provide an interesting topic to discuss about!
19h15 - 20h30: Johan Peeters, Program Director secappdev.orgCan "Agile" Development Produce Secure Applications? Presentation + Discussion
Received wisdom has it that secure development and agile processes do not mix. Is that really so? Agile practices have proven in many projects to yield applications with fewer functional defects. Can they
also be put to work to reduce the number of security vulnerabilities? http://www.owasp.org/local/belgium.html May 9 - Hong KongAnthony Lai (HK Chapter Lead) will be speaking at the 21st Century Info-Security Project.
Details: http://www.infosecurityproject.com/ May 10, Ottawa, Canada Location: 180 Preston Street, 3rd Floor Ottawa, K1R 7P9 Agenda 6:00pm-6:30pm - Reception 6:30pm-8:00pm - Main Presentation Speaker: Marc Graveline - CognosSubject: Marc is head of security at Congonos and he is going to speak to us about his practical experience with security threats and what Cognos has been doing with respect to these threats.
http://www.owasp.org/local/ottawa.html May 10, NoVA, VA, USAOur next NoVA OWASP meeting will be on 10 May from 6-9pm. Richard "Doc" Baum (ATT) will start by providing an example application for the group to review for security issues.
The 2nd presentation will be by John Steven (Cigital) on how to choose a source code analysis tool. Pravir Chandra (Secure Software) will follow up with a discussion on how CodeAssure actually works under the hood. It should be quite interesting.
May 12, Rochester, NY, USAThe next meeting of the Rochester, NY chapter of OWASP will meet Monday, May 15, 2006 at 6:00 PM. This meeting will be an open discussions on web application security and a planning meeting held at Tully's on Jefferson Rd. in Henrietta. Suggest a discussion topic on the Rochester OWASP list, or bring it with you. Because we need to reserve seats at Tully's, please RSVP to Ralf Durkee <rd () rd1 net> by Friday, May 5.
May 24, San Antonio, TX, USA http://www.owasp.org/local/antonio.html San Antonio OWASP Chapter: May 2006 Meeting Topic: How to Prevent Forceful Browsing Presenter: Dan Ross of PIC Business Systems Date: Wednesday May 24th, 2006 11:30am - 1:00pm Location: San Antonio Technology Center (Web Room) 3463 Magic Drive San Antonio, TX 78229http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio, +TX+78
229 Abstract:By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With
this technique, you may be assured that clients may only visit pages for which links have been presented.Granularity may be adjusted for an entire page, as well as for specific page
parameters. For example, you may prevent a user from deleting customersaltogether, or you may permit a user to delete customer #1, but not customer #2. In addition, a notification system can alert you when users are forceful
browsing. The implementation will be presented using PHP. Presenter Bio:Dan Ross has been VP Engineering for 17 years at PIC Business Systems, which provides integrated business software for the Window Coverings and Apparel
Industries. He has led the design, development, and maintenance of many commercial web applications and programs. He has a BS in Industrial Engineering from St. Mary's University in San Antonio. Sodas and snacks will be provided. Feel free to bring a brown-bag lunch. Please RSVP: E-mail owasprsvp _at_ denimgroup _dot_ com or call (210) 572-4400.
Attachment:
smime.p7s
Description:
Current thread:
- OWASP May chapter meetings Andrew van der Stock (May 03)