OWASP - User contributions [en]

Helsinki

2009-11-11T12:04:32Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''19.00- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy'''

Download presentation from our file-page:[[File:Security_in_integration_and_ESB-OWASP_20091020.pdf]]

'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-11-11T12:03:57Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''19.00- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy'''

Download presentation from our file-page:[[File:Security_in_integration_and_ESB-OWASP_20091020.pdf]]

'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-28T13:09:47Z

Antti: /* OWASP Helsinki Chapter Meeting #10: October 20 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Code Analysis, Jussi Liukkonen, CTO, Cubical Solutions'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy'''

Download presentation from our file-page:[[File:Security_in_integration_and_ESB-OWASP_20091020.pdf]]

'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-28T12:59:48Z

Antti: /* OWASP Helsinki Chapter Meeting #10: October 20 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Code Analysis, Jussi Liukkonen, CTO, Cubical Solutions'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

File:Security in integration and ESB-OWASP 20091020.pdf

2009-10-28T12:57:43Z

Antti:

Helsinki

2009-10-28T12:50:47Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Code Analysis, Jussi Liukkonen, CTO, Cubical Solutions'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-27T21:50:47Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Speaker unconfirmed'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-27T21:45:39Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Speaker unconfirmed'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset##nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-25T22:24:09Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009, Unconfirmed */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Speaker unconfirmed'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset ät nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-25T22:23:40Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009, Unconfirmed */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009, Unconfirmed ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Speaker unconfirmed'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset ät nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-25T22:22:43Z

Antti: /* OWASP Helsinki Chapter Meeting #11: November 17 2009, Unconfirmed */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009, Unconfirmed ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Manual vs. Automatic Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu'''

'''18:45 Speaker unconfirmed'''

'''19.15- Sauna and refreshments from our sponsor'''

'''Please register with ilmoittautumiset ät nsense.fi'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-12T11:58:41Z

Antti: /* OWASP Helsinki Chapter Meeting #10: October 20 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #11: November 17 2009, Unconfirmed ==

'''Location: Nsense Oy, Ahventie 4, Espoo'''

'''Time: 18:00-19:30 Unconfirmed'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:05 Word from our sponsor Nsense Oy'''

'''18:15 Static Code analysers, Speaker to be confirmed'''

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-12T11:37:38Z

Antti: /* OWASP Helsinki Chapter Meeting #10: October 20 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:40'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-10-12T11:35:17Z

Antti: /* OWASP Helsinki Chapter Meeting #10: October 20 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:30'''

'''Schedule''' 

'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:00 Word from our sponsor Tieto Oy'''

'''18:10 Distributed Services Security, Representative from Tieto Oy'''

'''18:40 Public Web Services Interface and Security, Representative from Finnish Customs'''

'''19:10 Web Services Security and Authentication, Representative from System Intregator field'''

'''19:40 Closure and move to Vltava'''

'''20:00 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-09-28T15:03:58Z

Antti: /* OWASP Helsinki Chapter Meeting #10: October 20 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:30'''

'''Schedule''' 

'''18:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:15 Word from our sponsor Tieto Oy'''

'''18:30 Distributed Services Security, Representative From Tieto Oy'''

'''19:00 Web Services Security, Speaker not confirmed yet'''

'''19:45 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-09-28T15:01:46Z

Antti: /* OWASP Helsinki Chapter Meeting #9: May 12 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==

'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki'''

'''Time: 18:00-19:300'''

'''Schedule''' 

'''18:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''18:15 Word from our sponsor Tieto Oy'''

'''18:30 Distributed Services Security, Representative From Tieto Oy'''

'''19:00 Web Services Security, Speaker not confirmed yet'''

'''19:45 or so'''

* Enjoy Helsinki Vltava watering hole at own risk & cost near Helsinki Railway station

'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324'''

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-05-07T06:27:40Z

Antti: /* OWASP Helsinki Chapter Meeting #9: April May 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

==== Local News ====
<paypal>Helsinki</paypal>

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

==== Chapter Meetings ====

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==

'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki'''

'''Time: 17:30-19:00'''

'''Schedule''' 

'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:45 Word from our sponsor Louhi Networks

'''18:00 Panel discussion about application scanners
* Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Bar 52 near meeting location

'''Please register with Henri Lindberg henri.lindberg##louhi.fi'''

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

==== Helsinki OWASP Chapter Leaders ====
The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
__NOTOC__
<headertabs/>

Helsinki

2009-03-11T08:20:58Z

Antti: /* OWASP Helsinki Chapter Meeting #8: March 12 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

<paypal>Helsinki</paypal>

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== Current Activities ==

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #9: April May 2009 ==

TBA

== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

'''Time: 13:00-15:00'''

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa & sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2009-01-27T11:09:23Z

Antti: /* OWASP Helsinki Chapter Meeting #8: February March 2009 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

<paypal>Helsinki</paypal>

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== Current Activities ==

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #9: April May 2009 ==

TBA

== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==

'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)'''

'''Time: 17:00-19:00'''

'''Schedule''' 

'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader'''

'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink'''

'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration'''

'''19:00 or so'''

* Enjoy local establishments at own risk & cost at Sello

'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi'''

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor'''
* What OWASP is
* Examples of useful Tools and Documents
* OWASP in Finland
Presentation: [[Image:OWASP_Startups_20090115_Henri.pdf]]

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget
Presentation: [[Image:SDG_Scred_090115.pdf]]

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2009-01-08T10:57:48Z

Antti: /* OWASP Introduction to startup firms: Thursday January 15th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

<paypal>Helsinki</paypal>

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== Current Activities ==

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Helsinki Chapter Meeting #9: April May 2009 ==

TBA

== OWASP Helsinki Chapter Meeting #8: February March 2009 ==

TBA

== OWASP Introduction to startup firms: Thursday January 15th 2009 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Antti Laulajainen, OWASP Chapter Leader'''
* What OWASP is

* Examples of useful Tools and Documents

* OWASP in Finland

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2009-01-08T10:56:07Z

Antti: /* OWASP Introduction to startup firms: Thursday January 15th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

<paypal>Helsinki</paypal>

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== Current Activities ==

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Introduction to startup firms: Thursday January 15th 2008 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''

'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Antti Laulajainen, OWASP Chapter Leader'''
* What OWASP is

* Examples of useful Tools and Documents

* OWASP in Finland

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2009-01-08T10:55:42Z

Antti: /* OWASP Helsinki Meeting #7: Tuesday November 11th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti@owasp.org Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

<paypal>Helsinki</paypal>

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== Current Activities ==

Currently OWASP Helsinki is working on the following tasks:
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish

== OWASP Introduction to startup firms: Thursday January 15th 2008 ==
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki'''
'''Time: 18:00-20:00'''

'''Schedule''' 

'''18:00 Introduction to OWASP by Antti Laulajainen, OWASP Chapter Leader'''
* What OWASP is

* Examples of useful Tools and Documents

* OWASP in Finland

'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred'''
* Henri Lindberg from Scred shares experiences and lessons learned
* How to make your web application more secure with minimal budget

'''18:30 or so'''

* Enjoy local establishments at own risk & cost

== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==

'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki'''

'''Time: 17:00-18:30'''

'''Schedule''' 

'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader'''

*Current state and progress of OWASP Top 10 Finnish translation

'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode'''

*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
*SAFECode publications

'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability'''

*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

'''Discussion'''

'''18:30 or so'''

* Enjoy local establishments at own risk & cost [cerveza, aqua con gas, etc]

''' PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)'''

== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==

'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

'''Time: 18.00 - 20.00'''

'''Schedule'''

'''18.00 Welcome and recent activities. Antti Laulajainen '''

'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware'''

*KPMG Oy IT Security Advisory marketing presentation 15 min
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

Thank you for attending.

You can download the presentation here''' https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20080514#w2008051411524012715

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa & Antti Laulajainen'''

'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Top 10 2007 Finnish

2008-11-10T19:14:16Z

Antti: /* Kooste */

==Johdanto==

'''Huom! Tämä sivu on täysin työn alla. Tavoitteena on aluksi saada työtä valmiiksi sitä mukaa kuin suomennostyöhön osallistuvilla on aikaa. Suomennostyöhön saavat osallistua kaikki.'''

Tervetuloa OWASP Top 10 2007 suomennettuun versioon! Top 10:n 2007 versio on uudelleenkirjoitettu alkuperäisestä vuoden 2004 versiosta, ja kuvaa hyvin niitä tyypillisiä haavoittuvuuksia, joita nykypäivän web-sovelluksista havaitaan.

Java Enterprise Edition-kohtainen lista on ladattavissa [https://www.owasp.org/images/8/89/OWASP_Top_10_2007_for_JEE.pdf täältä].

==Tavoitteet==

'''OWASP Top 10:n tärkein tavoite on kouluttaa sovelluskehittäjiä, suunnittelijoita, arkkitehtejä ja organisaatioita''' tyypillisimpien sovellushaavoittuvuuksien seurauksista. Top 10 tarjoaa perusmenetelmät näiltä haavoittuvuuksilta suojautumiseen - loistava ensiaskel turvalliseen ohjelmistokehitykseen.

'''Tietoturvallisuutta ei saavuteta kerralla'''. Ei riitä, että sovellus tehdään turvalliseksi kerran. Esimerkiksi tämäkin lista on muuttunut vuosien varrella, ja muuttamatta sovelluksesi lähdekoodia uusien uhkien valossa, sovelluksesi voi olla turvaton. Lisätietoja ja tarkempia suosituksia on tarjolla englanninkielisessä dokumentissa [[Top_10_2007-Where to Go From Here|Where to Go From Here]].

'''Turvallisen ohjelmoinnin periaatteet tulee olla mukana kaikissa sovelluksen elinkaaren vaiheissa.'''. Turvallinen web-sovellus on mahdollinen '''''vain''''' kun turvallisen ohjelmistokehityksen elinkaarimalli on mukana (secure SDLC). Tämän mallin tulee olla oletuksena mukana sekä suunnitteluvaiheessa, että kaikissa kehitysvaiheissa. Erilaisia web-sovellusten tietoturvallisuuteen vaikuttavia tekijöitä voidaan nimetä yli 300 kohtaa. Näistä tekijöistä on tarkempia kuvauksia englanninkielisessä dokumentissa [[OWASP_Guide_Project|OWASP Development Guide]], mikä sisältää oleellista luettavaa kaikille nykypäivän web-sovelluskehittäjille.

'''Tämän dokumentin ensisijainen tarkoitus olla opetuksellinen, ei standardi'''. Älä käytä tätä dokumenttia tietoturvallisuuden ohjenuorana tai standardina ottamatta [mailto:owasp@owasp.org meihin yhteyttä] ensin! Jos tarvitset turvallisen ohjelmistokehityksen standardia, OWASPilla on käynnissä tähän liittyviä toisia projekteja. Liittymällä tai antamalla tukea näihin projekteihin tuet niiden edistymistä parhaiten.

==Kiitokset avustajille==

{|
|-

|We thank [http://www.mitre.org/ MITRE] for making ''Vulnerability Type Distribution in [http://cve.mitre.org/ CVE]'' data freely available for use. The OWASP Top Ten project is led and sponsored by [http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif].
|}

Project Lead: Andrew van der Stock (Executive Director, OWASP Foundation)

Co-authors: Jeff Williams (Chair, OWASP Foundation), Dave Wichers (Conference Chair, OWASP Foundation)

We’d like to thank our reviewers:

*Raoul Endres for help in getting the Top 10 going again and with his valuable comments.
*[mailto:coley...at...mitre.org Steve Christey](MITRE) for an extensive peer review and adding the MITRE CWE data
*[http://jeremiahgrossman.blogspot.com/ Jeremiah Grossman] ([http://www.whitehatsec.com/ WhiteHat Security]) for peer reviewing and contributing information about the success (or otherwise) of automated means of detection.
*[http://www.smithline.net/ Neil Smithline] ([http://www.OneStopAppSecurity.com/ OneStopAppSecurity.com]) for comments and producing the Wiki version.
*Sylvan von Stuppe for an exemplary peer review.
*Colin Wong, Nigel Evans and Andre Gironda for e-mailed comments.

==Kooste==

{| border='1' cellpadding='2'
|-
|[[Top_10_2007-A1|A1 - Cross Site Scripting (XSS)]] (Haitallisten komentojen välittäminen käyttäjän selaimeen toisen sivuston kautta)
|
Sovellus on haavoittuva XSS:lle, kun se välittää käyttäjän antaman syötteen selaimelle sellaisenaan tarkastamatta ja käsittelemättä sitä ensin. Tämä mahdollistaa hyökkääjältä tulevien komentojen suorittamisen sovelluksen alaisuudessa. Komennoilla voidaan muuttaa selaimessa esimerkiksi sivuston ulkoasua tai kaapata sivuston istuntotunnisteet.
|
'''Esimerkki'''
Kaksi yleistä XSS-tyyppiä ovat pysyvä ja heijastuva/ei-pysyvä, joiden erona on että pysyvässä tapauksessa komento jää sovelluksen omaan tietokantaan.

Pysyvä: Hyökkääjä muuttaa haavoittuvan yhteisösivuston nimimerkkinsä siten, että se sisältää komennon. Esim: "luser<script src="http://example.com/~luser/xss.js"></script>". Tiedostossa xss.js oleva komento lähettää sivuston istuntotunnisteen hyökkääjälle. Hän jättää sivustolle viestin, jolloin hänen nimimerkkinsä näkyy otsikossa. Viestin lukevan toisen käyttäjän selain suorittaa hänen tietämättään hyökkääjän komennon, minkä jälkeen hyökkääjällä on mahdollisuus käyttää sivustoa hänen tunnuksillaan.

Ei-pysyvä: Käyttäjä on kirjautunut haavoittuvaan yhteisösivustoon, jonka haku-kentässä on XSS-haavoittuvuus. Samalla hän saa hyökkääjältä viestin, joka kehoittaa katsomaan annettu linkki, mikä todellisuudessa ohjaakin osoitteeseen "http://community.example.com/search?term=qwert<script....>". Tällöin hakumoottori ilmoittaa että hakutulos "qwert" ei tuottanut tuloksia, mutta samalla selain suorittaa myös hyökkääjän komennon. Lopputulos on sama.

'''Suositus'''
Tarkasta kaikki syötekentät ja koodaa niistä erikoismerkit toiseen muotoon. Tarkasta ja käsittele myös kaikki kentät, jotka liitetään osaksi vastausviestiä.

|-

|[[Top_10_2007-A2|A2 - Injektio-ongelmat]] (Haitallisen komennon välittäminen syötteessä osaksi taustajärjestelmäkyselyä)
|Injektio-ongelmat, erityisesti SQL-injektio, ovat tyypillisiä web-sovelluksissa. Injektio onnistuu, kun käyttäjän antama syöte istutetaan suoraan osaksi taustajärjestelmäkomentoa tai tietokantakyselyä. Tämä mahdollistaa hyökkääjälle komentojen ajamisen tai tiedon muuttamisen taustajärjestelmässä.
|'''Esimerkki'''
Haavoittuva sovellus etsii kirjautuessa käyttäjän kannasta seuraavalla tietokantakyselyllä:

"SELECT * FROM users WHERE username='" + ''username'' + "' AND password='" + ''password'' + "'"

Parametrit ''username'' ja ''password'' tulevat suoraan kirjautumislomakkeelta. Hyökkääjä antaa admin-käyttäjän salasanaksi: ' OR '1'='1

"SELECT * FROM users WHERE username='admin' AND password='' OR '1'='1'"

Mikä sovellukselle näyttää onnistuneelta kirjautumiselta, vaikka oikea salasana ei ollut tiedossa.

'''Suositus'''
Tarkasta kaikki syötekentät ja koodaa tietokanta- tai muissa taustajärjestelmäkyselyissä käytettävät erikoismerkit toiseen muotoon.

|-

|[[Top_10_2007-A3|A3 - Haitallisen tiedoston suoritus]]
|Käyttäjän antama tiedosto tai tiedostonimi välitetään sovellukselle tarkistamatta tiedoston sisällön tai tiedostonimen oikeellisuutta. Tämä mahdollistaa käyttäjälle tavan liittää haitallista koodia tai haitallisia tiedostoja sovelluksen käyttöön.
|
'''Esimerkki'''
Sovellus ottaa yhtenä parametrinaan osaksi sivuston generoivaa koodia sisältävän tiedoston nimen. Oletus on, että käytetään jotakin sivuston omista tiedostoista, mutta hyökkääjä vaihtaa nimen osoittamaan omalle palvelimelleen. Hyökkääjän tiedosto sisältää koodia, joka avaa hänelle pääsyn sovellusta isännöivään järjestelmään.

'''Suositus'''
Tarkasta, että syötteenä käytetyt tiedostot eivät sisällä suoritettavaa koodia tai että tiedostojen alkuperä on tunnettu.

|-

|[[Top_10_2007-A4|A4 - Turvaton suora objektiviittaus]]
|Jos sovellus käyttää suoria viittauksia sovelluksen sisäisesti käyttämiin objekteihin, kuten tiedostoihin tai tietokantatauluihin tai avaimiin, viittaukset voivat esimerkiksi paljastua käyttäjälle näkyvien parametrien arvona. Tämä mahdollistaa käyttäjälle valtuuttamattoman pääsyn sovelluksen sisäisiin objekteihin muuttamalla viittauksien arvoja toisiin.
|
'''Esimerkki'''
Verkkopankkisovelluksessa käytetään tiliin viittamiseen asiakkaan tilinumeroa. Hyökkääjä, yksi verkkopankin käyttäjä, huomaa että tilitietojen kyselyssä yhtenä parametrina välitetään hänen oma tilinumeronsa. Hän muuttaa tämän parametrin arvon toisen käyttäjän tilinumeroksi, ja sovellus paljastaa toisen käyttäjän tilitiedot.

'''Suositus'''
Tarkasta jokaisen pyynnön kohdalla, että käyttäjällä on oikeus suoritettavaan toimintoon.

|-

|[[Top_10_2007-A5|A5 - Cross Site Request Forgery (CSRF)]] (Haitallisen sovelluskutsun tekeminen toisen käyttäjän valtuuksilla pyyntöhuijauksen avulla)
|
CSRF hyökkäyksessä hyökkääjä lähettää sovellukseen kirjautuneelle käyttäjälle esimerkiksi väärennetyn linkin, joka ohjaa käyttäjän selaimen suorittamaan hyökkääjän määräämän toiminnon käyttäjän valtuuksilla. Tämä voidaan tehdä täysin käyttäjän tietämättä, sillä kyseinen kutsu voidaan piilottaa esimerkiksi kuvaelementin sisään jollakin toisella sivustolla.

''Verrattuna XSS:ään, tämä hyökkäys periaatteen tasolla toimii päinvastoin. Tässä hyökkääjä hyödyntää käyttäjän selainta suorittaakseen komennon sovelluksessa, kun XSS:ssä hyödynnetään sovellusta suorittamaan komento käyttäjän selaimessa.''
|
'''Esimerkki'''
Example.comin pääkäyttäjä saa viestin, jossa on linkki "Katso video". Linkin takana on sivusto, mikä näyttää videon, mutta lisäksi yksi kuva haetaan osoitteesta "https://internaladmin.example.com/firewalladmin/dropallrules.cgi?confirm=yes". Käyttäjä on valmiiksi kirjautunut vain sisäverkossa näkyvään palomuurin hallintaliittymään, ja tämä kutsu poistaa kaikki example.com:in palomuurisäännöt, mikä helpottaa hyökkääjän tehtävää.

'''Suositus'''
Toteuta evästeissä kulkevan istuntotunnisteen lisäksi jokaiseen sovelluskutsuun yhtenä parametrinä satunnainen arvo, jota hyökkääjä ei voi etukäteen tietää.

|-

|[[Top_10_2007-A6|A6 - Tiedon vuotaminen ja puutteelinen virheenkäsittely]]
|
Sovellukset voivat tarkoituksettomasti vuotaa tietoja omista asetuksistaan, sisäisistä toteutustavoistaan tai jopa loukata yksityisyydensuojaa erilaisten hallitsemattomien virhetilanteiden johdosta. Hyökkääjät voivat käyttää sovelluksen virheviesteistä paljastuvia tietoja joko suoraan tai apuna suunnitellessa vakavampia hyökkäyksiä.
|
'''Esimerkki'''
Tunnistuksen yhteydessä tapahtuu hallitsematon virhe, koska yhtä tunnistusparametria oli muutettu odottamattomasti. Poikkeuksen ajonaikaiset tiedot paljastuvat käyttäjälle. Tiedoista myös paljastuu, mikä käyttäjän salasanan pitäisi olla.

'''Suositus'''
Toteuta järjestelmällinen virheenkäsittely, joka käsittelee virhe- ja poikkeustilanteet hallitusti ilmoittamalla ainoastaan yleinen virheilmoitus.

|-

|[[Top_10_2007-A7|A7 - Viallinen tunnistusmenettely ja istunnonhallinta]]
|Käyttäjä- sekä istuntotunnisteet eivät usein ole suojattu riittävillä keinoilla. Tämä mahdollistaa hyökkääjille salasanojen, käyttäjä- tai istuntotunnisteiden keruun järjestelmästä, ja sitä kautta sovelluksen käyttämisen toisten valtuuksilla.
|
'''Esimerkki'''
Sovelluksen istuntotunniste generoidaan liittämällä käyttäjän tunnus sekä päivämäärä ja kellonaika, ja tästä muodostetaan hash-arvo. Hyökkääjä pystyy helposti arvaamaan istuntotunnisteen, kun tietää käyttäjän nimen ja kirjautumisajan. Monesti myös käytetään heikkoja satunnaislukugeneraattoreita, joiden tuottamat satunnaisluvut ovat ennustettavia.

'''Suositus'''
Käytä riittävän vahvoja salasanoja sekä istuntotunnisteita.
|-

|[[Top_10_2007-A8|A8 - Kryptografisesti turvaton tiedon säilytys]]
|Web-sovelluksissa käytetään vain harvoin asianmukaisia kryptografisia menetelmiä tiedon ja käyttäjätunnisteiden salaukseen esimerkiksi tietokannassa. Tietokantainjektion avulla tai jollain muulla keinolla tietoihin käsiksi pääsevä hyökkääjä voi tästä johtuen helposti selvittää esimerkiksi käyttäjien identiteettitietoja ja luottokorttinumeroita.
|
'''Suositus'''
Käytä tiedon salaukseen asiantuntijoiden hyväksymiä kryptografisia menetelmiä.
|-

|[[Top_10_2007-A9|A9 - Turvattomat tietoliikenneyhteydet]]
|Sovellukset eivät usein käytä asianmukaisesti salattuja tietoliikenneyhteyksiä. Tämä voi johtaa esimerkiksi liikenteen salakuunteluun.
|
'''Suositus'''
Käytä riittävän vahvaa SSL/TLS-yhteyttä suojaamaan tietoliikenneyhteydet.
|-

|[[Top_10_2007-A10|A10 - Rajoittamaton URL-tason pääsy]]
|Sovellusten pääsynvalvonta perustuu monesti siihen, että valtuuttamattomalle käyttäjälle ei näytetä linkkejä niihin toimintoihin, joihin hänellä ei ole oikeuksia. Kuitenkin nämä osoitteet saattavat olla yleisesti tunnettuja tai helposti arvattavia, ja hyökkääjä pystyy suorittamaan valtuuttamattomia toimia siirtymällä näihin osoitteisiin suoraan.
|
'''Esimerkki'''
Intranet-sovelluksen pääkäyttäjätoimintoja ei näytetä tavalliselle käyttäjälle. Käyttäjä kuitenkin voi suorittaa kyselyn intranet-osoitteeseen: "https://employees.example.com/raisesalary?user=luser&raisesalaryby=10000", vaikka palkankorotuksen pitäisi olla mahdollista vain pääkäyttäjälle.

'''Suositus'''
Tarkasta jokaisen pyynnön kohdalla, että käyttäjällä on oikeus suoritettavaan toimintoon.

|}
'''<center>Taulukko 1: Web-sovellusten Top 10-haavoittuvuudet 2007</center>'''

There are several pages in this document that are not dedicated to a specific vulnerability and hence are not listed in the table. Here is the list of them.
Tämä dokumentti sisältää myös muutamia sivuja, jotka eivät suoraan kosketa mitään tiettyä haavoittuvuutta. Nämä on listattu seuraavassa taulukossa.

{| border='1' cellpadding='2'
|-
|[[Top 10 2007 Finnish]]
|Dokumentin pääsivu (tämä sivu) tarjoaa johdannon ja mahdollisuuden kirjanmerkata "Kooste" osuuden, jotta voit käyttää sitä helposti tarvittaessa. (lisää [https://www.owasp.org/index.php/Top_10_2007_Finnish#Kooste tämä linkki] selaimesi kirjanmerkkeihin)
|-
|[[Top 10 2007-Methodology]]
|Kuvaus tähän dokumenttiin valittujen haavoittuvuuksien valintamenetelmistä.
|-
|[[Top 10 2007-Where to Go From Here]]
|Vinkkejä siihen kuinka jatkaa tämän dokumentin lukemisen jälkeen.
|-
|[[Top 10 2007-References]]
|Suositeltavaa luettavaa.
|}
'''<center>Taulukko 1a: Sivut ''OWASP Top Ten 2007'' dokumentissä, jotka eivät liity ylläoleviin haavoittuvuussivuihin.</center>'''

==A Note About The Different Versions==
While the only official version of the ''OWASP Top Ten 2007'' list is the downloadable English PDF version, OWASP has put together this Wiki that initially contains the same content as the PDF. But OWASP hopes that will change with your help. OWASP encourages community involvement and wants your help to make the Wiki version even better. To aid in this they have put together a brief [[Editing:Top_10_2007|tutorial]] to get you started.

==Downloadable Versions==
You can download the Top 10 2007 (Final) here:

* [http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf (PDF, 930 kb)]


* [https://www.owasp.org/images/c/ce/OWASP_Top_10_2007_-_French.pdf (French Version PDF, 455 kb)]

* [http://www.metasecurity.org/owasp/OWASP_Top_10_2007_Korean.pdf (Korean Version PDF, 768 kb)]

* [http://csirt.ulakbim.gov.tr/dokumanlar/Ceviri_OWASP_ilk10_2007.pdf (Turkish Version PDF, 718 kb)]

* [http://www.owasp.org/images/4/42/OWASP_TOP_10_2007_PT-BR.pdf (Brazilian Portuguese PDF, 329 kb)]

* [https://www.owasp.org/images/a/ae/OWASP_Top_10_2007_Spanish.pdf (Spanish PDF, 488kb)]

* [https://www.owasp.org/images/8/89/OWASP_Top_10_2007_for_JEE.pdf OWASP Top 10 for Java Enterprise Edition (PDF, 630 kb)]

* Looking for a version in another language? We could use your help translating. Contact Andrew van der Stock (vanderaj ...(@)... owasp.org) to help translating the OWASP Top 10 into your language.

{{Top_10_2007:BottomTemplate|usenext=NextLink|next=-Methodology|useprev=Nothing|usemain=Nothing}}

Helsinki

2008-11-05T15:01:10Z

Antti: /* OWASP Helsinki Meeting: November 11 */

Helsinki

2008-11-05T14:59:39Z

Antti: /* OWASP Helsinki Meeting: <TIME AND PLACE TO BE CONFIRMED> */

OWASP EU Summit 2008 Paid Participants

2008-09-09T12:09:07Z

Antti: /* Provisory list of 'expenses paid' participants */

== Provisory list of 'expenses paid' participants ==

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECTED CONFERENCE PAID ATTENDEES AND/OR SPEAKERS - NEEDS OWASP BOARD CONFIRMATION'''
|-
| style="width:20%; background:#b3b3b3" align="center"|'''NAME'''
| style="width:40%; background:#b3b3b3" align="center"|'''POSITION/REASON OF ATTENDANCE'''
| style="width:20%; background:#b3b3b3" align="center"|'''COUNTRY'''
| style="width:20%; background:#b3b3b3" align="center"|'''DEPARTURE (AIRPORT/CITY)'''
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP BOARD MEMBERS & EMPLOYEES'''
|-
| style="width:20%; background:#cccccc" align="center"|Jeff Williams
| style="width:40%; background:#cccccc" align="center"|Board, Chair, Wiki, Management
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Washington, D.C.
|-
| style="width:20%; background:#cccccc" align="center"|Dave Wichers
| style="width:40%; background:#cccccc" align="center"|Board, Conferences, Financials
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Washington, D.C.
|-
| style="width:20%; background:#cccccc" align="center"|Dinis Cruz
| style="width:40%; background:#cccccc" align="center"|Board, Firehose of Ideas and Money spender
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Tom Brennan
| style="width:40%; background:#cccccc" align="center"|Board, OWASP Governance
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|New York, NY
|-
| style="width:20%; background:#cccccc" align="center"|Sebastien Deleersnyder
| style="width:40%; background:#cccccc" align="center"|Board, OWASP Chapters and Projects
| style="width:20%; background:#cccccc" align="center"|Belgium
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Paulo Coimbra
| style="width:40%; background:#cccccc" align="center"|Employee, Project Manager
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Kate Hartmann
| style="width:40%; background:#cccccc" align="center"|Employee, Operations Director
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Washington, D.C.
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SUMMER OF CODE 2008 PROJECT LEADERS & REVIEWERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Achim Hoffmann
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Skavenger Project, OWASP w3af Project
| style="width:20%; background:#cccccc" align="center"|Germany
| style="width:20%; background:#cccccc" align="center"|Frankfurt or Munich
|-
| style="width:20%; background:#cccccc" align="center"|Alexander Fry
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Source Code Review OWASP Projects OWASP Teachable Static Analysis Workbench OWASP WeBekci Project
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Arshan Dabirsiaghi
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP AntiSamy Project
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Baltimore, MD
|-
| style="width:20%; background:#cccccc" align="center"|Andrew Petukhov
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Access Control Rules Tester Project
| style="width:20%; background:#cccccc" align="center"|Russia
| style="width:20%; background:#cccccc" align="center"|Moscow
|-
| style="width:20%; background:#cccccc" align="center"|Dmitry Kozlov
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Teachable Static Analysis, OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project
| style="width:20%; background:#cccccc" align="center"|Russia
| style="width:20%; background:#cccccc" align="center"|Moscow
|-
| style="width:20%; background:#cccccc" align="center"|Arturo Alberto Busleiman
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Enigform and mod_Openpgp
| style="width:20%; background:#cccccc" align="center"|Argentina
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Carlo Pelliccioni
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Backend Security Project
| style="width:20%; background:#cccccc" align="center"|Italy
| style="width:20%; background:#cccccc" align="center"|Rome (FCO)
|-
| style="width:20%; background:#cccccc" align="center"|Deb, LX Studios
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Book Cover & Sleeve Design, OWASP Individual & Corporate Member Packs, Conference Attendee Packs
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Eduardo Vianna de Camargo Neves
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Positive Security
| style="width:20%; background:#cccccc" align="center"|Brazil
| style="width:20%; background:#cccccc" align="center"|Curitiba (CWB)
|-
| style="width:20%; background:#cccccc" align="center"|Wagner Elias
| style="width:40%; background:#cccccc" align="center"|Reviwer, OWASP Positive Security
| style="width:20%; background:#cccccc" align="center"|Brazil
| style="width:20%; background:#cccccc" align="center"|São Paulo(GRU)
|-
| style="width:20%; background:#cccccc" align="center"|Eoin Keary
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Code Review Guide, Chapter Leader
| style="width:20%; background:#cccccc" align="center"|Ireland
| style="width:20%; background:#cccccc" align="center"|Dublin (DUB)
|-
| style="width:20%; background:#cccccc" align="center"|Esteban Ribicic
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Backend Security Project OWASP Classic ASP Security Project OWASP AntiSamy .NET OWASP Interceptor Project - 2008 Update
| style="width:20%; background:#cccccc" align="center"|Croatia
| style="width:20%; background:#cccccc" align="center"|Wien
|-
| style="width:20%; background:#cccccc" align="center"|Fabio Cerullo
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Internationalization Guidelines Project OWASP Spanish Project
| style="width:20%; background:#cccccc" align="center"|Ireland
| style="width:20%; background:#cccccc" align="center"|Dublin (DUB)
|-
| style="width:20%; background:#cccccc" align="center"|Frederick Donovan
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Application Security Desk Reference (ASDR)
| style="width:20%; background:#cccccc" align="center"|United States
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Heiko Webers
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Ruby on Rails Security Project
| style="width:20%; background:#cccccc" align="center"|Germany
| style="width:20%; background:#cccccc" align="center"|Frankfurt
|-
| style="width:20%; background:#cccccc" align="center"|Anthony Shireman
| style="width:40%; background:#cccccc" align="center"|Project reviewer, OWASP Ruby on Rails Security Project
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Portland, OR (PDX)
|-
| style="width:20%; background:#cccccc" align="center"|Juan Carlos Calderon
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Internationalization Guidelines OWASP Spanish Project OWASP Classic ASP Security Project
| style="width:20%; background:#cccccc" align="center"|Mexico
| style="width:20%; background:#cccccc" align="center"|MMAS - Aguascalientes, Mexico
|-
| style="width:20%; background:#cccccc" align="center"|Justin Derry
| style="width:40%; background:#cccccc" align="center"|Chapter leader & Project Leader, OWASP Interceptor Project
| style="width:20%; background:#cccccc" align="center"|Sydney Australia
| style="width:20%; background:#cccccc" align="center"|Sydney Australia
|-
| style="width:20%; background:#cccccc" align="center"|Kevin Fuller
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Testing Guide v3 OWASP SQL Injector Benchmarking Project (SQLiBENCH)
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Sacramento Ca
|-
| style="width:20%; background:#cccccc" align="center"|Leonardo Cavallari Militelli
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Application Security Desk Reference (ASDR)
| style="width:20%; background:#cccccc" align="center"|Brazil
| style="width:20%; background:#cccccc" align="center"|Sao Paulo (GRU)
|-
| style="width:20%; background:#cccccc" align="center"|Mark Roxberry
| style="width:40%; background:#cccccc" align="center"|Leader, OWASP .NET Project
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Matt Tesauro
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Live CD 2008
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Austin, TX or Dallas, TX
|-
| style="width:20%; background:#cccccc" align="center"|Matteo Meucci
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Testing Guide
| style="width:20%; background:#cccccc" align="center"|Italy
| style="width:20%; background:#cccccc" align="center"|Rome
|-
| style="width:20%; background:#cccccc" align="center"|Matthias Rohr
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Skavenger Project
| style="width:20%; background:#cccccc" align="center"|Germany
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Michael Coates
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP AppSensor
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Chicago
|-
| style="width:20%; background:#cccccc" align="center"|Nam Nguyen
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Testing Guide v3, Python Static Analysis, OWASP Education
| style="width:20%; background:#cccccc" align="center"|Vietnam
| style="width:20%; background:#cccccc" align="center"|Ho Chi Minh City
|-
| style="width:20%; background:#cccccc" align="center"|P.Satish Kumar
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Code Review Guide
| style="width:20%; background:#cccccc" align="center"|India
| style="width:20%; background:#cccccc" align="center"|Hyderabad/Mumbai/Chennai
|-
| style="width:20%; background:#cccccc" align="center"|Paolo Perego
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Orizon Project
| style="width:20%; background:#cccccc" align="center"|Italy
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Parvathy Iyer
| style="width:40%; background:#cccccc" align="center"|OWASP Corporate Application Security Guide
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Newark (New Jersey)or Newyork (Newyork city)
|-
| style="width:20%; background:#cccccc" align="center"|Pierre Parrend
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP OpenSign Server Project OWASP Application Security Verification Standard
| style="width:20%; background:#cccccc" align="center"|France
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Stephen Craig Evans
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Securing WebGoat using ModSecurity
| style="width:20%; background:#cccccc" align="center"|Singapore
| style="width:20%; background:#cccccc" align="center"|Singapore
|-
| style="width:20%; background:#cccccc" align="center"|Jason Li
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP JSP Testing Tool
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Baltimore
|-
| style="width:20%; background:#cccccc" align="center"|Gandhi Aryavalli Sriranga Narasimha
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Application Security Desk Reference (ASDR)
| style="width:20%; background:#cccccc" align="center"|India
| style="width:20%; background:#cccccc" align="center"|Bangalore
|-
| style="width:20%; background:#cccccc" align="center"|Rodrigo Marcos
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Internationalization Guidelines Project OWASP Spanish Project
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Marcin Wielgoszewski
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP AntiSamy.NET
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|New York, NY
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SUMMER OF CODE 2008 SPECIAL PROJECT CONTRIBUTORS'''
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SUMMER OF CODE 2008/LOGISTICS'''
|-
| style="width:20%; background:#cccccc" align="center"|Sarah Cruz
| style="width:40%; background:#cccccc" align="center"|Project leader, Graphic Design
| style="width:20%; background:#cccccc" align="center"|UK
| style="width:20%; background:#cccccc" align="center"|London
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP SPRING OF CODE 2007 PROJECT LEADERS & REVIEWERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Joshua Perrymon
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP LiveCD, OWASP Phishing Framework, Alabama Chapter Lead
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Birmingham,AL
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP AUTUMN OF CODE 2006 PROJECT LEADERS & REVIEWERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Rogan Dawes
| style="width:40%; background:#cccccc" align="center"|Project leader, WebScarab-NG
| style="width:20%; background:#cccccc" align="center"|South Africa
| style="width:20%; background:#cccccc" align="center"|Johannesburg, South Africa
|-
| style="width:20%; background:#cccccc" align="center"|Simon Roses Femerling
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Pantera
| style="width:20%; background:#cccccc" align="center"|Spain
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''ACTIVE PROJECT LEADERS (NOT CURRENTLY PARTICIPATING ON SOC 08)'''
|-
| style="width:20%; background:#cccccc" align="center"|Alex Smolen
| style="width:40%; background:#cccccc" align="center"| Project leader, .NET ESAPI
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''ACTIVE CHAPTER LEADERS (NOT CURRENTLY PARTICIPATING ON SOC 08)'''
|-
| style="width:20%; background:#cccccc" align="center"|Steve Antoniewicz
| style="width:40%; background:#cccccc" align="center"|Chapter Board Member, NY/NJ Metro
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Kuai Hinojosa
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Twin-Cities
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|?
|-
| style="width:20%; background:#cccccc" align="center"|Jim Manico
| style="width:40%; background:#cccccc" align="center"|Chapter leader/founder, Hawaii
| style="width:20%; background:#cccccc" align="center"|Hawaii, USA
| style="width:20%; background:#cccccc" align="center"|Anahola, Island of Kauai
|-
| style="width:20%; background:#cccccc" align="center"|Rex Booth
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Washington DC
| style="width:20%; background:#cccccc" align="center"|USA
| style="width:20%; background:#cccccc" align="center"|Washington DC
|-
| style="width:20%; background:#cccccc" align="center"|Andrzej Targosz
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Poland
| style="width:20%; background:#cccccc" align="center"|Poland
| style="width:20%; background:#cccccc" align="center"|Cracow
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
! colspan="7" align="left" style="background:white; color:black"|'''SIGNIFICANT PAST OWASP CONTRIBUTOR (THAT IS NOT ALREADY COVERED BY ONE OF THE ABOVE CATEGORIES)'''
|-
| style="width:20%; background:#cccccc" align="center"|David Rook
| style="width:40%; background:#cccccc" align="center"|Code Review Guide Contributor, Irish Chapter Contributor
| style="width:20%; background:#cccccc" align="center"|Ireland
| style="width:20%; background:#cccccc" align="center"|Dublin (DUB)
|-
! colspan="7" align="left" style="background:white; color:black"|'''OWASP NON-INDIVIDUAL MEMBERS'''
|-
| style="width:20%; background:#cccccc" align="center"|Name
| style="width:40%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
|-
|}

Helsinki

2008-08-25T10:18:13Z

Antti: /* OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 */

Helsinki

2008-08-25T10:15:16Z

Antti: /* OWASP Goes! CERT-FI, Thursday, June 12th 2008 */

OWASP EU Summit 2008

2008-07-04T13:32:19Z

Antti: /* Active Chapter Leaders */

(WORK IN PROGRESS /UNDER DISCUSSION)
== UPDATES ==
*[[OWASP EU Summit 2008 - updates|'''OWASP EU Summit 2008 - updates''']]

== What: OWASP Summit, a conference about OWASP and for OWASP's community ==
=== When: 4 to 7 Nov 2008 (4 & 5: Meetings and Training, 6 & 7: Conference) ===
=== Where: Portugal ===
Faro or Lisbon
=== Organization===
Paulo Coimbra and Dinis Cruz
== Agenda ==
Theme: Present OWASP's projects, community and activities ..... '....Connecting the dots.... "

'''Day 1 & 2'''
*Training sessions (similar to what happens at the moment at the other OWASP conferences)
*OWASP Working Group sessions (1/2 day each) on:
** OWASP Governance, "What is OWASP's position on ...." & Action Plan for 2009
** ESAPI
** Browser Security
** OWASP Top 10 2009

'''Day 3 & 4 Agenda:'''
* Presentations from AoC, SpoC and SoC Participants
* Presentations from 'Release' Quality OWASP projects (not included in the list above) or Key OWASP projects (like ESAPI)
* Presentations about OWASP : How it works, Financial reports, OotM (OWASP on the Move), new project management guidelines, local chapter finances, OWASP governance
* Presentation from Chapter leaders on the activities developed on their project
* Discussion on next steps for OWASP and focus of next OWASP financial investment plans

Other ideas:

* vote on 6th OWASP board member (Candidates to Apply)

== other details==

'''Projected Attendees:450 '''
* 200 with some (or all) expenses covered by OWASP
** 33 SoC participants
** 70 SoC reviewers
** 10 SoC Collaborators
** 15 AoC & SpoC participants
** 15 Chapter Leaders
** 8 OWASP Board & Employees
** 49 OWASP non-individual members (2x per 9k Corporate? 1x for the others?)

=== Financial details ===
'''Expenses'''
* Accommodation & meals: 80,000 USD = 400 USD per person (200x) for 3 nights accommodation and 5 meals (3 dinners and 2 lunches)
* Flights & Trains : 70,000 USD

'''Revenue sources'''
* Tickets (for the 250 non 'OWASP invited' attendees)
* Training Sessions
* Conference sponsors

== Participants ==
=== OWASP Board members & employees ===
* Jeff Williams
* Dave Wichers
* Dinis Cruz
* Tom Brennan
* Sebastien Deleersnyder
* Paulo Coimbra
* Kate Hartmann (to be confirmed)
* Alison McNamee (to be confirmed)
* Larry Casey (to be confirmed)

=== Summer of Code 08 Participants & Reviewers ===
* (please add your name in the following format)
* OWASP Classic ASP Security Project
**Reviewer Esteban Ribicic Argentina -living in Croatia/Wien-
**Project Lead - Juan Carlos Calderon - Mexico
* OWASP Internationalization Guidelines
**Reviewer Esteban Ribicic Argentina -living in Croatia/Wien-
**Project Lead - Juan Carlos Calderon - Mexico
* OWASP Spanish Project Reviewer Esteban Ribicic
**Reviewer Esteban Ribicic Argentina -living in Croatia/Wien-
**Project Lead - Juan Carlos Calderon - Mexico
* OWASP Ruby on Rails Security Project Leader Heiko Webers from Germany
* OWASP Code Review Guide Lead - Eoin Keary - Ireland
* OWASP Enigform and mod_Openpgp - Arturo Alberto Busleiman (a.k.a Buanzo) - Argentina
* OWASP AppSensor - Michael Coates - United States
* OWASP ASDR - Leonardo Cavallari Militelli - Brazil
*OWASP Corporate Application security guide- Parvathy Iyer- USA
* OWASP Backend Security Project - Carlo Pelliccioni - Italy
* OWASP Source Code Review OWASP Projects - Marco M. Morana (2nd reviewer) - United States
* OWASP Access Control Rules Tester Project
**Project leader - Andrew Petukhov - Russia, Moscow
* OWASP Live CD 2008
** Project Leader - Matt Tesauro - Austin, USA

=== Spring of Code 07 Participants (Completed Projects) ===
* Refresh Attacks list - Przemyslaw Skowron - Poland

* (please add your name)
* {Project} {Name} {Origin Country}

=== Autumn of Code 06 Participants ===
* (please add your name)
* {Project} {Name} {Origin Country}

* WebScarab-NG, Rogan Dawes, South Africa
* OWASP Pantera, Simon Roses Femerling, Spain

=== Active Chapter Leaders ===
* (please add your name in the following format)
* {Chapter} {Role} {Name} {Origin Country}
* Helsinki chapter leader - Antti Laulajainen, Finland
* NY/NJ Metro Board Member - Steve Antoniewicz, USA
* Twin-Cities chapter leader - Kuai Hinojosa, MN, USA
* Hawaii chapter leader/founder - Jim Manico, Anahola, Island of Kauai, Hawaii, USA

=== Active Project Leaders (not currently participating on SoC 08)===
* (please add your name in the following format)
* {Project} {Role} {Name} {Origin Country}
.NET ESAPI - Project Leader - Alex Smolen - USA

=== Significant Past OWASP contributor (that is not already covered by one of the above categories) ===
* (please add your name in the following format)
* {Project/Chapter} {Role} {Name} {Origin Country}

=== Logistic and Support team ===
* Summit Graphic Design + Summit organization + on-site logistics support, Sarah Cruz, UK (London)

Helsinki

2008-05-20T07:29:46Z

Antti: /* OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 */

File:OWASP HelsinkiChapter 130508.pdf

2008-05-20T07:24:50Z

Antti: Chapter Meeting presentation 13th of May 2008

Chapter Meeting presentation 13th of May 2008

Helsinki

2008-05-12T06:27:36Z

Antti: /* OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 */

Helsinki

2008-05-06T11:17:51Z

Antti: /* OWASP Goes! CERT-FI, Thursday, June 12th 2008 */

Helsinki

2008-05-06T11:07:48Z

Antti: /* OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 */

Helsinki

2008-05-06T10:58:35Z

Antti: /* OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 */

Helsinki

2008-04-09T09:56:40Z

Antti: /* OWASP Goes! Thursday, June 12th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==

'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki'''

'''Time: 16.00 - 20.00'''

'''Schedule'''

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''
* CERT-FI as a vulnerability coordinator
* Coordination examples

'''18.00 Possibility to continue the evening at the One Pint Pub'''
* If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Wanha Mylly, Linnanrakentajankatu 12, 00810 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10 - 17.00 TBA'''

'''17.30 - 20.00 Drinks at Ravintola Wanha Mylly terrace'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-04-09T09:48:50Z

Antti: /* OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Goes! Thursday, June 12th 2008 ==

CERT-FI is going to introduce their activities to OWASP Helsinki on 12th of June from 4 pm to 6 pm.
Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki

'''Schedule'''
16.00 Welcome and recent activities. Antti Laulajainen

16.10 Introduction of CERT-FI
Juhani Eronen
Information Security Adviser
CERT-FI
16.30 Vulnerability coordination
* CERT-FI as a vulnerability coordinator
* Coordination examples
Juhani Eronen
Information Security Adviser
CERT-FI
18.00 Possibility to continue the evening at the One Pint Pub
* If someone fancies a (self-financed) beer

Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Wanha Mylly, Linnanrakentajankatu 12, 00810 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10 - 17.00 TBA'''

'''17.30 - 20.00 Drinks at Ravintola Wanha Mylly terrace'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Wanha Mylly, Linnanrakentajankatu 12, 00810 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10 - 17.00 TBA'''

'''17.30 - 20.00 Drinks at Ravintola Wanha Mylly terrace'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-04-09T09:46:19Z

Antti: /* OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==

'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Wanha Mylly, Linnanrakentajankatu 12, 00810 Helsinki'''

'''Time: 16.00 - 20.00'''

Welcome to spring meeting 2008.

'''Schedule'''

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

'''16.10 - 17.00 TBA'''

'''17.30 - 20.00 Drinks at Ravintola Wanha Mylly terrace'''

Hope to see as many of you as possible!

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-03-07T09:05:37Z

Antti: /* OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-03-03T12:11:31Z

Antti: /* OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

'''Schedule'''

'''18.30 - 18.40 OWASP Helsinki update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-02-21T12:24:39Z

Antti: /* OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Director of Special Operations of Sentor Mr. Jussi Jaakonaho. His topic will be a real life application exploit

'''Schedule'''

'''18.30 - 18.40 OWASP Helsinki update. Antti Laulajainen'''

'''18.40 - 20.30 Application Vulnerability Exploit -real life case. Jussi Jaakonaho'''

Hope to see as many of you as possible!

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-02-21T12:19:37Z

Antti: /* OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
'''Time: 18.30 - 20.30'''

Welcome to first meeting of 2008. We are pleased to have as a speaker Director of Special Operations of Sentor Mr. Jussi Jaakonaho. His topic will be a real life application exploit

'''Schedule'''

'''18.30 - 18.40''' OWASP Helsinki update Antti Laulajainen

'''18.40 - 20.30''' Application Vulnerability Exploit -real life case Jussi Jaakonaho

Welcome everybody

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-02-14T15:12:57Z

Antti: /* OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-02-14T15:11:52Z

Antti: /* OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here''' https://www.owasp.org/index.php/Image:RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-02-14T15:10:38Z

Antti: /* OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here https'''

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
'''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-02-14T15:10:16Z

Antti: /* OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

'''You can download the presentation here https'''

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
You can download the presentation here: https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

File:RWSUG5 Agile Security Management.pdf

2008-02-14T15:07:28Z

Antti: OWASP Presentation at RWSUG Finland seminar

OWASP Presentation at RWSUG Finland seminar

Helsinki

2008-01-27T22:23:32Z

Antti:

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
You can download the presentation here: https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-01-27T22:21:08Z

Antti:

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]
 The chapter mailing address is: 
Antti Laulajainen /Ixonos 
Hitsaajankatu 20 
00810 Helsinki 
Finland |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
You can download the presentation here: https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki

2008-01-27T22:06:26Z

Antti: /* OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 */

{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:antti.laulajainen@ixonos.com Antti Laulajainen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}}

== Local News ==

'''Welcome to the OWASP Helsinki Chapter'''

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==
Details TBA
 

== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''
 
Details TBA
 

== OWASP Helsinki & RWSUG Seminar Tuesday, January 29th 2008 ==
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.'''
'''Time: 11.15 - 19.00'''

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

See program below. Most of it is Finnish only
*11.15 Ilmoittautuminen alkaa
*11.15-12.00 Buffet-lounas
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE

*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
*13.30-13.45 Kahvitauko
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
*15.30-15.45 Tauko
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
*16.30-17.15 Jazz Update IBM
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa
 

== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors.
 A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter.
 
You can download the presentation here: https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)
 

== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.'''

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish):
http://mikropc.net/uutiset/index.jsp?categoryId=atk&day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting & Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''
*Commentary on how to build secure software
*Thoughts on the industry

'''WELCOME!'''

== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services & XML Security", Tuesday, June 5th 2007 ==

Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome & quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

'''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".'''

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:
* XML Security Gateways
* Message level threats and security countermeasures in Web services
* OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

'''20:45 Enter Bar 52...'''
--> Enjoy (sponsored) beverages.

== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==

Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.'''

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting & Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst & Young ==

The Helsinki chapter had the first meeting at Ernst & Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

'''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)'''

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

'''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.'''

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...