OWASP - User contributions [en]

OWASP Community

2007-03-01T18:22:37Z

Anastasia Stamos: /* Events */

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

Bay Area

2007-03-01T18:21:06Z

Anastasia Stamos: /* Local News */

Bay Area

2007-01-18T22:00:05Z

Anastasia Stamos: /* Local News */

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:bchristian@spidynamics.com Brian Christian]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

== Local News ==

'''!!!PLEASE RSVP TO Anastasia Stamos (mailto:anastasia@isecpartners.com) AS THERE IS LIMITED SPACE!!!'''

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

WHAT: San Francisco OWASP Chapter Meeting and Mixer

WHEN: Thursday, January 25th, 2007

6:00-6:30 Social (Food and Drinks) and Chapter Announcements

6:30-8:00 "XML Digital Signature and Encryption: Use and Abuse": Brad Hill, iSEC Partners

8:00-8:15 Q and A

8:15-8:45 "Commonly Overlooked Cryptographic Vulnerabilities in Web Applications": Patrick Stach, Stach and Liu

8:45-9:00 Q and A and Meeting Wrap Up

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com)
We recommend arriving by public transit as parking is extremely limited.

WHY: To network, socialize and learn more about Web Application Security

WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill and Patrick Stach will present.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"XML Digital Signature and Encryption: Use and Abuse"

Abstract:
The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world. This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications. Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Security Consultant - Brad Hill

Brad Hill is a Security Consultant with iSEC Partners. Brad Hill brings
to iSEC a decade-plus background working with Internet technologies,
including serving as the lead developer of Web applications and
frameworks for one of the premier private label recordkeeping and
management companies in the financial services industry, where his
responsibilities also included security training, policy development and
compliance. With iSEC he has performed penetration testing and design
review for a wide spectrum of products and technologies, most recently
participating in the Final Security Review of Microsoft Windows Vista.
Brad achieved the Certified Information Systems Security Professional
(CISSP) credential in 2004.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"Commonly Overlooked Cryptographic Vulnerabilities in Web Applications"

Abstract:
This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications. The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.

Director of Research and Development- Patrick Stach

Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.

Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.

Bay Area

2007-01-18T21:58:53Z

Anastasia Stamos: /* Local News */

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:bchristian@spidynamics.com Brian Christian]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

== Local News ==

'''!!!PLEASE RSVP TO Anastasia Stamos (mailto:anastasia@isecpartners.com) AS THERE IS LIMITED SPACE!!!'''

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

WHAT: San Francisco OWASP Chapter Meeting and Mixer

WHEN: Thursday, January 25th, 2007

6:00-6:30 Social (Food and Drinks) and Chapter Announcements

6:30-8:00 "XML Digital Signature and Encryption: Use and Abuse": Brad Hill, iSEC Partners

8:00-8:15 Q and A

8:15-9:00 "Commonly Overlooked Cryptographic Vulnerabilities in Web Applications": Patrick Stach, Stach and Liu

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com)
We recommend arriving by public transit as parking is extremely limited.

WHY: To network, socialize and learn more about Web Application Security

WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill and Patrick Stach will present.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"XML Digital Signature and Encryption: Use and Abuse"

Abstract:
The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world. This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications. Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Security Consultant - Brad Hill

Brad Hill is a Security Consultant with iSEC Partners. Brad Hill brings
to iSEC a decade-plus background working with Internet technologies,
including serving as the lead developer of Web applications and
frameworks for one of the premier private label recordkeeping and
management companies in the financial services industry, where his
responsibilities also included security training, policy development and
compliance. With iSEC he has performed penetration testing and design
review for a wide spectrum of products and technologies, most recently
participating in the Final Security Review of Microsoft Windows Vista.
Brad achieved the Certified Information Systems Security Professional
(CISSP) credential in 2004.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"Commonly Overlooked Cryptographic Vulnerabilities in Web Applications"

Abstract:
This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications. The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.

Director of Research and Development- Patrick Stach

Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.

Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.

Bay Area

2007-01-18T21:58:31Z

Anastasia Stamos: /* Local News */

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:bchristian@spidynamics.com Brian Christian]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

== Local News ==

'''!!!PLEASE RSVP TO Anastasia Stamos (mailto:anastasia@isecpartners.com) AS THERE IS LIMITED SPACE!!!'''

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

WHAT: San Francisco OWASP Chapter Meeting and Mixer

WHEN: Thursday, January 25th, 2007

6:00-6:30 Social (Food and Drinks) and Chapter Announcements

6:30-8:00 "XML Digital Signature and Encryption: Use and Abuse": Brad Hill, iSEC Partners

8:00-8:15 Q and A

8:15-9:00 "Commonly Overlooked Cryptographic Vulnerabilities in Web Applications"
Patrick Stach, Stach and Liu

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com)
We recommend arriving by public transit as parking is extremely limited.

WHY: To network, socialize and learn more about Web Application Security

WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill and Patrick Stach will present.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"XML Digital Signature and Encryption: Use and Abuse"

Abstract:
The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world. This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications. Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Security Consultant - Brad Hill

Brad Hill is a Security Consultant with iSEC Partners. Brad Hill brings
to iSEC a decade-plus background working with Internet technologies,
including serving as the lead developer of Web applications and
frameworks for one of the premier private label recordkeeping and
management companies in the financial services industry, where his
responsibilities also included security training, policy development and
compliance. With iSEC he has performed penetration testing and design
review for a wide spectrum of products and technologies, most recently
participating in the Final Security Review of Microsoft Windows Vista.
Brad achieved the Certified Information Systems Security Professional
(CISSP) credential in 2004.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"Commonly Overlooked Cryptographic Vulnerabilities in Web Applications"

Abstract:
This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications. The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.

Director of Research and Development- Patrick Stach

Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.

Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.

OWASP Community

2007-01-18T18:48:18Z

Anastasia Stamos: adding SF Chapter Meeting to calendar of events

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events. This page is monitored, and items will be copied to the front page.

Please post new items in chronological order using the following format:

<nowiki>
'''Mon ## (##:00h) - [[Article]]'''
</nowiki>



==Events==

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Dec 19 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Dec 18 (18:30h) - [[Rochester|Rochester chapter meeting]]'''

'''Dec 14 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Dec 13 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Dec 12 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Dec 12 (18:00h) - [[Cleveland|Cleveland chapter meeting]]'''

'''Dec 12 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Dec 7 (17:30h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Dec 6 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Dec 6 (18:30h) - [[Boston|Boston chapter meeting]] (cancelled)'''

'''Dec 5 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Nov 21 (11:30h) - [[Austin|Austin chapter meeting]]

'''Nov 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Nov 15 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Nov 14 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Nov 13 (14:30h) - [[Israel|Israeli chapter mini-conference at IDC Herzliya]]'''

'''Nov 11 (10:00h) - [[Switzerland|Kickoff Meeting OWASP Switzerland Local Chapter]]'''

'''Nov 9 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Nov 8 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Nov 6 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Nov 1 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Oct 31 (12:00h) - [[Austin|Austin OWASP chapter]]'''

'''Oct 30 (11:00h) - [[Montgomery|Montgomery chapter meeting]]'''

'''Oct 26 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Oct 24 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Oct 16-18 - [[OWASP AppSec Seattle 2006|OWASP AppSec Seattle 2006 Conference]]'''

'''Oct 16 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Oct 12 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Oct 7 - [[Italy| OWASP Italy at SMAU 06]]'''

'''Oct 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Oct 2 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Sep 29 - [[Italy| OWASP Italy at OpenEXP]]'''

'''Sep 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Sep 27 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Sep 26-27 (08:00h) - [[Manila|OWASP Manila presenting at PhilOSC 2006]]'''

'''Sep 26 (12:00h) - [[Austin|Austin OWASP chapter]]'''

'''Sep 25 (17:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Sep 21 (17:30h) - [[San Francisco|San Francisco chapter meeting]]'''

'''Sep 18 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Sep 14 (18:00h) - [[Brisbane|Brisbane chapter meeting]]'''

'''Sep 14 (18:00h) - [[Belgium|Belgium chapter meeting in Antwerp]]'''

'''Sep 14 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]] (cancelled)'''

'''Sep 12 - [[Edmonton|Edmonton chapter meeting]]'''

'''Sep 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Aug 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Aug 31 (08:00h) - [[Manila|OWASP Manila presentation at UST]]'''

'''Aug 29 (11:30h) - [[Austin|Austin OWASP chapter]]'''

'''Aug 24 (17:30h) - [[Brisbane|Brisbane chapter meeting]]'''

'''Aug 23 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Aug 19 - [[Bangalore|Bangalore chapter meeting]]'''

'''Aug 17 - [[London|London chapter meeting (Central London)]]'''

'''Aug 10 - [[San Jose|San Jose chapter meeting (SJ Hyatt - Airport)]]'''

'''Aug 9 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Aug 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Aug 8 (18:00h) - [[Minneapolis St Paul|Minneapolis / St.Paul chapter meeting]]'''

'''Aug 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Aug 2 (19:30h) - [[OWASP/Blackhat Vegas International Meet-Up]]'''

'''Jul 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jul 27 (12:00h) - [[Austin|Austin OWASP chapter kickoff meeting]]'''

'''Jul 26 (19:15h) - [[Israel|Israel chapter meeting]]'''

'''Jul 19 (12:15h) - [[Hong Kong|Hong Kong chapter meeting]]'''

'''Jul 15 - [[Bangalore|Bangalore chapter meeting]]'''

'''Jul 12 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jul 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Jul 5 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Jun 29 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Jun 26 (15:30h) - [[BostonFinancialDist|Boston financial district chapter meeting]]'''

'''Jun 24 (9:30h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jun 22 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Jun 21 - [[Italy|OWASP presentations at InfoSecurity 2006 (Italy)]]'''

'''Jun 21 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Jun 20 (18:00h) - [[Minneapolis St Paul|Minneapolis/St. Paul chapter meeting]]'''

'''Jun 19 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Jun 16 (16:45h) - [[Spain|Spain chapter meeting (Barcelona)]]'''

'''Jun 14-16 - [http://www.nyphpcon.com NY PHP Conference]'''

'''Jun 14 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jun 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Jun 2 (12:00h) - [[Hong Kong|Hong Kong chapter meeting]]'''

'''May 29-31 - [[AppSec Europe 2006|OWASP AppSec 2006 Europe Conference]]'''

Bay Area

2007-01-18T18:43:42Z

Anastasia Stamos: OWASP Chapter Meeting Notice for 1/25

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:bchristian@spidynamics.com Brian Christian]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

== Local News ==

'''!!!PLEASE RSVP TO Anastasia Stamos (mailto:anastasia@isecpartners.com) AS THERE IS LIMITED SPACE!!!'''

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

WHAT: San Francisco OWASP Chapter Meeting and Mixer

WHEN: Thursday, January 25th, 2007

6:00-6:30 Social (Food and Drinks) and Chapter Announcements

6:30-8:00 Presentation I "XML Digital Signature and Encryption: Use and Abuse": Brad Hill, iSEC Partners

8:00-8:15 Q and A

8:15-9:00 Presentation II: Patrick Stach, Stach and Liu

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com)
We recommend arriving by public transit as parking is extremely limited.

WHY: To network, socialize and learn more about Web Application Security

WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill of iSEC Partners will deliver the presentation "XML Digital Signature and Encryption: Use and Abuse".

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"XML Digital Signature and Encryption: Use and Abuse"

Abstract:
The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world. This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications. Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Security Consultant - Brad Hill

Brad Hill is a Security Consultant with iSEC Partners. Brad Hill brings
to iSEC a decade-plus background working with Internet technologies,
including serving as the lead developer of Web applications and
frameworks for one of the premier private label recordkeeping and
management companies in the financial services industry, where his
responsibilities also included security training, policy development and
compliance. With iSEC he has performed penetration testing and design
review for a wide spectrum of products and technologies, most recently
participating in the Final Security Review of Microsoft Windows Vista.
Brad achieved the Certified Information Systems Security Professional
(CISSP) credential in 2004.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Presentation II

Abstract:
This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications. The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.

Director of Research and Development- Patrick Stach

Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.

Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.