https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=BkmarshallOWASP - User contributions [en]2026-05-26T15:39:03ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=User:Bkmarshall&diff=251782User:Bkmarshall2019-05-21T22:49:18Z<p>Bkmarshall: </p>
<hr />
<div>Bruce K. Marshall is currently a Senior Security Consultant in Kansas City. He has two decades of experience in the information security field. In that time he has consulted with both small and large clients, while using his experience and knowledge to earn certifications like the CISSP, NSA-IAM, MCSE: Security, and SPI Certified Instructor. <br />
<br />
Bruce is s past leader of the [[Kansas_City]] OWASP chapter. He also founded and maintains the PasswordResearch.com[http://www.passwordresearch.com] website.<br />
<br />
Bruce can be contacted at bkmarshall [at] passwordresearch [dot] com.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=User:Bkmarshall&diff=30375User:Bkmarshall2008-06-04T18:55:31Z<p>Bkmarshall: </p>
<hr />
<div>Bruce K. Marshall is currently a Senior Security Consultant in Kansas City. He is closing in on a decade and a half of experience in the information security field. In that time he has consulted with both small and large clients, while using his experience and knowledge to earn certifications like the CISSP, NSA-IAM, MCSE: Security, and SPI Certified Instructor. <br />
<br />
Bruce is past leader of the [[Kansas_City]] OWASP chapter. He also founded and maintains the PasswordResearch.com[http://www.passwordresearch.com] website.<br />
<br />
Bruce can be contacted at bkmarshall [at] passwordresearch [dot] com or 913-484-7233.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_April_2008_Meeting&diff=30374Kansas City April 2008 Meeting2008-06-04T18:53:06Z<p>Bkmarshall: added link to presentation slides</p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on April 30, 2008 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speakers: Karen Fritsche & Sarah Heinen on Security Access Mark-up Language (SAML) & Single Sign-on Implementation'''<br />
<br />
To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.<br />
<br />
Karen Fritsche is an Application Architect and Sarah Heinen is a Programmer / Analyst with American Century Investments in Kansas City. As part of the IT application development team that supports the company's retail web sites www.americancentury.com and www.learningquestsavings.com, they focus on the secure on-line financial transactions of the sites, either through internal services or by establishing single sign-on connectivity to third party vendor sites.<br />
<br />
=== Documents ===<br />
<br />
* Karen & Sarah's [https://www.owasp.org/images/d/df/OWASPKC_SAML_Presentation.ppt presentation slides]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=File:OWASPKC_SAML_Presentation.ppt&diff=30370File:OWASPKC SAML Presentation.ppt2008-06-04T18:48:45Z<p>Bkmarshall: To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; i</p>
<hr />
<div>To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_April_2008_Meeting&diff=29145Kansas City April 2008 Meeting2008-05-09T18:34:05Z<p>Bkmarshall: New page: The Kansas_City OWASP chapter met on April 30, 2008 at Centriq Training in Leawood, KS. === Meeting Summary === '''Chapter Business''' Current chapter priorities include the followi...</p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on April 30, 2008 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speakers: Karen Fritsche & Sarah Heinen on Security Access Mark-up Language (SAML) & Single Sign-on Implementation'''<br />
<br />
To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.<br />
<br />
Karen Fritsche is an Application Architect and Sarah Heinen is a Programmer / Analyst with American Century Investments in Kansas City. As part of the IT application development team that supports the company's retail web sites www.americancentury.com and www.learningquestsavings.com, they focus on the secure on-line financial transactions of the sites, either through internal services or by establishing single sign-on connectivity to third party vendor sites.<br />
<br />
=== Documents ===<br />
<br />
* Karen & Sarah's presentation slides (waiting for presentation file upload to link)</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=29144Kansas City2008-05-09T18:13:49Z<p>Bkmarshall: /* Past Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, April 30th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
'''Security Access Mark-up Language (SAML) & Single Sign-on Implementation'''<br />
<br />
Presented by Karen Fritsche and Sarah Heinen<br />
<br />
To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.<br />
<br />
Karen Fritsche is an Application Architect and Sarah Heinen is a Programmer / Analyst with American Century Investments in Kansas City. As part of the IT application development team that supports the company's retail web sites www.americancentury.com and www.learningquestsavings.com, they focus on the secure on-line financial transactions of the sites, either through internal services or by establishing single sign-on connectivity to third party vendor sites.<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: April 30, 2008 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_April_2008_Meeting|April 2008 Meeting]]<br />
*[[Kansas_City_November_2007_Meeting|November 2007 Meeting]]<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=29143Kansas City2008-05-09T18:13:19Z<p>Bkmarshall: /* Past Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, April 30th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
'''Security Access Mark-up Language (SAML) & Single Sign-on Implementation'''<br />
<br />
Presented by Karen Fritsche and Sarah Heinen<br />
<br />
To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.<br />
<br />
Karen Fritsche is an Application Architect and Sarah Heinen is a Programmer / Analyst with American Century Investments in Kansas City. As part of the IT application development team that supports the company's retail web sites www.americancentury.com and www.learningquestsavings.com, they focus on the secure on-line financial transactions of the sites, either through internal services or by establishing single sign-on connectivity to third party vendor sites.<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: April 30, 2008 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_April_2008_Meeting|April 2008 Meeting]<br />
*[[Kansas_City_November_2007_Meeting|November 2007 Meeting]]<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_November_2007_Meeting&diff=28132Kansas City November 2007 Meeting2008-04-16T15:47:31Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on November 7, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speaker 1: Tom Stripling, CISSP on The Dangers of Third-Party Content'''<br />
<br />
It is now commonplace for web applications to include content from other sites, partners, and advertisers. If this content isn’t handled correctly, applications are left vulnerable to attack. By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.<br />
<br />
Session Learning Objectives<br />
* Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion<br />
* Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content<br />
* Analyze the effectiveness of various application security countermeasures to combat the threat<br />
* Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications<br />
<br />
Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.<br />
<br />
=== Documents ===<br />
<br />
* Tom's [http://www.owasp.org/images/6/6d/OWASP-WASCAppSec2007SanJose_Dangers_of3rdPartyContent.ppt presentation slides]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=28131Kansas City2008-04-16T15:33:55Z<p>Bkmarshall: /* Upcoming Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, April 30th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
'''Security Access Mark-up Language (SAML) & Single Sign-on Implementation'''<br />
<br />
Presented by Karen Fritsche and Sarah Heinen<br />
<br />
To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.<br />
<br />
Karen Fritsche is an Application Architect and Sarah Heinen is a Programmer / Analyst with American Century Investments in Kansas City. As part of the IT application development team that supports the company's retail web sites www.americancentury.com and www.learningquestsavings.com, they focus on the secure on-line financial transactions of the sites, either through internal services or by establishing single sign-on connectivity to third party vendor sites.<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: April 30, 2008 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_November_2007_Meeting|November 2007 Meeting]]<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=28130Kansas City2008-04-16T15:32:15Z<p>Bkmarshall: /* Upcoming Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, November 7th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
'''Security Access Mark-up Language (SAML) & Single Sign-on Implementation'''<br />
Presented by Karen Fritsche and Sarah Heinen<br />
<br />
To accomplish a Web Single Sign-On application with their brokerage back office vendor, American Century Investments solution included the use of SAML. This presentation will provide an overview of: SAML, its benefits and several Single Sign-On options; integration, architecture and configuration options; and the SAML SSO implementation completed by American Century Investments.<br />
<br />
Karen Fritsche is an Application Architect and Sarah Heinen is a Programmer / Analyst with American Century Investments in Kansas City. As part of the IT application development team that supports the company's retail web sites www.americancentury.com and www.learningquestsavings.com, they focus on the secure on-line financial transactions of the sites, either through internal services or by establishing single sign-on connectivity to third party vendor sites.<br />
<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: April 30, 2008 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_November_2007_Meeting|November 2007 Meeting]]<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_November_2007_Meeting&diff=28129Kansas City November 2007 Meeting2008-04-16T15:27:31Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on November 7, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speaker 1: Tom Stripling, CISSP on The Dangers of Third-Party Content''''''<br />
<br />
It is now commonplace for web applications to include content from other sites, partners, and advertisers. If this content isn’t handled correctly, applications are left vulnerable to attack. By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.<br />
<br />
Session Learning Objectives<br />
* Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion<br />
* Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content<br />
* Analyze the effectiveness of various application security countermeasures to combat the threat<br />
* Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications<br />
<br />
Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.<br />
<br />
=== Documents ===<br />
<br />
* Tom's [http://www.owasp.org/images/6/6d/OWASP-WASCAppSec2007SanJose_Dangers_of3rdPartyContent.ppt presentation slides]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_November_2007_Meeting&diff=28127Kansas City November 2007 Meeting2008-04-16T15:02:26Z<p>Bkmarshall: New page: Speaker: '''Tom Stripling, CISSP on The Dangers of Third-Party Content''' It is now commonplace for web applications to include content from other sites, partners, and advertisers. If th...</p>
<hr />
<div>Speaker: '''Tom Stripling, CISSP on The Dangers of Third-Party Content'''<br />
<br />
It is now commonplace for web applications to include content from other sites, partners, and advertisers. If this content isn’t handled correctly, applications are left vulnerable to attack. By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.<br />
<br />
Session Learning Objectives<br />
* Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion<br />
* Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content<br />
* Analyze the effectiveness of various application security countermeasures to combat the threat<br />
* Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications<br />
<br />
Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=28126Kansas City2008-04-16T15:01:52Z<p>Bkmarshall: /* Past Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, November 7th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
<br />
<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: November 7, 2007 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_November_2007_Meeting|November 2007 Meeting]]<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=28125Kansas City2008-04-16T15:00:45Z<p>Bkmarshall: </p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, November 7th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
<br />
<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: November 7, 2007 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=22548Kansas City2007-10-22T16:53:32Z<p>Bkmarshall: </p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, November 7th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
Here is the presentation planned for this meeting:<br />
<br />
Speaker: '''Tom Stripling, CISSP on The Dangers of Third-Party Content'''<br />
<br />
It is now commonplace for web applications to include content from other sites, partners, and advertisers. If this content isn’t handled correctly, applications are left vulnerable to attack. By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.<br />
<br />
Session Learning Objectives<br />
* Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion<br />
* Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content<br />
* Analyze the effectiveness of various application security countermeasures to combat the threat<br />
* Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications<br />
<br />
Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.<br />
<br />
<br />
*We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.<br />
<br />
<br />
Date: November 7, 2007 – 6:00 PM – 7:30 PM<br />
<br />
Location:<br />
<br />
Centriq Training<br />
<br />
8700 State Line Road<br />
<br />
Suite 200<br />
<br />
Leawood, KS 66206<br />
<br />
(913) 322-7000<br />
<br />
http://www.centriq.com/contactus.htm<br />
<br />
Thanks to Centriq Training for volunteering to host another one of our chapter meeting.<br />
<br />
Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.<br />
<br />
<br />
Please note:<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21846Kansas City September 2007 Meeting2007-09-18T15:35:00Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob provided his insights on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob shared the results of this review and provided his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce spoke about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He shared his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
=== Documents ===<br />
<br />
* Bruce's [http://www.passwordresearch.com/files/AvoidingPoorChallengeQuestionAuthentication-OWASP.pdf presentation slides]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21737Kansas City September 2007 Meeting2007-09-14T17:29:21Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
=== Documents ===<br />
<br />
* Bruce's [http://www.passwordresearch.com/files/AvoidingPoorChallengeQuestionAuthentication-OWASP.pdf presentation slides]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21736Kansas City September 2007 Meeting2007-09-14T17:28:52Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
=== Documents ===<br />
<br />
Bruce's [http://www.passwordresearch.com/files/AvoidingPoorChallengeQuestionAuthentication-OWASP.pdf presentation slides]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=21703Kansas City2007-09-12T19:20:11Z<p>Bkmarshall: Updated page following September meeting</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce K. Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
We had a great September 6th meeting. You can find a summary of the event [[Kansas_City_September_2007_Meeting|here]].<br />
<br />
The next Kansas City chapter meeting will take place in November. We are still seeking speakers for this event, so please contact chapter leader [[User:bkmarshall|Bruce K. Marshall]] if you would like to volunteer.<br />
<br />
Details on the November meeting will be posted both here and on the Kansas City chapter [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
<br />
PLEASE NOTE<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries:<br />
<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=21702Kansas City2007-09-12T19:12:12Z<p>Bkmarshall: /* Past Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
The next Kansas City chapter meeting will take place on September 6, 2007 from 6:00 PM to 8:30 PM CDT. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
=== September 6 Meeting ===<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
<br />
'''Location:'''<br />
Centriq Training <br />
8700 State Line Road<br />
Suite 200<br />
Leawood, KS 66206<br />
(913) 322-7000 [http://www.centriq.com/contactus.htm]<br />
<br />
<br />
PLEASE NOTE<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers and attendees at our past chapter meetings:<br />
<br />
*[[Kansas_City_September_2007_Meeting|September 2007 Meeting]]<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21701Kansas City September 2007 Meeting2007-09-12T19:10:13Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
=== Documents ===<br />
<br />
Links to the presentations will be posted as soon as possible.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21700Kansas City September 2007 Meeting2007-09-12T19:09:42Z<p>Bkmarshall: </p>
<hr />
<div>The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Chapter Business'''<br />
Current chapter priorities include the following:<br />
* Volunteer to give an OWASP presentation<br />
** Talks can anything from a short review of a whitepaper or presentation you've seen, to a web application security tool or product review, to a longer technical talk about attacks or countermeasures<br />
* Volunteer your organization to host an OWASP meeting<br />
* Invite other professionals or students to attend our next OWASP meeting<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
=== Documents ===<br />
<br />
Links to the presentations will be posted as soon as possible.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21699Kansas City September 2007 Meeting2007-09-12T18:44:09Z<p>Bkmarshall: </p>
<hr />
<div><br />
The [[Kansas_City]] OWASP chapter met on September 6, 2007 at Centriq Training in Leawood, KS.<br />
<br />
=== Meeting Summary ===<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
=== Documents ===</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21698Kansas City September 2007 Meeting2007-09-12T18:41:51Z<p>Bkmarshall: </p>
<hr />
<div>=== Meeting Summary ===<br />
<br />
We had speakers<br />
<br />
=== Documents ===</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City_September_2007_Meeting&diff=21697Kansas City September 2007 Meeting2007-09-12T18:39:16Z<p>Bkmarshall: New page: == Kansas City OWASP Chapter - September 2007 Meeting == We had speakers Here are their presentations</p>
<hr />
<div><br />
== Kansas City OWASP Chapter - September 2007 Meeting ==<br />
<br />
We had speakers<br />
<br />
Here are their presentations</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=OWASP_Community&diff=21466OWASP Community2007-09-05T18:12:54Z<p>Bkmarshall: /* Events */</p>
<hr />
<div>This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.<br />
<br />
Events from previous years are archived here:<br />
* '''[[OWASP Community 2006]]'''<br />
<br />
This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:<br />
<br />
'''Mon ## (##:00h) - [[Article]]'''<br />
<br />
<!--<br />
<br />
CHAPTER LEADS -- please put your schedule here and we'll post a month in advance<br />
<br />
*** Belgium ***<br />
'''Nov 20 (18:00h) - [[Belgium|Belgium Chapter Meeting]] '''<br />
<br />
*** OTTAWA: Rough dates ***<br />
'''Sept 12 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
'''Nov 14 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
<br />
*** BOSTON: Every first Wednesday of the month ***<br />
<br />
*** MELBOURNE: First Tuesday of the month ***<br />
'''Jul 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
*** NETHERLANDS: Second Thursday of the month sometimes ***<br />
'''Sept 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
'''Dec 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
*** ROCHESTER: Every third Monday of the month ***<br />
<br />
*** TORONTO: Every second Wednesday of the month<br />
<br />
*** VIRGINIA: Every second thursday of the month ***<br />
<br />
--><br />
<br />
==Events==<br />
'''Sept 27 (1800h) - [[New York|NY/NJ Metro chapter meeting]]'''<br />
<br />
'''Sept 27 (13:00h) - [[Taiwan|Taiwan chapter meeting]]'''<br />
<br />
'''Sept 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Sept 7 (15:00h) [[Germany|German chapter meeting]]''' - Restart of the German Chapter<br />
<br />
'''Sept (12:00h) - [[Belgium|Belgium OWASP Day Event]] '''<br />
<br />
'''Sept 6 (18:00h) - [[Kansas_City|Kansas City Chapter meeting]]'''<br />
<br />
'''Sept 5 (18:00h) - [[Chicago|Chicago Chapter Meeting]]'''<br />
<br />
'''Sept 5 (17:00h) - [[Israel|Israeli chapter meeting]]'''<br />
<br />
'''July 25 (18:00h) - [[San Jose|San Jose Chapter Meeting]]'''<br />
<br />
'''July 24 (17:00h) - [[Switzerland|Switzerland chapter meeting]]'''<br />
<br />
'''July 14 (11:00h) - [[Turkey|Turkey chapter meeting - 1st Web Security Days]]'''<br />
<br />
'''July 6 (17:00h) - [[Spain|Spain chapter meeting]]'''<br />
<br />
'''June 26 (11:30hr) - [[Austin|Austin chapter meeting]]''' - Running Web Application Scans<br />
<br />
'''June 22 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
'''June 21 (19:00h) - [[Denver]]''' - Anti-DNS Pinning Attacks / Calculating Return on Security Investment (ROSI)<br />
<br />
'''June 19 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''<br />
<br />
'''June 15 (17:00hr) - [[Spain|Spain chapter meeting]]'''<br />
<br />
'''June 13 (18:30hr) - [[Kansas City|Kansas City chapter meeting]]'''<br />
<br />
'''June 12 (18:00hr) - [[New York|NY/NJ Metro chapter meeting]]'''<br />
<br />
'''Jun 5 (19:00h) - [[Helsinki|Helsinki chapter meeting]]'''<br />
<br />
'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Jun 5 (17:30h) - [[Houston | Houston Chapter Meeting]]'''<br />
<br />
'''May 29 (9:00h) - [[http://www.owasp.org/index.php/Italy#May_29th.2C_2007_-_Seminar:_.22Software_Security.22 Italy@Firenze Tecnologia]]'''<br />
<br />
'''May 29 (11:30h) - [[Austin | Austin Chapter Meeting]]''' - Bullet Proof UI - A programmer's guide to the complete idiot". <br />
<br />
'''May 29 (18:00h) - [[Ottawa | Ottawa Chapter Meeting]]'''<br />
<br />
'''May 22 (18:30h) - [[New Zealand|1st New Zealand chapter Meeting]]'''<br />
<br />
'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''<br />
<br />
'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''May 6 (11:00h) - [[Turkey|Turkey chapter meeting]]'''<br />
<br />
'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Apr 26 (11:00h) - [[San Antonio|San Antonio chapter meeting]]'''<br />
<br />
'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''<br />
<br />
'''Apr 24 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''<br />
<br />
'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''<br />
<br />
'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Apr 18 (17:00h) - [[San Francisco City Chapter Meeting]]'''<br />
<br />
'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''<br />
<br />
'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''<br />
<br />
'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''<br />
<br />
'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''<br />
<br />
'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''<br />
<br />
; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''<br />
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”<br />
<br />
'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''<br />
<br />
'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''<br />
<br />
'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''<br />
<br />
'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
<br />
'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''<br />
<br />
'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''<br />
<br />
'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''<br />
<br />
'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''<br />
<br />
'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''<br />
<br />
; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''<br />
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”<br />
<br />
'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''<br />
<br />
'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''<br />
<br />
'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''<br />
<br />
'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''<br />
<br />
'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''<br />
<br />
'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''<br />
<br />
'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''<br />
<br />
'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''<br />
<br />
'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''<br />
<br />
'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''<br />
<br />
'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''<br />
<br />
'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''<br />
<br />
'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''<br />
<br />
'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''<br />
<br />
'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''<br />
<br />
'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''<br />
<br />
'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''<br />
<br />
'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''<br />
<br />
'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''May 1 - [[Melbourne | Melbourne chapter meeting]]'''<br />
<br />
'''May 2 - [[Boston]]'''<br />
<br />
'''May 6 - [[Turkey]]'''<br />
<br />
'''May 8 - [[Virginia (Northern Virginia)|Washington DC (VA)]]'''<br />
<br />
'''May 9 - [[Toronto]]'''<br />
<br />
'''May 10 - [[Belgium]]'''<br />
<br />
'''May 15 - [[Rochester]]'''<br />
<br />
'''May 21 - [[Israel]]'''<br />
<br />
'''May 22 - [[New Zealand]]'''<br />
<br />
'''May 29 - [[Italy]]'''<br />
<br />
'''June 5 - [[Houston]]'''<br />
<br />
'''June 5 - [[Melbourne]]'''<br />
<br />
'''June 5 - [[Helsinki]]'''<br />
<br />
'''June 12 - [[New Jersey]]'''<br />
<br />
'''June 15 - [[Spain]]'''<br />
<br />
'''July 14 - [[Turkey]]'''</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=21002Kansas City2007-08-22T17:05:46Z<p>Bkmarshall: </p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
The next Kansas City chapter meeting will take place on September 6, 2007 from 6:00 PM to 8:30 PM CDT. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
=== September 6 Meeting ===<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
<br />
'''Location:'''<br />
Centriq Training <br />
8700 State Line Road<br />
Suite 200<br />
Leawood, KS 66206<br />
(913) 322-7000 [http://www.centriq.com/contactus.htm]<br />
<br />
<br />
PLEASE NOTE<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers and attendees at our past meetings:<br />
<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=21001Kansas City2007-08-22T17:05:08Z<p>Bkmarshall: </p>
<hr />
<div>{'''Bold text'''{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
The next Kansas City chapter meeting will take place on September 6, 2007 from 6:00 PM to 8:30 PM CDT. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
=== September 6 Meeting ===<br />
<br />
'''Speaker 1: Bob Phelps, National Bank Examiner with the Office of the Comptroller of the Currency (OCC)'''<br />
<br />
Bob will provide his insight on the financial regulatory environment and how laws lead to specific information security standards and guidance. Through his job he has performed a review of application security practices in about a dozen midsize and large banks. Bob will share the results of this review and provide his recommendations on how to establish a sound application security management program.<br />
<br />
At the OCC Bob both works with the Policy division in Washington DC and has bank supervisory responsibilities. He leads and participates in examinations of National Banks in NYC, KC, Omaha, and Minneapolis. His Policy responsibilities include evaluating emerging technologies and their impact on the banking system, evaluating trends in information security, and developing and delivering various training programs to other examiners.<br />
<br />
'''Speaker 2: Bruce K. Marshall, Senior Security Consultant with Security PS'''<br />
<br />
Bruce will be speaking about how to avoid improperly using challenge questions (e.g. “What is your pet’s name?”) for web app authentication. While challenge questions tend to be user friendly they can also expose your application to new security threats. He will share his experience on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Bruce consults with clients like American Express, Garmin, Microsoft, and Commerce Bank to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management.<br />
<br />
<br />
'''Location:'''<br />
Centriq Training <br />
8700 State Line Road<br />
Suite 200<br />
Leawood, KS 66206<br />
(913) 322-7000 [http://www.centriq.com/contactus.htm]<br />
<br />
<br />
PLEASE NOTE<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers and attendees at our past meetings:<br />
<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=20996Kansas City2007-08-21T22:04:23Z<p>Bkmarshall: /* Past Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
The next Kansas City chapter meeting will take place on September 6, 2007 from 6:00 PM to 8:30 PM CDT. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
'''September 6 Meeting'''<br />
<br />
Speaker 1: Bob Phelps is a National Bank Examiner with the Office of the Comptroller of the Currency (OCC) in Kansas City. He is responsible for examining the information security practices of banks. Bob will be speaking about the web application security guidelines now under development for financial institutions. His talk will provide great insight into the web app security advice being issued by regulatory agencies.<br />
<br />
Speaker 2: Bruce K. Marshall is a Senior Consultant with Security PS in Kansas City. He consults with clients to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management. Bruce will be speaking about how to avoid improperly using challenge questions for web app authentication. He will share his insights on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Location: <br />
Centriq Training <br />
8700 State Line Road<br />
Suite 200<br />
Leawood, KS 66206<br />
(913) 322-7000 [http://www.centriq.com/contactus.htm]<br />
<br />
<br />
PLEASE NOTE<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers and attendees at our past meetings:<br />
<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=20995Kansas City2007-08-21T22:03:24Z<p>Bkmarshall: Meeting update and new content</p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader [[User:bkmarshall|Bruce Marshall]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Upcoming Meetings ==<br />
<br />
The next Kansas City chapter meeting will take place on September 6, 2007 from 6:00 PM to 8:30 PM CDT. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.<br />
<br />
'''September 6 Meeting'''<br />
<br />
Speaker 1: Bob Phelps is a National Bank Examiner with the Office of the Comptroller of the Currency (OCC) in Kansas City. He is responsible for examining the information security practices of banks. Bob will be speaking about the web application security guidelines now under development for financial institutions. His talk will provide great insight into the web app security advice being issued by regulatory agencies.<br />
<br />
Speaker 2: Bruce K. Marshall is a Senior Consultant with Security PS in Kansas City. He consults with clients to assess and improve their information security strategies in areas like network security, web app security, authentication, and program management. Bruce will be speaking about how to avoid improperly using challenge questions for web app authentication. He will share his insights on both choosing the best challenge questions and how to properly integrate them into your application.<br />
<br />
Location: <br />
Centriq Training <br />
8700 State Line Road<br />
Suite 200<br />
Leawood, KS 66206<br />
(913) 322-7000 [http://www.centriq.com/contactus.htm]<br />
<br />
<br />
PLEASE NOTE<br />
*Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security<br />
*No registration is required, although RSVPs to the [[User:bkmarshall|chapter leader]] are appreciated<br />
*Professionals with CISSPs, or other certifications, can earn CPE credits by attending<br />
<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to the speakers and attendees at our past meetings:<br />
<br />
*[[Kansas City June 2007 Meeting|June 2007 meeting]]!<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=User:Bkmarshall&diff=20845User:Bkmarshall2007-08-15T21:01:22Z<p>Bkmarshall: </p>
<hr />
<div>Bruce K. Marshall is currently a Senior Security Consultant for Security PS [http://www.securityps.com] in Kansas City. He is closing in on a decade and a half of experience in the information security field. In that time he has consulted with both small and large clients, while using his experience and knowledge to earn certifications like the CISSP, NSA-IAM, MCSE: Security, and SPI Certified Instructor. <br />
<br />
Bruce is currently serving as leader of the [[Kansas_City]] OWASP chapter. He also founded and maintains the PasswordResearch.com[http://www.passwordresearch.com] website.<br />
<br />
Bruce can be contacted at bmarshall [at] securityps [dot] com or 913-484-7233.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=Kansas_City&diff=19659Kansas City2007-07-09T18:33:46Z<p>Bkmarshall: </p>
<hr />
<div>{{Chapter Template|chaptername=Kansas City|extra=If you have any questions about the Kansas City Chapter, please send an email to our [[User:bkmarshall|chapter leader]]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-kansascity|emailarchives=http://lists.owasp.org/pipermail/owasp-kansascity}}<br />
<br />
== Local News ==<br />
<br />
We are currently in the process of planning our next meeting for August/September. Please be thinking about topics you'd like to see presented or discussed at the next meeting.<br />
<br />
PLEASE NOTE!<br />
<br />
*Attending an OWASP chapter meeting is free<br />
*No registration required<br />
*For CISSPs, attending an OWASP meeting will give you valuable CPE credits<br />
<br />
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our [http://lists.owasp.org/mailman/listinfo/owasp-kansascity mailing list].<br />
<br />
== Past Meetings ==<br />
Thanks to everyone who attended our most recent [[Kansas City June 2007 Meeting|June 2007 meeting]]!<br />
<br />
*[[Kansas City March 2007 Meeting|March 2007 meeting]]<br />
*[[Kansas City December 2006 Meeting|December 2006 meeting]]<br />
<br />
[[Category:OWASP Chapter]]</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=User:Bkmarshall&diff=19658User:Bkmarshall2007-07-09T18:29:03Z<p>Bkmarshall: </p>
<hr />
<div>Bruce K. Marshall is currently a Senior Security Consultant for Security PS [http://www.securityps.com] in Kansas City. He is closing in on a decade and a half of experience in the information security field. In that time he has consulted with both small and large clients, while using his experience and knowledge to earn certifications like the CISSP, NSA-IAM, MCSE: Security, and SPI Certified Instructor. <br />
<br />
Bruce is currently serving as leader of the [[Kansas_City]] OWASP chapter. He also founded and maintains content for the PasswordResearch.com[http://www.passwordresearch.com] website.<br />
<br />
Bruce can be contacted at bmarshall [at] securityps.com or 913-484-7233.</div>Bkmarshallhttps://wiki.owasp.org/index.php?title=User:Bkmarshall&diff=19656User:Bkmarshall2007-07-09T18:26:46Z<p>Bkmarshall: New page: Bruce K. Marshall is currently a Senior Security Consultant for Security PS [http://www.securityps.com] in Kansas City. He is closing in on a decade and a half of experience in the inform...</p>
<hr />
<div>Bruce K. Marshall is currently a Senior Security Consultant for Security PS [http://www.securityps.com] in Kansas City. He is closing in on a decade and a half of experience in the information security field. In that time he has consulted with both small and large clients, while using his experience and knowledge to earn certifications like the CISSP, NSA-IAM, MCSE: Security, and SPI Certified Instructor. <br />
<br />
Bruce is currently serving as leader of the Kansas City OWASP chapter. He also founded and maintains content for the PasswordResearch.com[http://www.passwordresearch.com] website.<br />
<br />
Bruce can be contacted at bmarshall [at] securityps.com or 913-484-7233.</div>Bkmarshall