Poland

2009-05-22T20:13:43Z

Adt: Undo revision 61309 by TrocoUdomd (Talk)

Poland

2009-02-03T16:34:16Z

Adt: /* Agenda */

Poland

2009-02-03T00:32:18Z

Adt:

{{Chapter Template|chaptername=Poland|extra=The chapter leader is [mailto:andrzej.targosz@proidea.org.pl Andrzej Targosz]
<paypal>Poland</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-poland|emailarchives=http://lists.owasp.org/pipermail/owasp-poland}}

== Next Event February 2009 ==

The meeting of Poland OWASP Chapter will be held in Krakow, on 12th of February. 
If you would like to make a presentation, or have any questions about the Poland Chapter, send an email to Andrzej Targosz or Robert Pajak.

===Agenda===
6:00pm - 6:30pm ... "OWASP News" - Andrzej Targosz 
6:30pm - 7:30pm ... TBD 
7:30pm - 9:30pm ... OWASP UNConference 

===WHERE===
Location: Kraków, AGH, pawilon D10, Wydział Fizyki i Inf. Stosowanej AGH. 
http://kernel.agh.edu.pl/gallery/main.php?g2_itemId=2332

==OWASP Partnership during QAFA and TMS==
7-8th of April there will be two interesting meetings in Krakow where OWASP Poland Chapter decided to be Partnership: 
- TMS - "Test Management Summit" 
- QAFA - "Quality for Financial Applications" 
During meetings there will be special talk about OWASP Testing metodology. 
http://www.bettersoftware.eu/QAFA-TMS/

==Past Events==

===On 11th December 2008===
6:00pm - 7:00pm ... "Hack tool Firefox" - Filip Palian 
7:00pm - 8:15pm ... "OWASP where we were, where we are now, and where we are going..." - Andrzej Targosz 

===On 23th October 2008===
6:15pm - 7:10pm ... "Wargame @ Confidence/OWASP EU 2008 vs. OWASP Testing Guide" - Przemysław Skowron /PL/ - [[Media:OWASP_20081023-prezentacja.pdf]] , [[Media:OWASP_20081023-mind_mapa.pdf]] 
7:15pm - 8:10pm ... "Intrusion detection for web applications" - Łukasz Pilorz /EN/ - [[Media:OWASP_WebIDS_pub.pdf]] 
8:15pm - 9:10pm ... "Session management for Web Application" - Paweł Goleń /PL/ - [[Media:Owasp_prezentacja.pdf]] 

===On 25th April 2008===
5:15pm - 5:30pm ... "OWASP News" - Andrzej Targosz 
5:30pm - 5:45pm ... "Short introduction to WarGame - CONFidence & OWASP EU" - Przemyslaw 'rezos' Skowron 
5:45pm - 6:45pm ... "Introduction to Web Applications Security" - Filip Palian 

===On 06th September 2007===
6:00pm - 7:00pm ... "OWASP" - Robert 'shadow' Pajak 
7:00pm - 8:00pm ... "OWASP SPoC" - Przemyslaw 'rezos' Skowron 
8:00pm - 9:00pm ... "Penetration tests OWASP in practice" - Jarek Sajko 
====Presentation====
* Presentation: OWASP Intro By Robert 'Shadow' Pajak - [[Media:OWASP_about.pdf]]
* Presentation: OWASP SPoC By Przemyslaw 'rezos' Skowron - [[Media:OWASP_Day_Poland_rezos.pdf]]
* Presentation: Penetration tests OWASP in practice By Jarek Sajko - [[Media:OWASP_practice.pdf]]

===On 19th April 2007===
5:30pm - 6:30pm ... "Application security testing - attack trends" - Przemyslaw Skowron 
6:30pm - 7:30pm ... Auditor work standards 
7:30pm - 7:45pm ... OWASP Inauguration

You could join free, registration not required. Please invite all friends interested in security.

2008-10-25T22:18:00Z

Adt:

{{Chapter Template|chaptername=Poland|extra=The chapter leader is [mailto:andrzej.targosz@proidea.org.pl Andrzej Targosz]
<paypal>Poland</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-poland|emailarchives=http://lists.owasp.org/pipermail/owasp-poland}}

== Next Event 23th October 2008 ==

The meeting of Poland OWASP Chapter will be held in Cracow on October the 23th. 
If you would like to make a presentation, or have any questions about the Poland Chapter, send an email to Andrzej Targosz or Robert Pajak.

===Agenda===
6:15pm - 7:10pm ... "Wargame @ Confidence/OWASP EU 2008 vs. OWASP Testing Guide" - Przemysław Skowron /PL/ - [[Media:OWASP_20081023-prezentacja.pdf]] , [[Media:OWASP_20081023-mind_mapa.pdf]] 
7:15pm - 8:10pm ... "Intrusion detection for web applications" - Łukasz Pilorz /EN/ - [[Media:OWASP_WebIDS_pub.pdf]] 
8:15pm - 9:10pm ... "Session management for Web Application" - Paweł Goleń /PL/ - [[Media:Owasp_prezentacja.pdf]] 

===WHERE===
Location: Kraków, Audytorium 1 WIEiK (Wydział Inżynierii Elektrycznej i Komputerowej) Politechnika Krakowska, ul. Warszawska 24.

==OWASP Partnership during QAFA and TMS==
7-8th of April there will be two interesting meetings in Cracow where OWASP Poland Chapter decided to be Partnership: 
- TMS - "Test Management Summit" 
- QAFA - "Quality for Financial Applications" 
During meetings there will be special talk about OWASP Testing metodology. 
http://www.bettersoftware.eu/QAFA-TMS/

==Past Events==

===On 25th April 2008===
5:15pm - 5:30pm ... "OWASP News" - Andrzej Targosz 
5:30pm - 5:45pm ... "Short introduction to WarGame - CONFidence & OWASP EU" - Przemyslaw 'rezos' Skowron 
5:45pm - 6:45pm ... "Introduction to Web Applications Security" - Filip Palian 

===On 06th September 2007===
6:00pm - 7:00pm ... "OWASP" - Robert 'shadow' Pajak 
7:00pm - 8:00pm ... "OWASP SPoC" - Przemyslaw 'rezos' Skowron 
8:00pm - 9:00pm ... "Penetration tests OWASP in practice" - Jarek Sajko 
====Presentation====
* Presentation: OWASP Intro By Robert 'Shadow' Pajak - [[Media:OWASP_about.pdf]]
* Presentation: OWASP SPoC By Przemyslaw 'rezos' Skowron - [[Media:OWASP_Day_Poland_rezos.pdf]]
* Presentation: Penetration tests OWASP in practice By Jarek Sajko - [[Media:OWASP_practice.pdf]]

===On 19th April 2007===
5:30pm - 6:30pm ... "Application security testing - attack trends" - Przemyslaw Skowron 
6:30pm - 7:30pm ... Auditor work standards 
7:30pm - 7:45pm ... OWASP Inauguration

You could join free, registration not required. Please invite all friends interested in security.

File:OWASP 20081023-mind mapa.pdf

2008-10-25T22:13:42Z

Adt:

File:OWASP 20081023-prezentacja.pdf

2008-10-25T22:13:04Z

Adt:

File:Owasp prezentacja.pdf

2008-10-25T22:11:27Z

Adt:

2007-12-13T11:57:39Z

Adt:

{{Chapter Template|chaptername=Poland|extra=The chapter leader is [mailto:andrzej.targosz@proidea.org.pl Andrzej Targosz]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-poland|emailarchives=http://lists.owasp.org/pipermail/owasp-poland}}

== Next Event in January 2008 ==

The meeting of Poland OWASP Chapter will be held in Cracow on December the 13th. 
If you would like to make a presentation, or have any questions about the Poland Chapter, send an email to Andrzej Targosz or Robert Pajak.

===Agenda===
6:00pm - 6:30pm ... "OWASP News" - Andrzej Targosz 

===WHERE===
Now we're looking for a nice place to rent in Cracow.

== Event 13 December 2007 - canceled ==
We are sorry to inform that we have to cancel the meeting because of our speaker's health problems.

==Past Events==

===On 06 September 2007===
6:00pm - 7:00pm ... "OWASP" - Robert 'shadow' Pajak 
7:00pm - 8:00pm ... "OWASP SPoC" - Przemyslaw 'rezos' Skowron 
8:00pm - 9:00pm ... "Penetration tests OWASP in practice" - Jarek Sajko 
====Presentation====
* Presentation: OWASP Intro By Robert 'Shadow' Pajak - [[Media:OWASP_about.pdf]]
* Presentation: OWASP SPoC By Przemyslaw 'rezos' Skowron - [[Media:OWASP_Day_Poland_rezos.pdf]]
* Presentation: Penetration tests OWASP in practice By Jarek Sajko - [[Media:OWASP_practice.pdf]]

===On 19th April 2007===
5:30pm - 6:30pm ... "Application security testing - attack trends" - Przemyslaw Skowron 
6:30pm - 7:30pm ... Auditor work standards 
7:30pm - 7:45pm ... OWASP Inauguration

You could join free, registration not required. Please invite all friends interested in security.

2007-10-10T20:02:59Z

Adt:

File:OWASP Day Poland rezos.pdf

2007-10-10T20:01:37Z

Adt:

File:OWASP about.pdf

2007-10-10T20:01:00Z

Adt:

Poland

2007-10-10T19:49:48Z

Adt:

{{Chapter Template|chaptername=Poland|extra=The chapter leader is [mailto:andrzej.targosz@proidea.org.pl Andrzej Targosz]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-poland|emailarchives=http://lists.owasp.org/pipermail/owasp-poland}}

== Next Event 06 September 2007 ==
From 5th to 12th September 2007 the Global Security Week is being held all around the world. In New York, Boston, Washington DC and Italy, Great Britain, Belgium, Poland and Turkey OWASP enthusiasts will meet to discuss meeting's topics with the best specialists. The meeting of Poland OWASP Chapter will be held in Cracow on September the 6th. 
If you would like to make a presentation, or have any questions about the Poland Chapter, send an email to Andrzej Targosz or Robert Pajak.

===Agenda===
6:00pm - 7:00pm ... "OWASP" - Robert 'shadow' Pajak 
7:00pm - 8:00pm ... "OWASP SPoC" - Przemyslaw 'rezos' Skowron 
8:00pm - 9:00pm ... "Penetration tests OWASP in practice" - Jarek Sajko 
===WHERE===
AGH University of Science and Technology, al. Mickiewicza 30, building D1 room 104, Cracow
===Presentation===
"OWASP" - Robert 'Shadow' Pajak 
"OWASP SPoC" - Przemyslaw 'rezos' Skowron 
"Penetration tests OWASP in practice" - Jarek Sajko 

==Past Events==
On 19.04.07 (Thursday) ISACA Polish Chapter and OWASP Polish Chapter invites you to 2 presentations about security and audit aspects.
===Agenda===
5:30pm - 6:30pm ... "Application security testing - attack trends" - Przemyslaw Skowron 
6:30pm - 7:30pm ... Auditor work standards 
7:30pm - 7:45pm ... OWASP Inauguration

You could join free, registration not required. Please invite all friends interested in security.

Poland

2007-09-06T09:28:50Z

Adt: /* WHERE */

OWASP Day

2007-09-03T19:33:19Z

Adt: /* Global Agenda (19 Chapters participating) */

== OWASP Day : Worldwide OWASP chapter meetings on the topic "Privacy in the 21st Century" (5th till 12th September 2007) ==

'''OWASP Day''' is the title given to the 17 chapter meetings (hosted by 19 OWASP Chapters) staged during the [http://www.globalsecurityweek.com/ Global Security Week].

== Global Agenda (19 Chapters participating) ==

* '''Wed 5th'''
** [[Israel]] (16:45 / 19:30)
*** "Straight from Blackhat: Dangling Pointers" , Jonathan Afek , Watchfire
*** "Evasive Crimeware attacks, Business drivers, and Proposed Defense" , Iftach Amit , Finjan
*** "Content Injection as a solution for client side browser vulnerabilities" , Ofer Shezaf , Breach Security (Israel chapter Leader)
** [[London]] (18:30 / 21:30)
*** "For my next trick... hacking Web2.0", Petko D. Petkov (pdp), GNUCITIZEN
*** Panel: "Privacy in the 21st Century?", moderator: Ivan Ristic
*** Panel: "Future of the OWASP London Chapter"

* '''Thu 6th'''
** [[NYNJMetro]] (17:30 / 21:00)
*** "Financial Real-Time Threats: Impacting Trading Floor Operations"
*** "JBroFuzz: Effective Fuzzing for Network and Web Applications" , Dr. Yiannis Pavlosoglou , Information Risk Management
*** "Stock fluctuation from an unrecognized influence" , Justine Bone-Aitel , Immunity Security
*** "Hackers...BotNets oh My! Obtain a briefing on the current BotNet investigations etc.", NYC FBI Cyber Crime Unit
*** "Why today's vulnerability assessments are failing and a case for industry standardization"
*** "Blackhat/Defcon", Tom Brennan (President OWASP NY/NJ Metro)
*** Panel: "Global Security Week What is the current state of Privacy on Web Application Security? What should we be focusing on?"
** [[Belgium]] (12:30 / 19:30)
*** pre-event: "Getting started with WebGoat & WebScarab" ,Erwin Geirnaert , ZION Security
*** "OWASP Evaluation and Certification Criteria Draft" , Mark Curphey (OWASP founder)
*** "Automated Web FOO or FUD?" , David Kierznowski, GNUCITIZEN
*** "OWASP Pantera Unleashed" , Simon Roses Femerling , Microsoft
*** "CLASP, SDL and Touchpoints Compared" , Bart De Win, DistriNet research group
*** "Threats of e-insecurity in Belgium and the Belgian response" , Luc Beirens, FCCU
*** "For my next trick... hacking Web2.0 (pdp)" , Petko D. Petkov (pdp), GNUCITIZEN
*** "Panel Discussion: “Privacy in the 21st Century?", moderator: André Marien , Verizon Business - Cybertrust
** [[Washington DC]] + Northern VA (13:00 / 18:15)
*** "Honeyclients and Malicious Web Servers" , Kathy Wang , Mitre
*** "A malcode perspective on web application privacy" Blake Hartstein , iDefense
*** "Practical Web Privacy with Firefox" , Chuck Willis , Mandiant
*** "A sneak peak at Jeff's new "Enterprise Security API" , Jeff Williams , Aspect Security (OWASP board member & Chairman)
*** "Digital Rights Management" , James Stibbards , Cloakware
** [[San Antonio]] (11:30 / 13:00)
*** "Developing an Application Security Strategy for Large Enterprise Systems" , Bruce Jenkins, Fortify Software
** [[Seattle]] (18:00 / 21:00)
*** "Online Banking" , Rob Rachwald , Fortify
*** "Web Hacking 101", Damon Cortesi , IOActive
** [[San Jose]] + San Francisco (17:00 / 20:30)
*** Workshop: "Malicious Code Injection Workshop" , Siva Ram , AppSec Consulting ; Arian Evans ,WhiteHat Security
*** Panel: "Privacy, Security and Breaches, Oh My!", moderator: Alex Stamos, iSEC Partners ; Panelists: Doran Rotman, KPMG ; David Pollino, Washington Mutual Bank ; Robert Fly, Salesforce.com ; Larry Pingree, Safeway ; Kurt Opsahl, EFF
** [[Mumbai]] (14:30 / 18:00)
*** "Black Vector of Web Exploitation" , Aditya Sood , Sec Niche
*** "End User Privacy Breaches" , Rishi Narang , Third Brigade
*** "Privacy on the Web - The road ahead in the 21st century" , Yogesh Badwe , GTL
** [[Ottawa]] (18:00 / 20:00)
*** Security Development Lifecycle for IT , Christian Beauclai , Microsoft
** [[Phoenix]]
*** TBA
** [[Poland]] (18:00 / 21:00)
*** "OWASP" , Robert 'shadow' Pajak
*** "OWASP SPoC" , Przemyslaw 'rezos' Skowron
*** "Pentration test - OWASP in practice" , Jarek Sajko
** [[Boston]]
*** TBA

* '''Sat 8th'''
** [[Turkey]]
*** "Prelude. OWASP DAY and OWASP Turkey projects", Bedirhan Urgun
*** "Privacy in Governmental Insitutions - A Current State Analysis", Hayrettin Bahsi, Chief Researcher UEKAE TUBITAK
*** "A Panel on Privacy in Turkey

* '''Mon 10th'''
** [[Italy]] (9:00 / 13:30)
*** "Privacy in the digital era" , Mauro Bregolin , KIMA Projects & Services
*** "OWASP Top 10 2007 - Are our information 'really' safe?" , Carlo Pelliccioni , MediaService
*** "Anti-Anti-XSS: bypass browser protections" , Alberto Revelli , Portcullis
*** "Growing Application Security Awareness" , Laurent Petroque , F5
*** "Buzzwords Security" , Luca Carettoni , SecureNetwork
*** "Hacker Attacks on the Horizon: Understanding the Top Web 2.0 Attack Vectors" , Danny Allan , Watchfire
** [[Rochester]]
*** "The new OWASP Top Ten."

* '''Mon 12th'''
** [[Houston]] (17:30 / 19:30)
*** "Enhancing Application Security with Bytecode Instrumentation" , Patrick White , Fortify Software
** [[Cleveland]]
*** "The new OWASP Top Ten."

'''Note:''' If you are interested in doing a presentation, the following chapters have speaker slots available: Rochester, Boston, Phoenix, Poland and Turkey

== Organizers ==

In addition to the local chapter leaders, Dinis Cruz and Mike de Libero are the main points of contact (but of course much more help is needed :) )

== Global Security Week (GWS) ==

For more details on the (GWS) see:
* http://www.globalsecurityweek.com/
* http://www.globalsecurityweek.com/html/national_activities.html
* http://www.globalsecurityweek.com/html/gsw_06.html (Resources)

And here is a description from one the organizers:

''The aim of Global Security Week is to raise security awareness amongst the public and organizations about issues relating to security, primarily information security. This year's theme is on the subject of privacy and we hope that a number of events will be held worldwide to promote people's awareness as to how to protect their privacy when online and also educate companies on their responsibilities, both legal and morally, when it comes to protecting the privacy of their customers.
''
''Global Security Week is a totally voluntary initiative and we have no commercial funding or agenda. The initiative is funded entirely from the committee's own funds and time. We have people involved in Global Security Week throughout the world and during the week we have events planned in different regions. For example here in Ireland I plan to run a free seminar on the above topic open to anyone who wished to attend''

''We ask that those who wish to become involved, help promote Global Security Week in their region either by running specific events dedicated to Global Security Week, taking part in events already planned or simply making people aware that the week is on and the topic is "Privacy in the 21st Century". Even simply making people aware of Global Security Week and directing them to the website is a great help. Not having commercial funding we depend on word of mouth and like minded individuals to make people aware of the week.''

== ... for future reference ... ==
==== (original) Proposed Event layout ====

Each chapter is free to organize its mini conference and to define how long it should last.

But within the spirit of the event the following ideas are proposed:

* The topic of the event should be on "Privacy in the 21st Century", so all talks should be related to it (we should be addressing the Web Application side of Privacy (for example what happens to Privacy with SQL Injection, XSS and issues like pdp's [http://www.gnucitizen.org/blog/snoop-onto-them-as-they-snoop-onto-us Snoop onto Them as they Snoop onto us])
* The event should have 4 to 5 speaking slots (can be 30m if required)
* If possible, invite a presenter from the local government to talk about their views on the subject
* Presentation from a local OWASP Project leader about his/hers project (i.e. for the cases where a leader of an [https://www.owasp.org/index.php/Category:OWASP_Project OWASP Project] lives locally (or will be in that city during the event)
* All events are recommended to have the same panel discussion on the subject "'''What is the current state of Privacy on Web Application Security? and what should we be focusing on?'''"). After the panel discussion, each local chapters is invited to create a summary of its conclusions for publishing on the OWASP website
* "Talk 'Lets get rid of 3 major sources of vulnerabilities:
*# CROSS-SITE SCRIPTING: 70-90% of web applications have Cross-Site Scripting (XSS) holes. You must *both* carefully validate input and use HTML entity encoding on all data output.
*# SQL INJECTION: If your queries are a bunch of strings and user input concatenated together, your database could be attacked with SQL Injection. Stamp out this attack by using "parameterized" queries, such as Java's PreparedStatement instead.
*# SESSION EXPOSURE: Your SESSIONIDs are *just* as valuable as usernames and passwords, so make sure you never expose them. Don't ever allow authenticated SESSIONIDs to be sent without SSL or exposed in the URL."

==== Other Ideas ====
* Create a Security Manifest that will be 'signed' by all attendees
* Distributed capture the flag (where each local chapter plays has a team (against the other chapters))
* Short intro/welcome movie at the beginning of each mini-conference by OWASP board

Poland

2007-09-03T19:29:39Z

Adt: