OWASP - User contributions [en]

Denver September 2011 meeting

2011-09-02T16:57:11Z

Dc: /* "Chris Schmidt: OWASP ESAPI" -- Wednesday 14 September 2011 */

="Chris Schmidt: OWASP ESAPI" -- Wednesday 14 September 2011 =

Details and registration here: http://owaspco.eventbrite.com/

ESAPI 2.0 - Defense Against the Dark Arts Beef (Chris Schmidt)

In this presentation Chris will highlight the latest GA release of OWASP Enterprise Security API 2.0.

Key touchpoints of the talk will include:

What is ESAPI
Integrating Controls
Crypto Enhancements
ESAPI Roadmap and Future
ESAPI Community Launch

What is ESAPI will feature an updated overview of what an Enterprise Security API is, why it is important, and how it is intended to be used. This will be a high-level overview intended to raise questions from you about specifics that can be addressed in the breakout session or over a cold beer.

Integrating Controls will be a brief view into what it actually takes to build and integrate an ESAPI control into a web application. This demo will focus on solving a XSS issue on a small vulnerable web application.

One of the single largest enhancements to ESAPI 2.0 was a complete overhaul of the Crypto component. Kevin Wall drove this initiative from idea to completed project and will be highlighting the hows, whys, and whats of the enhancements.

ESAPI has come a long way since Jeff Williams originally started the project many years ago - and it has grown and evolved into something that is much bigger than any of us anticipated. The ESAPI Dev team will be outlining what you can expect to see over the next 12 months of ESAPI development and you will definitely not want to miss this.

The ESAPI Community is a new idea, focused on bringing in some of the awesome integration work that the user community has done and making it available as pluggable components that can be used to address common integration concerns such as using ESAPI with Struts or Spring.

[https://www.owasp.org/index.php/Denver Back to OWASP Denver]

Global Industry Committee

2011-08-16T20:53:18Z

Dc: /* Work in Progress */

__NOTOC__
==== About the Committee ====

=== Mission Statement ===

The Global Industry Committee was created during the OWASP EU Summit in Portugal. '''The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.''' The committee is governed by the [[Global Industry Committee Governance]] document.
 

=== Committee Members ===
 Members:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Lorna Alamri
| lorna.alamri 'at' owasp dot org
| USA
|-
| Rex Booth §
| rex.booth 'at' gt dot com
| USA
|-
| Joe Bernik
| bernik 'at' gmail dot com
| USA
|-
| David Campbell
| dcampbell 'at' owasp dot org
| USA
|-
| Mauro Flores
| mauro.flores 'at' owasp dot org
| Uruguay
|-
| Alexander Fry
| alexander.fry 'at' owasp dot org
| USA
|-
| Eoin Keary
| eoin.keary 'at' owasp dot org
| Ireland
|-
| Nishi Kumar
| nishi.kumar@owasp.org
| USA
|-
| Mateo Martinez
| mateo.martinez 'at' owasp dot org
| Uruguay
|-
| Colin Watson
| colin.watson 'at' owasp dot org
| UK
|-
| Sherif Koussa
| sherif.koussa 'at' owasp dot org
| Canada
|-
| Christian Papathanasiou
| christian.papathanasiou 'at' owasp dot org
| Greece
|}

'''§ The committee chair is Rex Booth.''' The previous chairs were:

*Joe Bernik (Feb 2011 to July 2011)
*Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
*Colin Watson (Nov 2009 to Oct 2010)

Former members of the committee:
*Yiannis Pavlosoglou

==== Meetings and Getting Involved ====

=== Mailing List ===

[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] - this is the best way to find out what's going on day-to-day, and to provide input.

=== Meetings ===
Currently, the Global Industry Committee conference call meetings every 4 weeks on Thursday (starting July 28th 2011) at 11:00 AM (UTC-05:00) Eastern Time (US & Canada) and last no longer than an hour.

The '''next Global Industry Committee meeting''' will be:
Global Meeting Time Planner - [http://www.timeanddate.com/worldclock/advmeeting.html Click Here]
*Date Thursday 28th July at 11:00 AM (UTC-05:00) Eastern Time (US & Canada) = 16:00 UTC/GMT.
*Dial in: 800.851.3547 x3738751
*Meeting agenda forthcoming

Minutes of previous meetings are:

*[[Industry:Minutes_2011-06-16|16 June 2011]]
*[[Industry:Minutes_2011-05-13|13 May 2011]]
*[[Industry:Minutes_2011-04-29|29 Apr 2011]]
*[[Industry:Minutes_2011-04-08|08 Apr 2011]]
*[[Industry:Minutes 2011-03-18|18 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03182011.pdf| PDF of 18 Mar 2011 Meeting Minutes]])
*[[Industry:Minutes 2011-03-04|04 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03042011.pdf| PDF of 04 Mar 2011 Meeting Minutes]]) ([https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN Proposed GIC Budget for 2011])
*[[Industry:Minutes 2011-02-25|25 Feb 2011]] ([[Media:GIC_Meeting_Minutes_02252011.pdf| PDF of 25 Feb 2011 Meeting Minutes]])
*[[Media:Summit2011-industry-committee-outcomes.pdf|9 Feb 2011]] (Summit outcomes)
*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])
*[[Industry:Minutes 2010-05-18|18 May 2010]]
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] (also [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 MP3 recording of the call])
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]
* 16 Dec 2010

=== Membership ===

[[Membership]] explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.

==== Current Activity ====

=== Work in Progress ===

The current activities being undertaken:

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Deadline
! Type
! Status
! Description
! Who
|-
| [http://www.rmima.org/2011/aug2011.htm OWASP at Rocky Mountain Information Management Association Mtg]
| 19 Aug 2011
| Outreach
| In progress
| Man OWASP booth at RMIMA conference to promote awareness
| DC, Gerrit Padgham
|-
| [https://www.owasp.org/index.php/AppSecEU2011/Industry_Outreach Industry Outreach Sessions at OWASP AppSec EU]
| 10 Jun 2011
| Outreach
| In progress
| Conduct industry outreach sessions at AppSec EU to educate about GIC initiatives and solicit feedback
| RB, NK, SB
|-
| [http://pages.event.fishnetsecurity.com/page.aspx?QS=472529ec60bdf32a82a426e012293c9bd031529fe8a7723f3daf606009fc4561 Enterprise Security Solutions Summit]
| 7 Jun 2011
| Outreach
| Complete
| Manning the OWASP booth doing outreach, membership drive, etc.
| DC
|-
| [http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/data_sharing.aspx UK ICO Data Sharing Code of Practice]
| 10 May 2011
| Standards
| Complete
| Submitted [https://www.owasp.org/index.php/File:Owasp-ico-data-sharing-cop-consultation-response-1.pdf OWASP response] (12/20/2010) to last year's consultation on the draft
| CW
|-
| [http://www.brighttalk.com/community/cloud-computing/webcast/24582 OWASP Panel at Brighttalk Appsec Summit]
| 16 March 2011
| Outreach
| Complete
| Participate in panel of OWASP leaders to discuss new web application threats and give insights on ways to secure them for business
| DC
|-
| [http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP FedRAMP]
| 17 Jan 2011
| Standards
| In progress
| Provide response to FedRAMP certification and accreditation process
| RB
|-
| [http://hacking-lab.com/ Hacking Lab]
| 14 Dec 2011
| Outreach
| In progress
| Matt Tesauro has been working with Hacking Lab previously and brought it to the GIC
| MAT
|-
|}

=== Other ongoing initiatives ===

*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.

=== Completed Items ===

[[Global_Industry_Committee/Completed_Initiatives|View the GIC's past initiatives]]

==== GIC Records ====

=== Committee Working Documents ===
*'''[https://spreadsheets.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en_US&authkey=CPjLgdwN 2011 GIC Budget]
* [https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEZ1NmNHRGZOX3E0V2F2T2lUZ0RyVkE&hl=en&authkey=CN3toL0F GIC Member Task List]
* [https://docs.google.com/document/d/1ow_XZ_chhopu0yAYuMnmGXfdTRhlrKJEdqKZZ-pHloo/edit?hl=en&authkey=CPWb-csP Comprehensive List of Industry Verticals]
* [http://code.google.com/p/owasp-cbt-project/downloads/list Security For Managers And Executives - Industry Outreach Presentation ] 

=== Monthly Reports ===
*[https://docs.google.com/present/edit?id=0AZZ9zE0hx0LNZGczZ3B4YnpfMTJnMmh6ZjJmYg&hl=en_US Ppt template for Monthly Board Meeting updates]
*[[Media:GIC_update_4_29_2011.pdf| May Industry Committee Update]]
*[http://www.owasp.org/index.php/File:GIC_update.pptx April Industry Committee Update]

===OWASP Summits and Working Sessions===
*[https://docs.google.com/a/owasp.org/document/d/1WTTmmpc2bx3IZ9f5zU2ubTG_BrCxxrXzVHnUQUIzAWI/edit?hl=en_US Notes from Industry Outreach Sessions at AppSec EU - Dublin, 2011]
*From Industry Outreach Session at 2011 AppSec EU - [https://docs.google.com/leaf?id=1UFf0Fuqhg_0u49E4s6iNxmEwNP8358M36sXs1mwLg3O3oQC7fFSwAxKMUoYW&hl=en_US Ppt presentation on CISO Survey, Rex Booth]
*From Industry Outreach Session at 2011 AppSec EU -[https://docs.google.com/leaf?id=1ZFUaqj7fVSFm1BwEMnVCAS_Zi5xJUbugVHZP54hULIdEUYJYVkQ93vzsuY3o&hl=en_US Ppt presentation on Industry Outreach, Lorna Alamri]
*[[Summit 2011]] ([[Media:Summit2011-industry-committee-outcomes.pdf|Working session outcomes]])
*[[Summit 2009]]

===About the GIC===

*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]

===Summaries===
(for inclusion into other full OWASP presentations):

*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]
*Jul 2009 [[Image:Owasp-industry-committee-summary-july-2009.ppt]]
*May 2009 [[Image:Owasp-industry-committee-summary-may-2009.ppt]]
*Apr 2009 [[Image:Owasp-industry-committee-summary-april-2009.ppt]]
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]

<headertabs/>
 
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] | [[How to Join a Committee]] | [[Global_Committee_Pages|Learn about other Global Committees]]

Global Industry Committee

2011-08-16T20:50:30Z

Dc: /* Work in Progress */

__NOTOC__
==== About the Committee ====

=== Mission Statement ===

The Global Industry Committee was created during the OWASP EU Summit in Portugal. '''The OWASP Global Industry Committee (GIC) shall expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. This will be accomplished through outreach; including presentations, development of position papers and collaborative efforts with other entities.''' The committee is governed by the [[Global Industry Committee Governance]] document.
 

=== Committee Members ===
 Members:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Lorna Alamri
| lorna.alamri 'at' owasp dot org
| USA
|-
| Rex Booth §
| rex.booth 'at' gt dot com
| USA
|-
| Joe Bernik
| bernik 'at' gmail dot com
| USA
|-
| David Campbell
| dcampbell 'at' owasp dot org
| USA
|-
| Mauro Flores
| mauro.flores 'at' owasp dot org
| Uruguay
|-
| Alexander Fry
| alexander.fry 'at' owasp dot org
| USA
|-
| Eoin Keary
| eoin.keary 'at' owasp dot org
| Ireland
|-
| Nishi Kumar
| nishi.kumar@owasp.org
| USA
|-
| Mateo Martinez
| mateo.martinez 'at' owasp dot org
| Uruguay
|-
| Colin Watson
| colin.watson 'at' owasp dot org
| UK
|-
| Sherif Koussa
| sherif.koussa 'at' owasp dot org
| Canada
|-
| Christian Papathanasiou
| christian.papathanasiou 'at' owasp dot org
| Greece
|}

'''§ The committee chair is Rex Booth.''' The previous chairs were:

*Joe Bernik (Feb 2011 to July 2011)
*Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
*Colin Watson (Nov 2009 to Oct 2010)

Former members of the committee:
*Yiannis Pavlosoglou

==== Meetings and Getting Involved ====

=== Mailing List ===

[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] - this is the best way to find out what's going on day-to-day, and to provide input.

=== Meetings ===
Currently, the Global Industry Committee conference call meetings every 4 weeks on Thursday (starting July 28th 2011) at 11:00 AM (UTC-05:00) Eastern Time (US & Canada) and last no longer than an hour.

The '''next Global Industry Committee meeting''' will be:
Global Meeting Time Planner - [http://www.timeanddate.com/worldclock/advmeeting.html Click Here]
*Date Thursday 28th July at 11:00 AM (UTC-05:00) Eastern Time (US & Canada) = 16:00 UTC/GMT.
*Dial in: 800.851.3547 x3738751
*Meeting agenda forthcoming

Minutes of previous meetings are:

*[[Industry:Minutes_2011-06-16|16 June 2011]]
*[[Industry:Minutes_2011-05-13|13 May 2011]]
*[[Industry:Minutes_2011-04-29|29 Apr 2011]]
*[[Industry:Minutes_2011-04-08|08 Apr 2011]]
*[[Industry:Minutes 2011-03-18|18 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03182011.pdf| PDF of 18 Mar 2011 Meeting Minutes]])
*[[Industry:Minutes 2011-03-04|04 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03042011.pdf| PDF of 04 Mar 2011 Meeting Minutes]]) ([https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN Proposed GIC Budget for 2011])
*[[Industry:Minutes 2011-02-25|25 Feb 2011]] ([[Media:GIC_Meeting_Minutes_02252011.pdf| PDF of 25 Feb 2011 Meeting Minutes]])
*[[Media:Summit2011-industry-committee-outcomes.pdf|9 Feb 2011]] (Summit outcomes)
*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])
*[[Industry:Minutes 2010-05-18|18 May 2010]]
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] (also [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 MP3 recording of the call])
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]
* 16 Dec 2010

=== Membership ===

[[Membership]] explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.

==== Current Activity ====

=== Work in Progress ===

The current activities being undertaken:

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Deadline
! Type
! Status
! Description
! Who
|-
| [https://www.owasp.org/index.php/AppSecEU2011/Industry_Outreach Industry Outreach Sessions at OWASP AppSec EU]
| 10 Jun 2011
| Outreach
| In progress
| Conduct industry outreach sessions at AppSec EU to educate about GIC initiatives and solicit feedback
| RB, NK, SB
|-
| [http://pages.event.fishnetsecurity.com/page.aspx?QS=472529ec60bdf32a82a426e012293c9bd031529fe8a7723f3daf606009fc4561 Enterprise Security Solutions Summit]
| 7 Jun 2011
| Outreach
| Complete
| Manning the OWASP booth doing outreach, membership drive, etc.
| DC
|-
| [http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/data_sharing.aspx UK ICO Data Sharing Code of Practice]
| 10 May 2011
| Standards
| Complete
| Submitted [https://www.owasp.org/index.php/File:Owasp-ico-data-sharing-cop-consultation-response-1.pdf OWASP response] (12/20/2010) to last year's consultation on the draft
| CW
|-
| [http://www.brighttalk.com/community/cloud-computing/webcast/24582 OWASP Panel at Brighttalk Appsec Summit]
| 16 March 2011
| Outreach
| Complete
| Participate in panel of OWASP leaders to discuss new web application threats and give insights on ways to secure them for business
| DC
|-
| [http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP FedRAMP]
| 17 Jan 2011
| Standards
| In progress
| Provide response to FedRAMP certification and accreditation process
| RB
|-
| [http://hacking-lab.com/ Hacking Lab]
| 14 Dec 2011
| Outreach
| In progress
| Matt Tesauro has been working with Hacking Lab previously and brought it to the GIC
| MAT
|-
|}

=== Other ongoing initiatives ===

*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.

=== Completed Items ===

[[Global_Industry_Committee/Completed_Initiatives|View the GIC's past initiatives]]

==== GIC Records ====

=== Committee Working Documents ===
*'''[https://spreadsheets.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en_US&authkey=CPjLgdwN 2011 GIC Budget]
* [https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEZ1NmNHRGZOX3E0V2F2T2lUZ0RyVkE&hl=en&authkey=CN3toL0F GIC Member Task List]
* [https://docs.google.com/document/d/1ow_XZ_chhopu0yAYuMnmGXfdTRhlrKJEdqKZZ-pHloo/edit?hl=en&authkey=CPWb-csP Comprehensive List of Industry Verticals]
* [http://code.google.com/p/owasp-cbt-project/downloads/list Security For Managers And Executives - Industry Outreach Presentation ] 

=== Monthly Reports ===
*[https://docs.google.com/present/edit?id=0AZZ9zE0hx0LNZGczZ3B4YnpfMTJnMmh6ZjJmYg&hl=en_US Ppt template for Monthly Board Meeting updates]
*[[Media:GIC_update_4_29_2011.pdf| May Industry Committee Update]]
*[http://www.owasp.org/index.php/File:GIC_update.pptx April Industry Committee Update]

===OWASP Summits and Working Sessions===
*[https://docs.google.com/a/owasp.org/document/d/1WTTmmpc2bx3IZ9f5zU2ubTG_BrCxxrXzVHnUQUIzAWI/edit?hl=en_US Notes from Industry Outreach Sessions at AppSec EU - Dublin, 2011]
*From Industry Outreach Session at 2011 AppSec EU - [https://docs.google.com/leaf?id=1UFf0Fuqhg_0u49E4s6iNxmEwNP8358M36sXs1mwLg3O3oQC7fFSwAxKMUoYW&hl=en_US Ppt presentation on CISO Survey, Rex Booth]
*From Industry Outreach Session at 2011 AppSec EU -[https://docs.google.com/leaf?id=1ZFUaqj7fVSFm1BwEMnVCAS_Zi5xJUbugVHZP54hULIdEUYJYVkQ93vzsuY3o&hl=en_US Ppt presentation on Industry Outreach, Lorna Alamri]
*[[Summit 2011]] ([[Media:Summit2011-industry-committee-outcomes.pdf|Working session outcomes]])
*[[Summit 2009]]

===About the GIC===

*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]

===Summaries===
(for inclusion into other full OWASP presentations):

*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]
*Jul 2009 [[Image:Owasp-industry-committee-summary-july-2009.ppt]]
*May 2009 [[Image:Owasp-industry-committee-summary-may-2009.ppt]]
*Apr 2009 [[Image:Owasp-industry-committee-summary-april-2009.ppt]]
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]

<headertabs/>
 
[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] | [[How to Join a Committee]] | [[Global_Committee_Pages|Learn about other Global Committees]]

Denver

2011-08-11T22:49:16Z

Dc: /* Next Chapter Meeting: RSVP Now! */

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspco.eventbrite.com/ RSVP Now!]=====
[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]

NOTE: THIS WIKI IS USUALLY TERRIBLY OUT OF DATE. PLEASE FOLLOW @OWASP303 ON TWITTER AND/OR SUBSCRIBE TO THE MAILING LIST



=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf


__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:48:16Z

Dc: /* Chapter Management Links */

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspco.eventbrite.com/ RSVP Now!]=====
[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf


__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:47:55Z

Dc: /* Denver OWASP Chapter Leaders */

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspco.eventbrite.com/ RSVP Now!]=====
[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:47:10Z

Dc: /* Questions, Comments */

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspco.eventbrite.com/ RSVP Now!]=====
[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:46:52Z

Dc: /* Missed the con? */

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspco.eventbrite.com/ RSVP Now!]=====
[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:46:16Z

Dc: /* Next Chapter Meeting: RSVP Now! */

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspco.eventbrite.com/ RSVP Now!]=====
[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:44:56Z

Dc:

{{Chapter Template|chaptername=Denver|extra=Chapter leader is David Campbell. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.



See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver September 2011 meeting

2011-08-11T22:43:26Z

Dc: Created page with "="Chris Schmidt: OWASP ESAPI" -- Wednesday 14 September 2011 = Details and registration here: http://owaspco.eventbrite.com/ [https://www.owasp.org/index.php/Denver Back to OWA..."

="Chris Schmidt: OWASP ESAPI" -- Wednesday 14 September 2011 =

Details and registration here: http://owaspco.eventbrite.com/

[https://www.owasp.org/index.php/Denver Back to OWASP Denver]

Denver

2011-08-11T22:37:01Z

Dc: /* Future Meetings */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.



See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:35:18Z

Dc: /* Future Meetings */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.



See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

Denver September 2011 meeting|September 14th 2011: Chris Schmidt "OWASP ESAPI"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

Denver

2011-08-11T22:34:21Z

Dc: /* Past Meetings */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.



See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]



== Past Meetings ==
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]
[[Category:Colorado]]

ProposedGICbudget2011

2011-03-14T16:52:47Z

Dc:

== Proposed Budget Spreadsheet ==
[https://spreadsheets.google.com/a/owasp.org/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN#gid=0 gDoc spreadsheet]

== More info on ROI for folks invited to OWASP AppSec cons using GIC funding ==
Tobias Gondrom - IETF -- now involved in governance task force

Tobias Gondrom is Managing Director of an IT Security & Risk Management Advisory based in the United Kingdom and Germany. He has twelve years of experience in software development, application security, cryptography, electronic signatures and global standardisation organisations working for independent software vendors and large global corporations in the financial, technology and government sector, in America, EMEA and APAC

Since 2003 he is the chair of the IETF working group „LTANS“ in the security area, member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF, and a former chapter lead of the German OWASP chapter from 2007 to 2008.

Vehbi Tasar
Dr. Vehbi Tasar, CISSP, CSSLP, Director of Professional Programs Development - Vehbi is in charge of all exam development at (ISC)².

Giles Hogben
Dr Giles Hogben is programme manager for secure services at the European Network and Information Security Agency in Greece.

Kyprianos Vasilopoulos
Senior Security Consultant Greece at Atos Origin, AthCon Conference Planning Committee

Konstantinos Papapanagiotou is the OWASP Greek Chapter Leader, AthCon Conference Planning Committee

Dr Konstantinos Papapanagiotou has more than 7 years of experience in the field of Information Security both as a corporate consultant and as a researcher. Currently, he is Information Security Risk Management Services Manager of Syntax IT Inc.

Justin Searle -- Senior Security Analyst with InGuardians, Joined Global Projects committee and already heavily involved (Jason Li can speak to this), already on OWASP radar but not on global committee

[http://www.owasp.org/index.php/Talk:Chairs:_March_14,_2011 Back to OWASP Chairs Talk Page]

ProposedGICbudget2011

2011-03-14T16:38:09Z

Dc: // gdoc link to proposed budget

[https://spreadsheets.google.com/a/owasp.org/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN#gid=0 gDoc spreadsheet]

[http://www.owasp.org/index.php/Talk:Chairs:_March_14,_2011 Back to OWASP Chairs Talk Page]

Talk:Chairs: March 14, 2011

2011-03-14T16:37:18Z

Dc: /* Shared Budget Items */

==Talk Page Guidelines==
* Sign your name after a comment by using four tildas (<nowiki>~~~~</nowiki>). Mediawiki automatically replaces this with the right thing
* Add a new discussion point with the level 2 heading (==Example==) or the '+' sign
* Add inline replies using increasing number of colons (:)
* See [http://www.mediawiki.org/wiki/Help:Talk_pages MediaWiki Talk Page Conventions]

From Kate:
# Be constructive. An idea is a seed and needs to be nurtured. If you do not agree with the idea, come up with an alternative, don’t just shoot it down.
# Be flexible. We can’t all get our way all the time.
# Follow through and be honest. If you say you are going to do something, please do it. if you don’t’ have time to do something, say that too.
# Encourage your committee members to follow the discussions and to channel their ideas up to you. Let’s keep this the leadership board.
# Be creative! Come up with new ways of thinking and opportunities to make things happen!
# Hold everything against the Core Values and Core Principles. http://www.owasp.org/index.php/About_OWASP These are in the process of being updated.
# Be considerate of other’s time. I am the only one who doesn’t really have anything else to do than talk about OWASP. Let’s use this time to make decisions and move forward, not to debate.

== Base Committee Governance Rules ==

My thought is that we can have a common "base rules" for how committees conduct business, membership, voting, minimum meeting frequency, removing members, chair elections ....... and then extend these rules as applicable to each committee. To get started, we can look at the relevant sections of the document the Conferences Committee passed late last year (http://www.owasp.org/index.php/Global_Conferences_Committee_Governance). With some minimal tweaking I think we can update the relevant sections to apply across committees. I've taken a stab below (note some of this language was stolen from current by-laws)

[[User:Mark.bristow|Mark.bristow]]

* [[Global_Conferences_Committee_Governance|Conferences Committee Governance]]
* [https://docs.google.com/document/d/1liiIpZE9EeVHL7CIGHQsXybtqsVGSJ1i5s9oSWSnWfE/edit?hl=en&pli=1# Projects Committee Governance] ([[:GPC/Governance|Wiki format]])
* [[Global_Chapters_Committee_Governance|Chapters Committee Governance]]
* Membership Committee
* Education Committee
* Chapters Committee
* Industry Committee

== Committee Missions ==

* What is a committee?
* What is the mission of each Committee?

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

* Industry Committee would like to change mission statement (as drafted by Joe Bernik) to:
''To expand the engagement of OWASP and its mission amongst the public and private sector verticals, through outreach; including presentations, development of position papers and collaborative efforts. The Industry committee serves as the voice of OWASP within the public and private sector and the channel through which OWASP aligns its efforts to the demands of the market.''

Thoughts?

[[User:Sarah Baso|Sarah Baso]] 10:27, 14 March 2011 (EDT)

== OWASP Points Program ==

* [[:Summit_2011_Working_Sessions/Session071]]
* [[OWASP Points]]

[[User:Mark.bristow|Mark.bristow]]

== Shared Budget Items ==

* Administrative Support?
* Marketing/Promotion?
* Committee Summit?
* [[ProposedGICbudget2011|GIC Proposed Budget for 2011]]

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

== Raising Revenue ==

* Individual Membership Dues
** Increase
** Tiered
* Corporate Membership Dues
** Increase
** [[ProposedTieredCorporateMembership|Tiered]]
* Conference Tickets
** Increase
** Tiered
* Other Revenue Streams?
** Markup on Lulu printing?
** Hardcopy software distribution?

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

== Cross-Committee Concerns ==

* OWASP Conferences Track (Conferences, Projects, Education)
* OWASP Academies (Chapters, Education)
* Industry + Connections merger?
* OWASP Student Chapter (Membership, Chapters, Education)

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

* Speaker's Sub Committee (education/chapters/conferences)

Kate thinks that before we can consider merging/ending a committee we need to understand what the mission and goal of the committees are. Initial purpose of connections was along the lines of PR and outreach (newsletters, etc) and this is outside the Industry committee. From what I've seen, the Industry committee is actually more in line with Membership as it serves as outreach to corporations to involve them in OWASP.
[[User:KateHartmann|KateHartmann]] 10:26, 14 March 2011 (EDT)

ProposedTieredCorporateMembership

2011-03-14T16:36:00Z

Dc: // added joe b's suggestion re: tiered corp memberships for individuals

Joe's idea: Right now in OWASP we have a $5k Corporate Membership and a $50 individual membership. Maybe we should have something in the middle, for example: a $500 corporate employee membership - where there is an open disclosure but still a protection of their interests in their membership agreement. These corporate members would have access to vertical driven content, and the ability to interact with peers with similar appsec issues. (This will likely open up a can of worms regarding NDAs or other "agreement" -- So watch out!). The idea would be to we will represent the corporate data through sanitized metrics but not disclose the source.

[http://www.owasp.org/index.php/Talk:Chairs:_March_14,_2011#Raising_Revenue Back to OWASP Chairs Talk Page]

Talk:Chairs: March 14, 2011

2011-03-14T16:34:30Z

Dc: /* Raising Revenue */

==Talk Page Guidelines==
* Sign your name after a comment by using four tildas (<nowiki>~~~~</nowiki>). Mediawiki automatically replaces this with the right thing
* Add a new discussion point with the level 2 heading (==Example==) or the '+' sign
* Add inline replies using increasing number of colons (:)
* See [http://www.mediawiki.org/wiki/Help:Talk_pages MediaWiki Talk Page Conventions]

From Kate:
# Be constructive. An idea is a seed and needs to be nurtured. If you do not agree with the idea, come up with an alternative, don’t just shoot it down.
# Be flexible. We can’t all get our way all the time.
# Follow through and be honest. If you say you are going to do something, please do it. if you don’t’ have time to do something, say that too.
# Encourage your committee members to follow the discussions and to channel their ideas up to you. Let’s keep this the leadership board.
# Be creative! Come up with new ways of thinking and opportunities to make things happen!
# Hold everything against the Core Values and Core Principles. http://www.owasp.org/index.php/About_OWASP These are in the process of being updated.
# Be considerate of other’s time. I am the only one who doesn’t really have anything else to do than talk about OWASP. Let’s use this time to make decisions and move forward, not to debate.

== Base Committee Governance Rules ==

My thought is that we can have a common "base rules" for how committees conduct business, membership, voting, minimum meeting frequency, removing members, chair elections ....... and then extend these rules as applicable to each committee. To get started, we can look at the relevant sections of the document the Conferences Committee passed late last year (http://www.owasp.org/index.php/Global_Conferences_Committee_Governance). With some minimal tweaking I think we can update the relevant sections to apply across committees. I've taken a stab below (note some of this language was stolen from current by-laws)

[[User:Mark.bristow|Mark.bristow]]

* [[Global_Conferences_Committee_Governance|Conferences Committee Governance]]
* [https://docs.google.com/document/d/1liiIpZE9EeVHL7CIGHQsXybtqsVGSJ1i5s9oSWSnWfE/edit?hl=en&pli=1# Projects Committee Governance] ([[:GPC/Governance|Wiki format]])
* [[Global_Chapters_Committee_Governance|Chapters Committee Governance]]
* Membership Committee
* Education Committee
* Chapters Committee
* Industry Committee

== Committee Missions ==

* What is a committee?
* What is the mission of each Committee?

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

* Industry Committee would like to change mission statement (as drafted by Joe Bernik) to:
''To expand the engagement of OWASP and its mission amongst the public and private sector verticals, through outreach; including presentations, development of position papers and collaborative efforts. The Industry committee serves as the voice of OWASP within the public and private sector and the channel through which OWASP aligns its efforts to the demands of the market.''

Thoughts?

[[User:Sarah Baso|Sarah Baso]] 10:27, 14 March 2011 (EDT)

== OWASP Points Program ==

* [[:Summit_2011_Working_Sessions/Session071]]
* [[OWASP Points]]

[[User:Mark.bristow|Mark.bristow]]

== Shared Budget Items ==

* Administrative Support?
* Marketing/Promotion?
* Committee Summit?

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

== Raising Revenue ==

* Individual Membership Dues
** Increase
** Tiered
* Corporate Membership Dues
** Increase
** [[ProposedTieredCorporateMembership|Tiered]]
* Conference Tickets
** Increase
** Tiered
* Other Revenue Streams?
** Markup on Lulu printing?
** Hardcopy software distribution?

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

== Cross-Committee Concerns ==

* OWASP Conferences Track (Conferences, Projects, Education)
* OWASP Academies (Chapters, Education)
* Industry + Connections merger?
* OWASP Student Chapter (Membership, Chapters, Education)

[[User:Jason Li|Jason Li]] 01:02, 11 March 2011 (EST)

* Speaker's Sub Committee (education/chapters/conferences)

Kate thinks that before we can consider merging/ending a committee we need to understand what the mission and goal of the committees are. Initial purpose of connections was along the lines of PR and outreach (newsletters, etc) and this is outside the Industry committee. From what I've seen, the Industry committee is actually more in line with Membership as it serves as outreach to corporations to involve them in OWASP.
[[User:KateHartmann|KateHartmann]] 10:26, 14 March 2011 (EDT)

Global Industry Committee

2011-03-11T20:46:56Z

Dc: /* Work in Progress */

'''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.'''

== Mission Statement ==

''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' [https://www.owasp.org/index.php/Global_Industry_Committee#General_Presentations_and_Reports Powerpoint of Accomplishments]

 

== Committee Plan ==

Step 1: [[Industry:Organizations for Outreach|Identify specific organizations]] worth working with to spread the OWASP gospel

Step 2: Prioritize the proposed liaisons based on potential impact, and also realistic likelihood of the organization actively working with us

Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact

Step 4: Evaluate progress & repeat Step 1-3

== Committee Members ==

 Members:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Lorna Alamri
| lorna.alamri 'at' owasp dot org
| USA
|-
| Joe Bernik §
| bernik 'at' gmail dot com
| USA
|-
| Rex Booth
| rex.booth 'at' gt dot com
| USA
|-
| David Campbell
| dcampbell 'at' owasp dot org
| USA
|-
| Alexander Fry
| alexander.fry 'at' owasp dot org
| USA
|-
| Georg Hess
| georg.hess 'at' artofdefence dot com
| Germany
|-
| Colin Watson
| colin.watson 'at' owasp dot org
| UK
|-
| Mauro Flores
| mauro.flores 'at' owasp dot org
| Uruguay
|-
| Mateo Martinez
| mateo.martinez 'at' owasp dot org
| Uruguay
|}

§ The committee chair is Joe Bernik. The previous chairs were:

*Yiannis Pavlosoglou (Nov 2010 to Jan 2011)
*Colin Watson (Nov 2009 to Oct 2010)

 Board Member Representative:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Eoin Keary
|eoin.keary 'at' owasp dot org
| Ireland
|}

 Secretary:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| [[User:Sarah_Baso |Sarah Baso]]
| sarah.baso 'at' owasp dot org
| USA
|}

Former members of the committee:
*Yiannis Pavlosoglou

== Monthly Report ==

See [http://www.owasp.org/index.php/Global_Industry_Committee#Work_in_Progress below...]

== Getting Involved ==

=== Mailing List ===

[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list] - this is the best way to find out what's going on day-to-day, and to provide input.

=== Meetings ===

The next Global Industry Committee meeting will be:

*Friday, March 11 at 20:15 hrs GMT
**+1 877 534 8500 or International +1 513 534 8500
**Passcode 410105 #
**Agenda: Discussion in preparation for Committee Chair meeting on Monday

*Friday, March 18 at 5pm / 17:00 hrs GMT
**+1 877 534 8500 or International +1 513 534 8500
**Passcode 410105 #
**Agenda forthcoming

Minutes of previous meetings are:

*[[Industry:Minutes 2011-03-04|04 Mar 2011]] ([[Media:GIC_Meeting_Minutes_03042011.pdf| PDF of 04 Mar 2011 Meeting Minutes]]) ([https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEpRbVhBUEljMGpLNnVJa0FHeWZwMkE&hl=en&authkey=CPjLgdwN Proposed GIC Budget for 2011])
*[[Industry:Minutes 2011-02-25|25 Feb 2011]] ([[Media:GIC_Meeting_Minutes_02252011.pdf| PDF of 25 Feb 2011 Meeting Minutes]])
*[[Media:Summit2011-industry-committee-outcomes.pdf|9 Feb 2011]] (Summit outcomes)
*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])
*[[Industry:Minutes 2010-05-18|18 May 2010]]
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] (also [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 MP3 recording of the call])
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]
* 16 Dec 2010

=== Membership ===

[[Membership]] explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.

=== Other ongoing initiatives ===

*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.

=== Committee Working Documents ===
* [https://spreadsheets.google.com/ccc?key=0ApZ9zE0hx0LNdEZ1NmNHRGZOX3E0V2F2T2lUZ0RyVkE&hl=en&authkey=CN3toL0F GIC Member Task List]
* [https://docs.google.com/document/d/1ow_XZ_chhopu0yAYuMnmGXfdTRhlrKJEdqKZZ-pHloo/edit?hl=en&authkey=CPWb-csP Comprehensive List of Industry Verticals]

== Current Activity ==

=== Work in Progress ===

The current activities being undertaken:

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Deadline
! Type
! Status
! Description
! Who
|-
| Scholarship for AppSecUSA Attendance of women
| On-going
| Outreach
| New
| Raise funds and create model for funds disbursement
| LA/YP
|-
| National Board of Information Security Examiners
| Ongoing
| Outreach
| New
| Invite and coordinate OWASP contributions to NBISE
| YP/LA
|-
| OWASP Top 10 Presentation
| 2/18/11 or 2/25/11
| Outreach
| New
| OWASP Presentation Royal Holloway, University of London presentation
| YP
|-
| New IETF Web Security working group / W3C Web Application Security Working Group
| Ongoing
| All Members
| New
| Invite and coordinate OWASP contributions on this IETF/W3C Group
| YP
|-
| [http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP FedRAMP]
| 17 Jan 2011
| Standards
| In progress
| Provide response to FedRAMP certification and accreditation process
| RB
|-
| [http://hacking-lab.com/ Hacking Lab]
| 14 Dec 2011
| Outreach
| In progress
| Matt Tesauro has been working with Hacking Lab previously and brought it to the GIC
| MAT/YP
|-
| Leeds Chapter Leader Presentation
| 13 Dec 2011
| Outreach
| In progress
| LA is gathering OWASP overview and project information for OWASP Leeds presentation needs.
| LA
|-
| Reconnecting with past Industry Committee connections
| 1 Feb 2011
| Follow up
| In progress
| YP and LA to follow up with Industry Committee past contacts.
| YP/LA
|-
| OWASP Panel at Brighttalk Appsec Summit
| 16 March 2011
| Outreach
| In progress
| Join an expert panel of OWASP leaders as they discuss new web application threats and give their insights on ways to secure them for your business [http://www.brighttalk.com/community/cloud-computing/webcast/24582]
| DC
|-
|}

=== Completed Items ===

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Completed
! Type
! Status
! Description
! Who
|-
| [http://www.owasp.org/index.php/OWASP_Mobile_Security_Project Kickoff OWASP Mobile Security Project]
| 2011 Summit
| Projects
| Closed
| Provide GIC oversight to Mobile Security Project
| DC
|-
| [[Industry:FTC Protecting Consumer Privacy|FTC Protecting Consumer Privacy in an Era of Rapid Change]]
| 18 Feb 2011
| Standards
| Closed
| Provide response to "FTC Protecting Consumer Privacy in an Era of Rapid Change - A framework for businesses and policymakers"
| CW
|-
| [http://www.londoncentral.bcs.org BCS London Central]
| 17 Feb 2011
| Outreach
| Closed
| Present a talk about OWASP.
| CW
|-
| [[Industry:ICO Data Sharing CoP|Data Sharing CoP]]
| 5 Jan 2011
| Standards
| Closed
| Provide response to UK ICO's "Data Sharing Code of Practice Consultation"
| CW/AF
|-
| CRESTCON
| 14 Dec 2011
| Outreach
| Closed
| YP is attending CRESTCON in Royal Holloway, Surrey, UK
| YP
|-
| (ISC)^2 Application Security Advisory Board (ASAB)
| 19 Nov 2010
| Outreach
| Closed
| YP is now a member of the (ISC)^2 ASAB, with the first meeting to be held in FL on the above stated date.
| YP
|-
| [http://www.techexecnetworks.com/event_2010.12.01.asp T.E.N./Fortify Software Security Assurance Summit]
| 1 Dec 2010
| Outreach
| Closed
| Discuss quick wins and high impact software assurance activities using the OWASP SAMM model as reference and cite other OWASP projects as resources.
| AF
|-
| [[Industry:DOJ Nondiscrimination on the Basis of Disability|DOJ Nondiscimination on the Basis of Disability]]
| 30 Nov 2010
| Standards
| Closed
| Provide response to US DOJ's "Accessibility of Web Information and Services of State and Local Government Entities and Public Accommodations"
| AF/LA
|
|-
| [[Industry:e-Consumer Protection Consultation|e-Consumer Protection Consultation]]
| 13 Oct 2010
| Standards
| Closed
| Review and provide official OWASP response to [http://www.oft.gov.uk/ UK Office of Fair Trading] [http://www.oft.gov.uk/OFTwork/consultations/current/eprotection/ e-Consumer Protection Consultation].
| YP
|-
| [[Industry:ENISA Cloud Computing Common Assurance Metrics|ENISA Common Assurance Maturity Model]]
| 8 Oct 2010
| Standards
| Closed
| Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Maturity Model for [http://www.enisa.europa.eu/ ENISA]/Cloud Security Alliance/etc joint initiative.
| CW
|-
| [http://www.w3.org/TR/2010/WD-mwabp-20100713/ Mobile Web Application Best Practices Working Draft]
| 6 Aug 2010
| Standards
| Closed
| Review and provide official OWASP response to W3C's [http://www.w3.org/2005/MWI/BPWG/ Mobile Web Best Practices Working Group].
| DC
|-
| [http://www.oft.gov.uk/ UK Office of Fair Trading]
| 23 Jul 2010
| Standards
| Closed
| Ask to be added to official consultation list
| CW
|-
| [http://www.businesslink.gov.uk BusinessLink]
| 1 Jul 2010
| Outreach
| Closed
| Offer to contribute to development of IT security information about [http://www.businesslink.gov.uk/bdotg/action/layer?topicId=1075421745 application security] on the BusinessLink website for UK SMEs. Outcome - no help required at present, but BusinessLink system to be disbanded.
| CW
|-
| Veracode
| 28 Jun 2010
| Outreach
| Closed
| Discuss use of Open SAMM to classify Secure SDL maturity in Veracode's code analysis summary reports. Outcome - positive response received.
| CW
|-
| [http://www.owasp.org/index.php/Leeds_UK OWASP Leeds/North]
| 16 Jun 2010
| Outreach
| Closed
| Presentations at chapter meeting in Newcastle-upon-Tyne about ENISA CAMM and OWASP Appsensor
| CW
|-
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010 Front Range OWASP Conference (FROC) 2010]
| 2 Jun 2010
| Outreach
| Closed
| Conference organisation [http://tinyurl.com/froctalks Vids & presentations online]
| DC
|-
| [http://www.isaca-denver.org/meetings/MAY_2010_CHPT_MTG.shtml OWASP Presentation at ISACA Denver Annual Meeting]
| 27 May 2010
| Outreach
| Closed
| Presentation [https://docs.google.com/fileview?id=0B_-vbfka88vFNjIwY2IwYjItZmYyNi00MmNiLWFhOWItYmQ4OGZmZjVmZWUx&hl=en Presentation online]
| DC
|-
| [http://www.issa-uk.org/ ISSA-UK]
| 13 May 2010
| Outreach
| Closed
| Presentation
| YP
|-
| [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]]
| 5 Mar 2010
| Legislation
| Closed
| Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice"
| YP
|-
| [http://www.enisa.europa.eu/ ENISA] Mobile Apps
| Mar 2010
| Outreach
| Closed
| Identify and introduce OWASP contact for ENISA's Mobile Apps Project, in conjunction with Dinis Cruz.
| CW
|-
| [[Industry:Technology Strategy Board Secure Software Development Initiative|Technology Strategy Board Secure Software Development Partnership]]
| 18 Feb 2010
| Outreach
| Closed
| Liaise with the UK [http://www.innovateuk.org/ Technology Strategy Board] about the Secure Software Development Partnership (SSDP) in conjunction with the [http://www.owasp.org/index.php/London London chapter] leader Justin Clarke
| CW
|-
| US [http://www.issa-nova.org Information Systems Security Association Northern Virginia Chapter (ISSA-NOVA)]
| 21 Jan 2010
| Outreach
| Closed
| Provide presentation covering CSSLP, fundamentals of AppSec and Intro to OWASP and Global Industry Committee
| AF
|-
| [http://www.enisa.europa.eu/ ENISA]
| Jan 2010
| Outreach
| Closed
| Discuss opportunities for OWASP to work with ENISA, in conjunction with Dinis Cruz.
| CW
|-
| [[:Industry:Draft NIST SP 800-37 Revision 1|NIST SP 800-37 Revision 1 FPD]] Review Project
| 30 Dec 2009
| Standards
| Closed
| Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach"
| RB
|-
| [http://www.crest-approved.org/ CREST] CRESTCon
| 15 Dec 2009
| Outreach
| Closed
| Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th.
| YP
|-
| [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network]
| 30 Nov 2009
| Outreach
| Closed
| Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way
| CW
|-
| [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]]
| 25 Nov 2009
| Standards
| Closed
| Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements"
| CW
|-
| [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009]
| 10-13 Nov 2009
| Outreach
| Closed
| Conference organisation - special effort to engage with US Federal sector
| RB
|-
| [http://www.justice.gov.uk/ UK Ministry of Justice]
| -
| Legislation
| Closed
| Ask to be added to official consultation list
| CW
|-
| [http://www.it-sa.de/ IT-SA]
| 13-15 Oct 2009
| Outreach
| Closed
| OWASP booth at trade show
| GH
|-
| [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009]
| 13 Oct 2009
| Outreach
| Closed
| Conference organisation
| GH
|-
| US [http://www.loc.gov Library of Congress]
| 28 Sep 2009
| Outreach
| Closed
| Presentation about OWASP
| RB
|-
| [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009]
| 10 Sep 2009
| Outreach
| Closed
| Conference organisation
| EK
|-
| OWASP Citations
| 7 Sep 2009
| Other
| Closed
| Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]]
| CW
|-
| US [http://www.loc.gov Library of Congress]
| 26 Aug 2009
| Outreach
| Closed
| Presentation about OWASP
| RB
|-
| OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit]
| 13 Aug 2009
| Outreach
| Closed
| Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures].
| DC
|-
| [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]]
| 31 Jul 2009
| Standards
| Closed
| Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today."
| CW
|-
| [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project]
| 8 Jul 2009
| Standards
| Closed
| Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0]
| TB
|-
| [[Scotland]]
| 25 Jun 2009
| Outreach
| Closed
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]])
| CW
|-
| OWASP Presentation at [http://cfp2009.org/ CFP Con 2009]
| 1 Jun 2009
| Outreach
| Closed
| Deliver presentation on web threats and countermeasures. See [http://www.cfp2009.org/wiki/index.php/Tutorials/Workshops CFP tutorial page] grep OWASP for more info.
| DC
|-
| ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory]
| -
| Outreach
| Closed
| Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters.
| CW
|-
| IIL [http://www.iilondon.co.uk/ Insurance Institute of London]
| 2 Jun 2009
| Outreach
| Closed
| Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce]
| CW
|-
| [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]]
| 29 May 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management"
| CW/EK/RB/DC
|-
| German IT Industry Association
| 15 May 2009
| Outreach
| Closed
| Presentation on OWASP
| GH
|-
| [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines]
| 7 May 2009
| Outreach
| Closed
| Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP
| DC
|-
| [[Industry:DPC BS 10012|DPC BS 10012]]
| 31 Mar 2009
| Standards
| Closed
| Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC)
| CW
|-
| [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]]
| 27 Mar 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations"
| RB
|-
| [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]]
| 13 Mar 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)"
| CW
|-
| [[London]]
| 12 Mar 2009
| Outreach
| Closed
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]])
| CW
|-
| [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]]
| 11 Mar 2009
| Legislation
| Closed
| Provide response to UK Government's "Digital Britain Interim Report Jan 2009"
| CW
|-
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range]
| 5 Mar 2009
| Outreach
| Closed
| Conference organisation
| DC
|-
| US [http://www.commerce.gov/ Department of Commerce]
| 25 Feb 2009
| Outreach
| Closed
| Presentation about OWASP to Economic Security Working Group
| RB
|-
| [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]]
| 31 Jan 2009
| Standards
| Closed
| Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC)
| Puneet/CW
|-
| AppSec Presentation Delivered to Infragard, Dec 2008
| Dec 2008
| Outreach
| Closed
| [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. [http://docs.google.com/Present?docid=ddkr62qv_0cn7km4c3&skipauth=true Presentation here]. Email DC for full PPT with speaker notes
| DC
|-
| The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk]
| Nov 2008
| Outreach
| Closed
| Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website
| DC
|}

=== General Presentations and Reports ===

OWASP Summits:

*[[Summit 2011]] ([[Media:Summit2011-industry-committee-outcomes.pdf|Working session outcomes]])
*[[Summit 2009]]

About the Industry Committee:

*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]

Summaries (for inclusion into other full OWASP presentations):

*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]
*Jul 2009 [[Image:Owasp-industry-committee-summary-july-2009.ppt]]
*May 2009 [[Image:Owasp-industry-committee-summary-may-2009.ppt]]
*Apr 2009 [[Image:Owasp-industry-committee-summary-april-2009.ppt]]
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]

 

Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

Denver

2011-03-11T17:34:34Z

Dc: /* Future Meetings */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.



See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]



== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-03-11T17:34:14Z

Dc: /* Next Chapter Meeting: RSVP Now! */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.



See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver March 2011 meeting

2011-03-09T18:13:25Z

Dc: /* "Hands on Hack-A-Thon" */

="Hands on Hack-A-Thon" -- Thursday 17 March 2011 =
Bring a laptop and be ready to have some fun!

It's been ages since we've had a meeting and we're getting back to our roots. Our hands on sessions have always been more popular than anything else. We apologize that our Sep 2010 mtg was supposed to be hands-on and wasn't.
For this meeting chapter leaders DC and Eric Duprey will be preparing some live vulnerable environments and opening things up for a fun free-for-all. The format will be that whenever somebody owns something, they get to explain to the rest of the chapter how they did it.
If folks get stuck, we'll provide hints and walkthroughs, etc.
The vulnerable targets will range in difficulty and should provide something for everyone, but we'll be leaning towards beginner type material.
DISCLAIMER: pro pentesters may be a bit bored, but come along anyway. Time permitting we'll get some advanced stuff into the mix.

==Agenda==
*5:45pm -- free parking @ Hosting.com's garage
*6pm: Pizza & pop, sponsored by Hosting.com
*6:30pm: Introduction and Chapter business
*6:45pm --> 9pm: Live "Hack-a-Thon" and FREE BEER

For more details about past events see the OWASP wiki page and don't forget to follow us on twitter for live appsec goodness.

[https://www.owasp.org/index.php/Denver Back to OWASP Denver]

Denver

2011-02-08T04:38:13Z

Dc: /* Denver OWASP Chapter Leaders */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver March 2011 meeting

2011-02-08T04:36:54Z

Dc:

="Hands on Hack-A-Thon"=
Bring a laptop and be ready to have some fun!

It's been ages since we've had a meeting and we're getting back to our roots. Our hands on sessions have always been more popular than anything else. We apologize that our Sep 2010 mtg was supposed to be hands-on and wasn't.
For this meeting chapter leaders DC and Eric Duprey will be preparing some live vulnerable environments and opening things up for a fun free-for-all. The format will be that whenever somebody owns something, they get to explain to the rest of the chapter how they did it.
If folks get stuck, we'll provide hints and walkthroughs, etc.
The vulnerable targets will range in difficulty and should provide something for everyone, but we'll be leaning towards beginner type material.
DISCLAIMER: pro pentesters may be a bit bored, but come along anyway. Time permitting we'll get some advanced stuff into the mix.

==Agenda==
*5:45pm -- free parking @ Hosting.com's garage
*6pm: Pizza & pop, sponsored by Hosting.com
*6:30pm: Introduction and Chapter business
*6:45pm --> 9pm: Live "Hack-a-Thon" and FREE BEER

For more details about past events see the OWASP wiki page and don't forget to follow us on twitter for live appsec goodness.

[https://www.owasp.org/index.php/Denver Back to OWASP Denver]

Denver March 2011 meeting

2011-02-08T04:35:07Z

Dc: Created page with " [https://www.owasp.org/index.php/Denver Back to OWASP Denver]"

[https://www.owasp.org/index.php/Denver Back to OWASP Denver]

Denver

2011-02-08T04:33:19Z

Dc:

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:32:03Z

Dc: /* OWASP Podcast */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

=====Wassup with Boulder???=====
Boulder is presently leaderless. We hope that by moving the Denver meetings up north several miles that we can lure more of the Boulder folks to come join us in our new setup close to downtown Denver. If you're interested in taking over the Boulder chapter please let us know!

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:30:03Z

Dc: /* Questions, Comments */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' owasp.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:29:37Z

Dc: /* Missed the con? */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Missed the con?=====
* [http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
* [http://media.ccc.de/browse/congress/2010/index.html Vids from 27c3]
* [http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:27:56Z

Dc: /* Videos from AppsecDC 2010 */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Missed the con?=====
[http://www.reddit.com/r/netsec/comments/fgetw/shmoocon_2011_video_collection/ Vids from Schmoocon 2011]
[http://vimeo.com/groups/asdc10/videos/sort:newest Vids from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:25:38Z

Dc: /* Videos from AppsecDC 2010 */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Videos from AppsecDC 2010=====
[http://vimeo.com/groups/asdc10/videos/sort:newest Videos from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:25:01Z

Dc: /* Videos from AppsecDC 2010 */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Videos from AppsecDC 2010=====
http://vimeo.com/groups/asdc10/videos/sort:newest Videos from AppsecDC 2010]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:23:53Z

Dc: /* OWASP Podcast */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Videos from AppsecDC 2010=====
http://vimeo.com/groups/asdc10/videos/sort:newest]

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:22:27Z

Dc: /* Front Range OWASP Conference (FROC 2010) */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:21:34Z

Dc: /* Next Chapter Meeting: RSVP Now! */ march 2011

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://owaspcolorado.eventbrite.com/ RSVP Now!]=====
[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

Next Colorado meeting is scheduled for Thurs, 17 Mar 2011 at Hosting.com, our new favorite meeting location. How can you beat free parking, a great meeting room, and FREE BEER? In fact, we blame the huge gap between this meeting and our last one on too much of the latter.

At any rate, we're psyched to be having another meeting. This one is all hands on, no presos. So bring your laptop and great ready to rumble.

We're also getting geared up for FROC2011 on 5 May 2011, to be followed by SkiSides, brought to you by the Security B-Sides Crew.

See you there!

=====Front Range OWASP Conference (FROC 2010) =====
[[Front_Range_OWASP_Conference_2010|FROC 2010]] was a sellout success! Thanks for your support. The [http://www.surveymonkey.com/sr.aspx?sm=Fn2UBK3eyju0z2k3B8XpvHvs9s_2bdRO1BS428Of_2f9ZA0_3d survey results] are now posted.

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:13:46Z

Dc: /* Future Meetings */

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://denverowasp.eventbrite.com/ RSVP Now!]=====
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

Next Denver meeting is scheduled for Wed, 22 Aug 2010 at an all new central Denver location. We've heard your gripes that Raytheon and Dish are too far south, and thanks to the fine folks at Hosting.com are pleased to be hosting our September meeting much closer to downtown, but with free parking! (and, for this meeting, free beer!)



=====Front Range OWASP Conference (FROC 2010) =====
[[Front_Range_OWASP_Conference_2010|FROC 2010]] was a sellout success! Thanks for your support. The [http://www.surveymonkey.com/sr.aspx?sm=Fn2UBK3eyju0z2k3B8XpvHvs9s_2bdRO1BS428Of_2f9ZA0_3d survey results] are now posted.

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==

[[Denver March 2011 meeting|March 17th 2011: Hands on "Hack a Thon"]]

5 May 2011: SnowFROC 2011 followed by B-Sides "SkiSides". Details TBD

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Denver

2011-02-08T04:09:56Z

Dc: /* Past Meetings */ finally mv'd sept 2010 to past from future :(

{{Chapter Template|chaptername=Denver|extra=Chapter leaders are [mailto:eduprey@gmail.com Eric Duprey] and [mailto:dcampbell@owasp.org David Campbell]. |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denver|emailarchives=http://lists.owasp.org/pipermail/owasp-denver}}

==== Local News ====

=====Next Chapter Meeting: [http://denverowasp.eventbrite.com/ RSVP Now!]=====
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

Next Denver meeting is scheduled for Wed, 22 Aug 2010 at an all new central Denver location. We've heard your gripes that Raytheon and Dish are too far south, and thanks to the fine folks at Hosting.com are pleased to be hosting our September meeting much closer to downtown, but with free parking! (and, for this meeting, free beer!)



=====Front Range OWASP Conference (FROC 2010) =====
[[Front_Range_OWASP_Conference_2010|FROC 2010]] was a sellout success! Thanks for your support. The [http://www.surveymonkey.com/sr.aspx?sm=Fn2UBK3eyju0z2k3B8XpvHvs9s_2bdRO1BS428Of_2f9ZA0_3d survey results] are now posted.

=====OWASP Podcast=====
[http://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast]

<paypal>Denver</paypal>
<hr>

==Questions, Comments==
Questions can be directed to

*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

<hr>

==== Chapter Meetings ====

== Future Meetings ==


[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

== Past Meetings ==
[[Denver September 2010 meeting|September 22nd 2010: Eric Duprey: Application Vulnerability Shooting Gallery]]

[[Denver August 2010 meeting|August 18th 2010: Clint Pollock: Protecting Your Applications from Backdoors]]

[[Front_Range_OWASP_Conference_2010|June 2nd 2010: Front Range OWASP Conference]]

[[Denver January 2010 meeting|January 20th 2010: John Evans: Securing Webapps: An Illustrative Overview]]

[[Denver November 2009 meeting|November 18th 2009: Anton Rager: Advanced XSS]]

[[Denver August 2009 meeting|August 27th 2009: Jon Rose: Security in the Clouds]]

[[Denver May 2009 meeting|May 2009: Dr. Joseph McComb & and Daniel Weiske: Compliance and application security testing]]

[[Front_Range_OWASP_Conference_2009|March 2009: Front Range OWASP Conference (SnowFROC)]]

[[Denver January 2009 meeting|January 2009: David Campbell & Eric Duprey: Guided Tour: AppSec NYC '08 CTF]]

[[Denver October 2008 meeting|October 2008: Alex Smolen: The OWASP ASP .NET ESAPI]]

[[Denver September 2008 meeting|September 2008: John Dickson: Black Box vs. White Box: Different App Testing Strategies]]

[[Denver August 2008 meeting|August 2008: Dan Cornell: Static Analysis]]

[[Denver July 2008 meeting|July 2008: David Byrne & Eric Duprey: Grendel-Scan]]

[[Front Range OWASP Conference|June 2008: Front Range OWASP Conference: Jeremiah Grossman, Robert Hansen, and more!]]

[[Denver May 2008 meeting|May 2008: David Campbell & Eric Duprey: XSS Attacks & Defenses]]

[[Denver April 2008 meeting|April 2008: Ryan Barnett: Virtual Patching with ModSecurity]]

[[Denver February 2008 meeting|February 2008: Michael Sutton: SQL Injection Revisited]]

[[Denver June 2007 meeting|June 2007]]

[[Denver April 2007 meeting|April 2007]]

[[Denver February 2007 meeting|February 2007]]

[[Denver January 2007 meeting|January 2007]]

[[Denver November 2006 meeting|November 2006]]

==[[Related_Organizations|Local Organizations of Interest]]==

==== Mailing List ====
Join the [http://lists.owasp.org/mailman/listinfo/owasp-denver OWASP Denver Mailing List] to receive meeting notifications via email

==== Twitter Feed @owasp303 ====
Denver OWASP has created a [http://twitter.com/owasp303 Twitter feed @owasp303] to keep you in the loop. Whilst the mailing list is primarily intended to be low-traffic and only provide updates regarding the times, locations, and topics for chapter meetings, the Twitter feed will also provide noteworthy appsec updates.

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
<twitter>55021150</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

====Resources====

=====Denver OWASP Chapter Leaders=====
*David Campbell, Denver OWASP: dcampbell 'at' owasp.org
*Eric Duprey, Denver OWASP: eduprey 'at' exploits.org

=====Key OWASP Resources=====
* http://www.owasp.org/images/4/41/ASVS_One_Page_Handout.pdf
* http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf
* http://www.owasp.org/images/a/a1/Legal_One_Page_Handout.pdf
*
* http://www.owasp.org/images/a/a3/How_ESAPI_Works.pdf
* http://www.owasp.org/images/a/ac/LAMP_Should_be_Spelled_LAMPE.pdf
* http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf
*
* http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories
* http://www.owasp.org/index.php/Man_vs._Code
*
* http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf
*
* http://www.owasp.org/images/c/cd/PHP-ESAPI_1.0a_install.pdf
* http://www.owasp.org/images/6/67/PHP-ESAPI_1.0a_ReleaseNotes.pdf

=====Chapter Management Links=====
[[Pizza|Best pizza in Centennial]]
__NOTOC__
<headertabs/>
[[Category:OWASP Chapter]]

Summit 2011 Working Sessions/Session065

2011-02-01T20:40:36Z

Dc: // added top 10

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Tom Neaves
| summit_session_attendee_email2 = tom.neaves@verizonbusiness.com
| summit_session_attendee_username2 =
| summit_session_attendee_company2= Verizon Business
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Justin Clarke
| summit_session_attendee_email4 = justin.clarke@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Sherif Koussa
| summit_session_attendee_email5 = sherif.koussa@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Vishal Garg
| summit_session_attendee_email6 = vishalgrg@gmail.com
| summit_session_attendee_username6 =
| summit_session_attendee_company6= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Dan Cornell
| summit_session_attendee_email7 = dan@denimgroup.com
| summit_session_attendee_username7 =
| summit_session_attendee_company7=Denim Group
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Chris Eng
| summit_session_attendee_email8 = ceng@veracode.com
| summit_session_attendee_username8 =
| summit_session_attendee_company8= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Jim Manico
| summit_session_attendee_email9 = jim@manico.net
| summit_session_attendee_username9 =
| summit_session_attendee_company9= Infrared Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Jack Mannino
| summit_session_attendee_email10 = jack@nvisiumsecurity.com
| summit_session_attendee_username10 =
| summit_session_attendee_company10= nVisium Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Nishi Kumar
| summit_session_attendee_email11 = nishi.kumar@owasp.org
| summit_session_attendee_username11 =
| summit_session_attendee_company11= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Mobile Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| mailing_list =

|-

| short_working_session_description= Working session to establish baseline knowledge repository for mobile security testing within OWASP

|-

| related_project_name1 = OWASP Mobile Security Project
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Mobile_Security_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-
| summit_session_objective_name1 = '''Primary: Create core knowledge base on project wiki site'''
| summit_session_objective_name2 = Recruit volunteers to contribute to project
| summit_session_objective_name3 = Establish relationships with key players (i.e. Apple/Google/etc)

| summit_session_objective_name4 = Create the OWASP Mobile Top 10

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Project wiki page

|summit_session_deliverable_name2 = A project home page, roadmap, and action plan. Look at the OWASP Ecosystem concept to see what all you should have in place.

|summit_session_deliverable_name3 = OWASP Mobile Top 10

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Mike Zusman
| summit_session_leader_email1 = mike.zusman@intrepidusgroup.com

| summit_session_leader_name2 = David Campbell
| summit_session_leader_email2 = dcampbell@owasp.org

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-

| session_name_mask =  Session065
| session_home_page =  Summit_2011_Working_Sessions/Session065
}}

Summit 2011 Working Sessions/Session065

2011-02-01T20:35:01Z

Dc: // added descr

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Tom Neaves
| summit_session_attendee_email2 = tom.neaves@verizonbusiness.com
| summit_session_attendee_username2 =
| summit_session_attendee_company2= Verizon Business
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Justin Clarke
| summit_session_attendee_email4 = justin.clarke@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Sherif Koussa
| summit_session_attendee_email5 = sherif.koussa@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Vishal Garg
| summit_session_attendee_email6 = vishalgrg@gmail.com
| summit_session_attendee_username6 =
| summit_session_attendee_company6= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Dan Cornell
| summit_session_attendee_email7 = dan@denimgroup.com
| summit_session_attendee_username7 =
| summit_session_attendee_company7=Denim Group
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Chris Eng
| summit_session_attendee_email8 = ceng@veracode.com
| summit_session_attendee_username8 =
| summit_session_attendee_company8= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Jim Manico
| summit_session_attendee_email9 = jim@manico.net
| summit_session_attendee_username9 =
| summit_session_attendee_company9= Infrared Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Jack Mannino
| summit_session_attendee_email10 = jack@nvisiumsecurity.com
| summit_session_attendee_username10 =
| summit_session_attendee_company10= nVisium Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Nishi Kumar
| summit_session_attendee_email11 = nishi.kumar@owasp.org
| summit_session_attendee_username11 =
| summit_session_attendee_company11= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Mobile Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| mailing_list =

|-

| short_working_session_description= Working session to establish baseline knowledge repository for mobile security testing within OWASP

|-

| related_project_name1 = OWASP Mobile Security Project
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Mobile_Security_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-
| summit_session_objective_name1 = '''Primary: Create core knowledge base on project wiki site'''
| summit_session_objective_name2 = Recruit volunteers to contribute to project
| summit_session_objective_name3 = Establish relationships with key players (i.e. Apple/Google/etc)

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Project wiki page

|summit_session_deliverable_name2 = A project home page, roadmap, and action plan. Look at the OWASP Ecosystem concept to see what all you should have in place.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Mike Zusman
| summit_session_leader_email1 = mike.zusman@intrepidusgroup.com

| summit_session_leader_name2 = David Campbell
| summit_session_leader_email2 = dcampbell@owasp.org

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-

| session_name_mask =  Session065
| session_home_page =  Summit_2011_Working_Sessions/Session065
}}

Summit 2011 Working Sessions/Session073

2011-01-27T05:47:32Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_company1= [http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Lorna Alamri
| summit_session_attendee_email2 = lorna.alamri@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Achim Hoffmann
| summit_session_attendee_email3 = achim@owasp.org
| summit_session_attendee_company3= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= see items at [[Talk:Summit_2011_Working_Sessions/Session023#Emphasise_.22S.22_of_OWASP | Overhauling OWASP website]] session

| summit_session_attendee_name4 = Elke Roth-Mandutz
| summit_session_attendee_email4 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company4= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= web privacy research project

| summit_session_attendee_name5 = David Campbell
| summit_session_attendee_email5 = dcampbell@owasp.org
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg]]
| summit_session_name = Privacy - Personal Data/PII, Legislation and OWASP
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073
| mailing_list =

|-

| short_working_session_description=

[[File:Banner-privacypush-1.png]]

Privacy is a growing area of concern in the US, and might have greater awareness & understanding in the EU than security. Should OWASP say more about protecting personal data? Security is just one aspect of data protection, but many data breaches have been the result of application vulnerabilities.

This session will be useful for project leaders, as well as anyone in sectors collecting, processing or storing personal data (e.g. of consumers, citizens and employees).

|-

| related_project_name1 = Application Security Verification Standard - V9 Data Protection
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

| related_project_name2 = Application Security Desk Reference (ASDR) - Vulnerabilities - Privacy Violation
| related_project_url_2 = http://www.owasp.org/index.php/Privacy_Violation

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Identify privacy enhancing & verification aspects of existing tools and documents

| summit_session_objective_name2 = Create a one-page OWASP projects-to-privacy cross reference factsheet

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = The protection of personal data has been an important concern of organisations, especuially in Europe where European legislation has driven continent-wide adoption. In North America, the US HIPAA and Canadian Privacy Act have driven privacy initiatives. With the adoption of principles and processes such as "privacy by design", "privacy impact assessments" and "building privacy in", backed with strong regulation, organizations are having to make privacy a central part of their business practices. Growing public concern about use of their personal data, mis-use by organizations and personal data breaches are leading to increased, rather than decreased government intervention in this area. Individuals themselves are more aware of their powers and there are growing trends such as vendor relationship management, where organisations need to take an external, rather than internal, viewpoint. Privacy issues are nothing new, but some more recent examples are:

* [http://www.ftc.gov/opa/2010/12/privacyreport.shtm US Federal Trade Commission (FTC) Preliminary Staff Report on Privacy], 12 December 2010
* [http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2010-0484+0+DOC+XML+V0//EN&language=EN European Parliament Asks the European Commission to Protect Online Users from Advertising], 15 December 2010
* [http://news.cnet.com/8301-31921_3-20025950-281.html?part=rss&subj=news&tag=2547-1_3-0-20 Members Appointed to US Privacy and Civil Liberties Oversight Board], 16 December 2010
* [http://www.commerce.gov/news/press-releases/2010/12/16/commerce-department-unveils-policy-framework-protecting-consumer-privUS Department of Commerce Publishes Green Paper Recommending Creation of a Privacy 'Bill of Rights' for Internet Users], 16 December 2010
* [http://www.huntonprivacyblog.com/2011/01/articles/european-union-1/department-of-commerce-official-holds-briefing-on-eu-data-protection-forum/index.html Department of Commerce Official Holds Briefing on EU Data Protection Forum], 11 January 2011

Can we map projects (tools and sections in resources) to business drivers such as "privacy"?

Privacy aspects are referred to through the OWASP wiki (including projects):

[[File:Owasp-org-privacy-counts.png]]

But there is not any central guide, and perhaps what there is, does not have enough depth. ASVS includes a whole verification topic about data protection and the ASDR has a page on privacy as a "vulnerability". The OWASP Top ten 2010 mentions personal data in the context of insecure cryptographic storage, but privacy protection is of course much wider than encrypting data. It is of course much wider than application security:

[[File:Privacy-context.png]]

But is OWASP offering the correct guidance in this area? Should OWASP be doing more?

|-

|summit_session_deliverable_name1 = A white paper discussing how the privacy ecosystem overlaps with the OWASP ecosystem and whether there should be more bridges built between them.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Colin Watson
| summit_session_leader_email1 = colin.watson(at)owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session073
| session_home_page =  Summit_2011_Working_Sessions/Session073
}}

Global Industry Committee

2011-01-19T19:10:52Z

Dc: /* Work in Progress */ removed SPVA liason - no progress for too long

'''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.'''

== Mission Statement ==

''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' [https://www.owasp.org/index.php/Global_Industry_Committee#General_Presentations_and_Reports Powerpoint of Accomplishments]

 

== Committee Plan ==

Step 1: [[Industry:Organizations for Outreach|Identify specific organizations]] worth working with to spread the OWASP gospel

Step 2: Prioritize the proposed liaisons based on potential impact, and also realistic likelihood of the organization actively working with us

Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact

Step 4: Evaluate progress & repeat Step 1-3

== Committee Members ==

 Committee Members:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Lorna Alamri
| lorna.alamri 'at' owasp dot org
| US
|-
| Joe Bernik
| bernik 'at' gmail dot com
| US
|-
| Rex Booth
| rex.booth 'at' gt dot com
| US
|-
| David Campbell
| dcampbell 'at' owasp dot org
| US
|-
| Alexander Fry
| alexander.fry 'at' owasp dot org
| US
|-
| Georg Hess
| georg.hess 'at' artofdefence dot com
| Germany
|-
| Yiannis Pavlosoglou
| yiannis 'at' owasp dot org
| UK
|-
| Colin Watson
| colin.watson 'at' owasp dot org
| UK
|}

 Board Member Representative:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Matt Tesauro
| matt.tesauro 'at' owasp dot org
| USA
|}

 Committee Secretary:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| [[User:Sarah_Baso |Sarah Baso]]
| sarah.baso 'at' owasp dot org
| USA
|}

The committee chair (from Nov 2010) is Yiannis Pavlosoglou. Previous chairs:

*Colin Watson (Nov 2009 to Oct 2010)

= Monthly Report Format =

See below...

== Getting Involved ==

=== Mailing List ===

[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list]

=== Meetings ===

The next Global Industry Committee meeting will be:

*TBC
**Dial in number: +1 866 534 4754
**Call code 192341

Minutes of previous meetings are:

*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])
*[[Industry:Minutes 2010-05-18|18 May 2010]]
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] (also [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 MP3 recording of the call])
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]
* 16 Dec 2010

=== Membership ===

[[Membership]] explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.

=== Other ongoing initiatives ===

*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.

== Current Activity ==

=== Work in Progress ===

The current activities being undertaken:

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Deadline
! Type
! Status
! Description
! Who
|-
| DoJ Secure Coding Guide
| ?
| Standards
| New
| Provide response
| ??
|-
| NIST SP 800-137
| 15 Mar 2011
| Standards
| New
| Provide response to "NIST SP 800-137 DRAFT Information Security Continuous Monitoring for Federal Information Systems and Organizations"
| ??
|-
| Scholarship for AppSecUSA Attendance of women
| On-going
| Outreach
| New
| Raise funds and create model for funds disbursement
| LA/YP
|-
| ISC(2)Presentation at OWASP Summit 2011
| 8 Feb 2011
| Standards
| New
| Dr. Vehbi Tasar, CISSP, CSSLP Director of Professional Programs Development ISC (2), Speaking on ISC(2)credentials: CSSLP and ASAB
| LA/YP
|-
| [[Industry:FTC Protecting Consumer Privacy|FTC Protecting Consumer Privacy in an Era of Rapid Change]]
| 31 Jan 2011
| Standards
| New
| Provide response to "FTC Protecting Consumer Privacy in an Era of Rapid Change - A framework for businesses and policymakers"
| CW
|-
| National Board of Information Security Examiners
| Ongoing
| Outreach
| New
| Invite and coordinate OWASP contributions to NBISE
| YP/LA
|-
| OWASP Top 10 Presentation
| 2/18/11 or 2/25/11
| Outreach
| New
| OWASP Presentation Royal Holloway, University of London presentation
| YP
|-
| New IETF Web Security working group / W3C Web Application Security Working Group
| Ongoing
| All Members
| New
| Invite and coordinate OWASP contributions on this IETF/W3C Group
| YP/CW
|-
| [http://www.owasp.org/index.php/OWASP_Mobile_Security_Project Kickoff OWASP Mobile Security Project]
| 2011 Summit
| Projects
| New
| Provide GIC oversight to Mobile Security Project
| DC
|-
| [http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP FedRAMP]
| 17 Jan 2011
| Standards
| In progress
| Provide response to FedRAMP certification and accreditation process
| RB
|-
| [http://hacking-lab.com/ Hacking Lab]
| 14 Dec 2011
| Outreach
| In progress
| Matt Tesauro has been working with Hacking Lab previously and brought it to the GIC
| MAT/YP
|-
| Leeds Chapter Leader Presentation
| 13 Dec 2011
| Outreach
| In progress
| LA is gathering OWASP overview and project information for OWASP Leeds presentation needs.
| LA
|-
| "Configure SSL" Campaign
| 1 Feb 2011
| Paper write-up
| New
| Alexis FitzGerald's idea
| AFG
|-
| [Testimonials]
| -
| Outreach
| In progress
| Obtain further testimonials for wiki page
| CW/SD
|-
| Reconnecting with past Industry Committee connections
| 1 Feb 2011
| Follow up
| In progress
| YP and LA to follow up with Industry Committee past contacts.
| YP/LA
|-
| [http://www.londoncentral.bcs.org BCS London Central]
| 17 Feb 2011
| Outreach
| New
| Present a talk about OWASP.
| CW
|-
| [http://www.bcs.org BCS]
| 3 Sep 2010
| Outreach
| In Progress
| Write article for BCS ITnow magazine about application security and OWASP Top Ten.
| YP
|-
| [http://www.usmma.edu/ USMMA]
| 1 Jan 2011
| Outreach
| New
| Make contact. Present a talk about OWASP to the USMMA computer club or security teams.
| AF
|-
| [http://www.usna.edu/ USNA]
| 1 Jan 2011
| Outreach
| New
| Make contact. Present a talk about OWASP to the USNA computer science faculty and students or interest group.
| AF
|-
| [http://www.auscert.org.au/ AusCERT]
| -
| Outreach
| In Progress
| Make contact and discuss opportunities for OWASP to contribute to their work
| YP
|-
| OWASP Financial Services SIG
| -
| Outreach
| In Progress
| Working with Fabio Cerullo, Eoin Keary, Jim Routh, Jerry Kickenson and others on forming a SIG. Arranging a financial panel for AppSec in Washington, DC in November
| JB/EK
|-
|}

=== Completed Items ===

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Completed
! Type
! Status
! Description
! Who
|-
| [[Industry:ICO Data Sharing CoP|Data Sharing CoP]]
| 5 Jan 2011
| Standards
| In progress
| Provide response to UK ICO's "Data Sharing Code of Practice Consultation"
| CW/AF
|-
| CRESTCON
| 14 Dec 2011
| Outreach
| Closed
| YP is attending CRESTCON in Royal Holloway, Surrey, UK
| YP
|-
| (ISC)^2 Application Security Advisory Board (ASAB)
| 19 Nov 2010
| Outreach
| Closed
| YP is now a member of the (ISC)^2 ASAB, with the first meeting to be held in FL on the above stated date.
| YP
|-
| [http://www.techexecnetworks.com/event_2010.12.01.asp T.E.N./Fortify Software Security Assurance Summit]
| 1 Dec 2010
| Outreach
| Closed
| Discuss quick wins and high impact software assurance activities using the OWASP SAMM model as reference and cite other OWASP projects as resources.
| AF
|-
| [[Industry:DOJ Nondiscrimination on the Basis of Disability|DOJ Nondiscimination on the Basis of Disability]]
| 30 Nov 2010
| Standards
| Closed
| Provide response to US DOJ's "Accessibility of Web Information and Services of State and Local Government Entities and Public Accommodations"
| AF/LA
|
|-
| [[Industry:e-Consumer Protection Consultation|e-Consumer Protection Consultation]]
| 13 Oct 2010
| Standards
| Closed
| Review and provide official OWASP response to [http://www.oft.gov.uk/ UK Office of Fair Trading] [http://www.oft.gov.uk/OFTwork/consultations/current/eprotection/ e-Consumer Protection Consultation].
| YP
|-
| [[Industry:ENISA Cloud Computing Common Assurance Metrics|ENISA Common Assurance Maturity Model]]
| 8 Oct 2010
| Standards
| Closed
| Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Maturity Model for [http://www.enisa.europa.eu/ ENISA]/Cloud Security Alliance/etc joint initiative.
| CW
|-
| [http://www.w3.org/TR/2010/WD-mwabp-20100713/ Mobile Web Application Best Practices Working Draft]
| 6 Aug 2010
| Standards
| Closed
| Review and provide official OWASP response to W3C's [http://www.w3.org/2005/MWI/BPWG/ Mobile Web Best Practices Working Group].
| DC
|-
| [http://www.oft.gov.uk/ UK Office of Fair Trading]
| 23 Jul 2010
| Standards
| Closed
| Ask to be added to official consultation list
| CW
|-
| [http://www.businesslink.gov.uk BusinessLink]
| 1 Jul 2010
| Outreach
| Closed
| Offer to contribute to development of IT security information about [http://www.businesslink.gov.uk/bdotg/action/layer?topicId=1075421745 application security] on the BusinessLink website for UK SMEs. Outcome - no help required at present, but BusinessLink system to be disbanded.
| CW
|-
| Veracode
| 28 Jun 2010
| Outreach
| Closed
| Discuss use of Open SAMM to classify Secure SDL maturity in Veracode's code analysis summary reports. Outcome - positive response received.
| CW
|-
| [http://www.owasp.org/index.php/Leeds_UK OWASP Leeds/North]
| 16 Jun 2010
| Outreach
| Closed
| Presentations at chapter meeting in Newcastle-upon-Tyne about ENISA CAMM and OWASP Appsensor
| CW
|-
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010 Front Range OWASP Conference (FROC) 2010]
| 2 Jun 2010
| Outreach
| Closed
| Conference organisation [http://tinyurl.com/froctalks Vids & presentations online]
| DC
|-
| [http://www.isaca-denver.org/meetings/MAY_2010_CHPT_MTG.shtml OWASP Presentation at ISACA Denver Annual Meeting]
| 27 May 2010
| Outreach
| Closed
| Presentation [https://docs.google.com/fileview?id=0B_-vbfka88vFNjIwY2IwYjItZmYyNi00MmNiLWFhOWItYmQ4OGZmZjVmZWUx&hl=en Presentation online]
| DC
|-
| [http://www.issa-uk.org/ ISSA-UK]
| 13 May 2010
| Outreach
| Closed
| Presentation
| YP
|-
| [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]]
| 5 Mar 2010
| Legislation
| Closed
| Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice"
| YP
|-
| [http://www.enisa.europa.eu/ ENISA] Mobile Apps
| Mar 2010
| Outreach
| Closed
| Identify and introduce OWASP contact for ENISA's Mobile Apps Project, in conjunction with Dinis Cruz.
| CW
|-
| [[Industry:Technology Strategy Board Secure Software Development Initiative|Technology Strategy Board Secure Software Development Partnership]]
| 18 Feb 2010
| Outreach
| Closed
| Liaise with the UK [http://www.innovateuk.org/ Technology Strategy Board] about the Secure Software Development Partnership (SSDP) in conjunction with the [http://www.owasp.org/index.php/London London chapter] leader Justin Clarke
| CW
|-
| US [http://www.issa-nova.org Information Systems Security Association Northern Virginia Chapter (ISSA-NOVA)]
| 21 Jan 2010
| Outreach
| Closed
| Provide presentation covering CSSLP, fundamentals of AppSec and Intro to OWASP and Global Industry Committee
| AF
|-
| [http://www.enisa.europa.eu/ ENISA]
| Jan 2010
| Outreach
| Closed
| Discuss opportunities for OWASP to work with ENISA, in conjunction with Dinis Cruz.
| CW
|-
| [[:Industry:Draft NIST SP 800-37 Revision 1|NIST SP 800-37 Revision 1 FPD]] Review Project
| 30 Dec 2009
| Standards
| Closed
| Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach"
| RB
|-
| [http://www.crest-approved.org/ CREST] CRESTCon
| 15 Dec 2009
| Outreach
| Closed
| Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th.
| YP
|-
| [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network]
| 30 Nov 2009
| Outreach
| Closed
| Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way
| CW
|-
| [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]]
| 25 Nov 2009
| Standards
| Closed
| Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements"
| CW
|-
| [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009]
| 10-13 Nov 2009
| Outreach
| Closed
| Conference organisation - special effort to engage with US Federal sector
| RB
|-
| [http://www.justice.gov.uk/ UK Ministry of Justice]
| -
| Legislation
| Closed
| Ask to be added to official consultation list
| CW
|-
| [http://www.it-sa.de/ IT-SA]
| 13-15 Oct 2009
| Outreach
| Closed
| OWASP booth at trade show
| GH
|-
| [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009]
| 13 Oct 2009
| Outreach
| Closed
| Conference organisation
| GH
|-
| US [http://www.loc.gov Library of Congress]
| 28 Sep 2009
| Outreach
| Closed
| Presentation about OWASP
| RB
|-
| [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009]
| 10 Sep 2009
| Outreach
| Closed
| Conference organisation
| EK
|-
| OWASP Citations
| 7 Sep 2009
| Other
| Closed
| Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]]
| CW
|-
| US [http://www.loc.gov Library of Congress]
| 26 Aug 2009
| Outreach
| Closed
| Presentation about OWASP
| RB
|-
| OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit]
| 13 Aug 2009
| Outreach
| Closed
| Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures].
| DC
|-
| [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]]
| 31 Jul 2009
| Standards
| Closed
| Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today."
| CW
|-
| [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project]
| 8 Jul 2009
| Standards
| Closed
| Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0]
| TB
|-
| [[Scotland]]
| 25 Jun 2009
| Outreach
| Closed
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]])
| CW
|-
| OWASP Presentation at [http://cfp2009.org/ CFP Con 2009]
| 1 Jun 2009
| Outreach
| Closed
| Deliver presentation on web threats and countermeasures. See [http://www.cfp2009.org/wiki/index.php/Tutorials/Workshops CFP tutorial page] grep OWASP for more info.
| DC
|-
| ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory]
| -
| Outreach
| Closed
| Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters.
| CW
|-
| IIL [http://www.iilondon.co.uk/ Insurance Institute of London]
| 2 Jun 2009
| Outreach
| Closed
| Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce]
| CW
|-
| [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]]
| 29 May 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management"
| CW/EK/RB/DC
|-
| German IT Industry Association
| 15 May 2009
| Outreach
| Closed
| Presentation on OWASP
| GH
|-
| [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines]
| 7 May 2009
| Outreach
| Closed
| Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP
| DC
|-
| [[Industry:DPC BS 10012|DPC BS 10012]]
| 31 Mar 2009
| Standards
| Closed
| Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC)
| CW
|-
| [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]]
| 27 Mar 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations"
| RB
|-
| [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]]
| 13 Mar 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)"
| CW
|-
| [[London]]
| 12 Mar 2009
| Outreach
| Closed
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]])
| CW
|-
| [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]]
| 11 Mar 2009
| Legislation
| Closed
| Provide response to UK Government's "Digital Britain Interim Report Jan 2009"
| CW
|-
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range]
| 5 Mar 2009
| Outreach
| Closed
| Conference organisation
| DC
|-
| US [http://www.commerce.gov/ Department of Commerce]
| 25 Feb 2009
| Outreach
| Closed
| Presentation about OWASP to Economic Security Working Group
| RB
|-
| [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]]
| 31 Jan 2009
| Standards
| Closed
| Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC)
| Puneet/CW
|-
| AppSec Presentation Delivered to Infragard, Dec 2008
| Dec 2008
| Outreach
| Closed
| [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. [http://docs.google.com/Present?docid=ddkr62qv_0cn7km4c3&skipauth=true Presentation here]. Email DC for full PPT with speaker notes
| DC
|-
| The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk]
| Nov 2008
| Outreach
| Closed
| Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website
| DC
|}

=== General Presentations and Reports ===

[[Summit 2009]]

*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]

Summaries (for inclusion into other full OWASP presentations):

*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]
*Jul 2009 [[Image:Owasp-industry-committee-summary-july-2009.ppt]]
*May 2009 [[Image:Owasp-industry-committee-summary-may-2009.ppt]]
*Apr 2009 [[Image:Owasp-industry-committee-summary-april-2009.ppt]]
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]

 

Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

Summit 2011 Attendee/Attendee082

2010-12-30T21:48:47Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Ashkan Soltani
| summit_attendee_email1 = asoltani@ischool.berkeley.edu
| summit_attendee_wiki_username1 =
|-
| summit_attendee_company = Consultant to FTC, WSJ
|-
| summit_attendee_current_owasp_involvement_name1 = Flash Cookies Research
| summit_attendee_current_owasp_involvement_url_1 = http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
| summit_attendee_current_owasp_involvement_name2 = Privacy Research (Knowprivacy)
| summit_attendee_current_owasp_involvement_url_2 = http://knowprivacy.org/
| summit_attendee_current_owasp_involvement_name3 = Privacy Research (Tracking the Trackers)
| summit_attendee_current_owasp_involvement_url_3 = http://online.wsj.com/article/SB10001424052748703977004575393121635952084.html
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = Browser Security/Privacy
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = Mobile Security Working Session
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor = David Campbell
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status = Invited, seeking funding
|-
| letter sent to sponsor =
|-
| notes for Kate
|-
| attendee_name_mask =  Attendee082
| attendee_home_page =  Summit_2011_Attendee/Attendee082
}}

Summit 2011 Attendee/Attendee082

2010-12-30T20:59:07Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Ashkan Soltani
| summit_attendee_email1 =
| summit_attendee_wiki_username1 =
|-
| summit_attendee_company = Consultant to FTC, WSJ
|-
| summit_attendee_current_owasp_involvement_name1 = Flash Cookies Research
| summit_attendee_current_owasp_involvement_url_1 = http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
| summit_attendee_current_owasp_involvement_name2 = Privacy Research (Knowprivacy)
| summit_attendee_current_owasp_involvement_url_2 = http://knowprivacy.org/
| summit_attendee_current_owasp_involvement_name3 = Privacy Research (Tracking the Trackers)
| summit_attendee_current_owasp_involvement_url_3 = http://online.wsj.com/article/SB10001424052748703977004575393121635952084.html
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = Browser Security/Privacy
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = Mobile Security Working Session
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor = David Campbell
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status = Invited, seeking funding
|-
| letter sent to sponsor =
|-
| notes for Kate
|-
| attendee_name_mask =  Attendee082
| attendee_home_page =  Summit_2011_Attendee/Attendee082
}}

Summit 2011 Attendee/Attendee082

2010-12-21T22:57:33Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Ashkan Soltani
| summit_attendee_email1 =
| summit_attendee_wiki_username1 =
|-
| summit_attendee_company = FTC
|-
| summit_attendee_current_owasp_involvement_name1 =
| summit_attendee_current_owasp_involvement_url_1 =
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = Browser Security/Privacy
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor = David Campbell
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status = Invited, seeking funding
|-
| letter sent to sponsor =
|-
| notes for Kate
|-
| attendee_name_mask =  Attendee082
| attendee_home_page =  Summit_2011_Attendee/Attendee082
}}

Summit 2011 Attendee/Attendee067

2010-12-16T18:59:38Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = David Campbell
| summit_attendee_email1 = dcampbell@owasp.org
| summit_attendee_wiki_username1 = dc
|-
| summit_attendee_company = Electric Alchemy
|-
| summit_attendee_current_owasp_involvement_name1 = Denver Chapter Leader
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/Denver
| summit_attendee_current_owasp_involvement_name2 = FROC Organizer
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010
| summit_attendee_current_owasp_involvement_name3 = Industry Committee Member
| summit_attendee_current_owasp_involvement_url_3 = http://www.owasp.org/index.php/Global_Industry_Committee
| summit_attendee_current_owasp_involvement_name4 = Let Arshan win at HackCup 1.0 :)
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = Co-lead Mobile Security Project working session
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = Act as GIC liason to Mobile Security Project
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Global_Industry_Committee
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor = Denver Chapter
|-
| summit_attendee_summit_time_paid_by_name1 = Electric Alchemy
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 = Denver Chapter
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = Chapter leader, GIC member, Mobile Security project member
|-
| status = attendance confirmed, seeking funding
|-
| letter sent to sponsor =
|-
| notes for Kate = Should be funds available from Denver chapter
|-
| attendee_name_mask =  Attendee067
| attendee_home_page =  Summit_2011_Attendee/Attendee067
}}

Summit 2011 Attendee/Attendee067

2010-12-16T18:57:59Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = David Campbell
| summit_attendee_email1 = dcampbell@owasp.org
| summit_attendee_wiki_username1 = dc
|-
| summit_attendee_company = Electric Alchemy
|-
| summit_attendee_current_owasp_involvement_name1 = Denver Chapter Leader
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/Denver
| summit_attendee_current_owasp_involvement_name2 = FROC Organizer
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010
| summit_attendee_current_owasp_involvement_name3 = Industry Committee Member
| summit_attendee_current_owasp_involvement_url_3 = http://www.owasp.org/index.php/Global_Industry_Committee
| summit_attendee_current_owasp_involvement_name4 = Let Arshan win at HackCup 1.0 :)
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = Co-lead Mobile Security Project working session
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 = Act as GIC liason to Mobile Security Project
| summit_attendee_reason_for_summit_participation_url_2 = http://www.owasp.org/index.php/Global_Industry_Committee
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 =
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship =
|-
| status =
|-
| letter sent to sponsor =
|-
| notes for Kate = Should be funds available from Denver chapter
|-
| attendee_name_mask =  Attendee067
| attendee_home_page =  Summit_2011_Attendee/Attendee067
}}

Global Industry Committee

2010-12-16T18:56:20Z

Dc: /* Work in Progress */

'''The Global Industry Committee was created during the OWASP EU Summit in Portugal. The primary purpose of the Global Industry Committee is to work with industry executives to gather requirements from industry, work with Membership, Projects and others.'''

== Mission Statement ==

''To expand awareness of and promote the inclusion of software security best practices in Industry, Government, Academia and regulatory agencies and be a voice for industry. We will accomplish this through outreach; including presentations, development of position papers and collaborative efforts with other entities.'' [https://www.owasp.org/index.php/Global_Industry_Committee#General_Presentations_and_Reports Powerpoint of Accomplishments]

 

== Committee Plan ==

Step 1: [[Industry:Organizations for Outreach|Identify specific organizations]] worth working with to spread the OWASP gospel

Step 2: Prioritize the proposed liasons based on potential impact, and also realistic likelihood of the organization actively working with us

Step 3: Execute, leveraging global OWASP resources as much as possible to maximize impact

Step 4: Evaluate progress & repeat Step 1-3

== Committee Members ==

 Committee Members:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Lorna Alamri
| lorna.alamri 'at' owasp dot org
| US
|-
| Joe Bernik
| bernik 'at' gmail dot com
| US
|-
| Rex Booth
| rex.booth 'at' gt dot com
| US
|-
| David Campbell
| dcampbell 'at' owasp dot org
| US
|-
| Alexander Fry
| alexander.fry 'at' owasp dot org
| US
|-
| Georg Hess
| georg.hess 'at' artofdefence dot com
| Germany
|-
| Yiannis Pavlosoglou
| yiannis 'at' owasp dot org
| UK
|-
| Colin Watson
| colin.watson 'at' owasp dot org
| UK
|}

 Board Member Representative:

{| class="prettytable FCK__ShowTableBorders"
|-
! Name
! Email
! Location
|-
| Matt Tesauro
| matt.tesauro 'at' owasp dot org
| USA
|}

The committee chair (from Nov 2010) is Yiannis Pavlosoglou. Previous chairs:

*Colin Watson (Nov 2009 to Oct 2010)

= Monthly Report Format =

See below...

== Getting Involved ==

=== Mailing List ===

[http://lists.owasp.org/mailman/listinfo/global_industry_committee Join our mailing list]

=== Meetings ===

The next Global Industry Committee meeting will be:

*TBC
**Dial in number: +1 866 534 4754
**Call code 192341

Minutes of previous meetings are:

*[[Industry:Minutes 2010-08-17|17 Aug 2010]] (also [http://www.owasp.org/images/0/0d/Gic_call_17aug2010.mp3 MP3 recording of the call])
*[[Industry:Minutes 2010-05-18|18 May 2010]]
*[[Industry:Minutes 2010-01-05|05 Jan 2010]] (also [http://www.owasp.org/images/a/a3/Owasp_gic_call_5jan10.mp3 MP3 recording of the call])
*[[Industry:Minutes 2009-01-23|23 Jan 2009]]

=== Membership ===

[[Membership]] explains how to become an OWASP organization supporter or individual member. But you don't have to be an OWASP Member or Committee Member to contribute.

The current committee members joined for a 12 month term - see [[How to Join a Committee]] and [[Global Committee Pages]]. We would especially welcome new members who can widen our geographic coverage (e.g. Africa, Asia and South America) and who have time to contribute proactively.

=== Other ongoing initiatives ===

*[http://www.owasp.org/index.php/Global_Industry_Committee-SIG Special Interest Groups] - Outreach to sector-specific critical infrastructures worldwide.
*[http://www.owasp.org/index.php/Category:India OWASP India Advisory Board] - Regional panel contributing to the software outsourcing industry.
*[http://www.owasp.org/index.php/Industry:Citations OWASP Citations] - References to OWASP in official, or otherwise important, documents.

== Current Activity ==

=== Work in Progress ===

The current activities being undertaken:

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Deadline
! Type
! Status
! Description
! Who
|-
| [http://www.owasp.org/index.php/OWASP_Mobile_Security_Project Kickoff OWASP Mobile Security Project]
| 2011 Summit
| Projects
| New
| Provide GIC oversight to Mobile Security Project
| DC
|-
|-
| [http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP FedRAMP]
| 17 Jan 2011
| Standards
| In progress
| Provide response to FedRAMP certification and accreditation process
| RB
|-
| [http://trac.tools.ietf.org/area/sec/trac/wiki/SecurityDirectorate IETF Security Directorate]
| -
| Outreach
| In progress
| Make contact with, and discuss common goals with IETF
| YP/CW
|-
| [http://hacking-lab.com/ Hacking Lab]
| 14 Dec 2011
| Outreach
| In progress
| Matt Tesauro has been working with Hacking Lab previously and brought it to the GIC
| MAT/YP
|-
| Leeds Chapter Leader Presentation
| 13 Dec 2011
| Outreach
| In progress
| LA is gathering OWASP overview and project information for OWASP Leeds presentation needs.
| LA
|-
| "Configure SSL" Campaign
| 1 Feb 2011
| Paper write-up
| In progress
| Alexis FitzGerald's idea
| AFG/CW
|-
| [Testimonials]
| -
| Outreach
| In progress
| Obtain further testimonials for wiki page
| CW/SD
|-
| Reconnecting with past Industy Committee connections
| 1 Feb 2011
| Follow up
| In progress
| YP and LA to follow up with Industry Committee past contacts.
| YP/LA
|-
| [[Industry:ICO Data Sharing CoP|Data Sharing CoP]]
| 5 Jan 2011
| Standards
| In progress
| Provide response to UK ICO's "Data Sharing Code of Practice Consultation"
| CW
|-
| [http://www.londoncentral.bcs.org BCS London Central]
| 17 Feb 2011
| Outreach
| New
| Present a talk about OWASP.
| CW
|-
| [http://www.bcs.org BCS]
| 3 Sep 2010
| Outreach
| In Progress
| Write article for BCS ITnow magazine about application security and OWASP Top Ten.
| YP
|-
| [http://www.usmma.edu/ USMMA]
| 1 Jan 2011
| Outreach
| New
| Make contact. Present a talk about OWASP to the USMMA computer club or security teams.
| AF
|-
| [http://www.usna.edu/ USNA]
| 1 Jan 2011
| Outreach
| New
| Make contact. Present a talk about OWASP to the USNA computer science faculty and students or interest group.
| AF
|-
| [http://www.auscert.org.au/ AusCERT]
| -
| Outreach
| In Progress
| Make contact and discuss opportunities for OWASP to contribute to their work
| YP
|-
| OWASP Financial Services SIG
| -
| Outreach
| In Progress
| Working with Fabio Cerullo, Eoin Keary, Jim Routh, Jerry Kickenson and others on forming a SIG. Arranging a financial panel for AppSec in Washington, DC in November
| JB/EK
|-
| [http://www.spva.org Secure POS Vendor Alliance (SPVA)]
| -
| Outreach
| In Progress
| Begin dialogue about possibility of working together. Have had trouble getting through to them but have a good lead now. Updates soon :)
| DC
|}

=== Completed Items ===

{| class="prettytable FCK__ShowTableBorders"
|-
! Task
! Completed
! Type
! Status
! Description
! Who
|-
| CRESTCON
| 14 Dec 2011
| Outreach
| Closed
| YP is attending CRESTCON in Royal Holloway, Surrey, UK
| YP
|-
| (ISC)^2 Application Security Advisory Board (ASAB)
| 19 Nov 2010
| Outreach
| Closed
| YP is now a member of the (ISC)^2 ASAB, with the first meeting to be held in FL on the above stated date.
| YP
|-
| [http://www.techexecnetworks.com/event_2010.12.01.asp T.E.N./Fortify Software Security Assurance Summit]
| 1 Dec 2010
| Outreach
| Closed
| Discuss quick wins and high impact software assurance activities using the OWASP SAMM model as reference and cite other OWASP projects as resources.
| AF
|-
| [[Industry:DOJ Nondiscrimination on the Basis of Disability|DOJ Nondiscimination on the Basis of Disability]]
| 30 Nov 2010
| Standards
| Closed
| Provide response to US DOJ's "Accessibility of Web Information and Services of State and Local Government Entities and Public Accommodations"
| AF/LA
|
|-
| [[Industry:e-Consumer Protection Consultation|e-Consumer Protection Consultation]]
| 13 Oct 2010
| Standards
| Closed
| Review and provide official OWASP response to [http://www.oft.gov.uk/ UK Office of Fair Trading] [http://www.oft.gov.uk/OFTwork/consultations/current/eprotection/ e-Consumer Protection Consultation].
| YP
|-
| [[Industry:ENISA Cloud Computing Common Assurance Metrics|ENISA Common Assurance Maturity Model]]
| 8 Oct 2010
| Standards
| Closed
| Work with [[:Category:OWASP Cloud ‐ 10 Project]] to contribute to the development of Common Assurance Maturity Model for [http://www.enisa.europa.eu/ ENISA]/Cloud Security Alliance/etc joint initiative.
| CW
|-
| [http://www.w3.org/TR/2010/WD-mwabp-20100713/ Mobile Web Application Best Practices Working Draft]
| 6 Aug 2010
| Standards
| Closed
| Review and provide official OWASP response to W3C's [http://www.w3.org/2005/MWI/BPWG/ Mobile Web Best Practices Working Group].
| DC
|-
| [http://www.oft.gov.uk/ UK Office of Fair Trading]
| 23 Jul 2010
| Standards
| Closed
| Ask to be added to official consultation list
| CW
|-
| [http://www.businesslink.gov.uk BusinessLink]
| 1 Jul 2010
| Outreach
| Closed
| Offer to contribute to development of IT security information about [http://www.businesslink.gov.uk/bdotg/action/layer?topicId=1075421745 application security] on the BusinessLink website for UK SMEs. Outcome - no help required at present, but BusinessLink system to be disbanded.
| CW
|-
| Veracode
| 28 Jun 2010
| Outreach
| Closed
| Discuss use of Open SAMM to classify Secure SDL maturity in Veracode's code analysis summary reports. Outcome - positive response received.
| CW
|-
| [http://www.owasp.org/index.php/Leeds_UK OWASP Leeds/North]
| 16 Jun 2010
| Outreach
| Closed
| Presentations at chapter meeting in Newcastle-upon-Tyne about ENISA CAMM and OWASP Appsensor
| CW
|-
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010 Front Range OWASP Conference (FROC) 2010]
| 2 Jun 2010
| Outreach
| Closed
| Conference organisation [http://tinyurl.com/froctalks Vids & presentations online]
| DC
|-
| [http://www.isaca-denver.org/meetings/MAY_2010_CHPT_MTG.shtml OWASP Presentation at ISACA Denver Annual Meeting]
| 27 May 2010
| Outreach
| Closed
| Presentation [https://docs.google.com/fileview?id=0B_-vbfka88vFNjIwY2IwYjItZmYyNi00MmNiLWFhOWItYmQ4OGZmZjVmZWUx&hl=en Presentation online]
| DC
|-
| [http://www.issa-uk.org/ ISSA-UK]
| 13 May 2010
| Outreach
| Closed
| Presentation
| YP
|-
| [[Industry:Personal Information Online Code of Practice|Personal Information Online COP]]
| 5 Mar 2010
| Legislation
| Closed
| Provide response to UK Information Commissioner's Office draft "Personal Information Online Code of Practice"
| YP
|-
| [http://www.enisa.europa.eu/ ENISA] Mobile Apps
| Mar 2010
| Outreach
| Closed
| Identify and introduce OWASP contact for ENISA's Mobile Apps Project, in conjunction with Dinis Cruz.
| CW
|-
| [[Industry:Technology Strategy Board Secure Software Development Initiative|Technology Strategy Board Secure Software Development Partnership]]
| 18 Feb 2010
| Outreach
| Closed
| Liaise with the UK [http://www.innovateuk.org/ Technology Strategy Board] about the Secure Software Development Partnership (SSDP) in conjunction with the [http://www.owasp.org/index.php/London London chapter] leader Justin Clarke
| CW
|-
| US [http://www.issa-nova.org Information Systems Security Association Northern Virginia Chapter (ISSA-NOVA)]
| 21 Jan 2010
| Outreach
| Closed
| Provide presentation covering CSSLP, fundamentals of AppSec and Intro to OWASP and Global Industry Committee
| AF
|-
| [http://www.enisa.europa.eu/ ENISA]
| Jan 2010
| Outreach
| Closed
| Discuss opportunities for OWASP to work with ENISA, in conjunction with Dinis Cruz.
| CW
|-
| [[:Industry:Draft NIST SP 800-37 Revision 1|NIST SP 800-37 Revision 1 FPD]] Review Project
| 30 Dec 2009
| Standards
| Closed
| Provide response to "NIST SP 800-37 Revision 1 Final Public Draft, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach"
| RB
|-
| [http://www.crest-approved.org/ CREST] CRESTCon
| 15 Dec 2009
| Outreach
| Closed
| Already an oversubscribed event, YP & CW have been placed on the reserve list. Update: Positions secured for the 15th.
| YP
|-
| [http://msdn.microsoft.com/en-us/security/cc448177.aspx SDL Pro Network]
| 30 Nov 2009
| Outreach
| Closed
| Contact SDL Pro Network to discuss if there are opportunities for OWASP to become involved or connected in some way
| CW
|-
| [[Industry:Draft NIST IR 7628|Draft NIST IR 7628]]
| 25 Nov 2009
| Standards
| Closed
| Provide response to "NIST IR 7628 Draft Smart Grid Cyber Security Strategy and Requirements"
| CW
|-
| [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009 Appsec DC 2009]
| 10-13 Nov 2009
| Outreach
| Closed
| Conference organisation - special effort to engage with US Federal sector
| RB
|-
| [http://www.justice.gov.uk/ UK Ministry of Justice]
| -
| Legislation
| Closed
| Ask to be added to official consultation list
| CW
|-
| [http://www.it-sa.de/ IT-SA]
| 13-15 Oct 2009
| Outreach
| Closed
| OWASP booth at trade show
| GH
|-
| [http://www.owasp.org/index.php/OWASP_AppSec_Germany_2009_Conference OWASP AppSec Germany 2009]
| 13 Oct 2009
| Outreach
| Closed
| Conference organisation
| GH
|-
| US [http://www.loc.gov Library of Congress]
| 28 Sep 2009
| Outreach
| Closed
| Presentation about OWASP
| RB
|-
| [http://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference OWASP Ireland AppSec 2009]
| 10 Sep 2009
| Outreach
| Closed
| Conference organisation
| EK
|-
| OWASP Citations
| 7 Sep 2009
| Other
| Closed
| Identify and record the most important references to OWASP in official, or otherwise important, documents. Page created at: [[Industry:Citations]]
| CW
|-
| US [http://www.loc.gov Library of Congress]
| 26 Aug 2009
| Outreach
| Closed
| Presentation about OWASP
| RB
|-
| OWASP webcast at Brighttalk [http://www.brighttalk.com/summit/dataprivacy2 Data and Privacy in Web 2.0 Summit]
| 13 Aug 2009
| Outreach
| Closed
| Deliver [http://www.brighttalk.com/webcasts/4767/attend OWASP presentation on XSS, client side exploitation, and countermeasures].
| DC
|-
| [[Industry:SAFECode Secure Development Practices (update to Oct 2008 version)|SAFECode Secure Development Practices (update to Oct 2008 version)]]
| 31 Jul 2009
| Standards
| Closed
| Response to [http://www.safecode.org/ SAFECode] "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today."
| CW
|-
| [http://www.owasp.org/index.php/Category:OWASP_CSA_Project OWASP CSA Project]
| 8 Jul 2009
| Standards
| Closed
| Response to RFC [http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Cloud Security Alliance Guidance v1.0]
| TB
|-
| [[Scotland]]
| 25 Jun 2009
| Outreach
| Closed
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-scotland-industry-committee-june-2009.ppt]] and written notes [[Image:Owasp-scotland-industry-committee-june-2009-notes.pdf]])
| CW
|-
| OWASP Presentation at [http://cfp2009.org/ CFP Con 2009]
| 1 Jun 2009
| Outreach
| Closed
| Deliver presentation on web threats and countermeasures. See [http://www.cfp2009.org/wiki/index.php/Tutorials/Workshops CFP tutorial page] grep OWASP for more info.
| DC
|-
| ENISA [http://www.enisa.europa.eu/pages/02_03_news_2009_02_19_who_is_who.html Who-Is-Who Directory]
| -
| Outreach
| Closed
| Contact ENISA regarding OWASP inclusion in directory (in progress). Encourage European chapter leaders to contact their ENISA liaison officers (completed). Contact UK liaison officer on behalf of London, Leeds and Scotland chapters.
| CW
|-
| IIL [http://www.iilondon.co.uk/ Insurance Institute of London]
| 2 Jun 2009
| Outreach
| Closed
| Contact IIL regarding future input to their publication [http://www.iilondon.co.uk/XtraCart/store/comersus_viewItem.asp?idProduct=187 Insurance Aspects of E-Commerce]
| CW
|-
| [[Industry:Draft NIST SP 800-118|Draft NIST SP 800-118]]
| 29 May 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-118 Guide to Enterprise Password Management"
| CW/EK/RB/DC
|-
| German IT Industry Association
| 15 May 2009
| Outreach
| Closed
| Presentation on OWASP
| GH
|-
| [http://docs.google.com/Present?docid=ddkr62qv_171cd7gh5fb&skipauth=true Outreach Presentation to Frontier Airlines]
| 7 May 2009
| Outreach
| Closed
| Provide outreach presentation covering fundamentals of AppSec and Intro to OWASP
| DC
|-
| [[Industry:DPC BS 10012|DPC BS 10012]]
| 31 Mar 2009
| Standards
| Closed
| Provide response to "BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998" Draft for Public Comment (DPC)
| CW
|-
| [[Industry:Draft NIST SP 800-53 Revision 3|Draft NIST SP 800-53 Revision 3]]
| 27 Mar 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations"
| RB
|-
| [[Industry:Draft NIST SP 800-122|Draft NIST SP 800-122]]
| 13 Mar 2009
| Standards
| Closed
| Provide response to "Draft NIST Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)"
| CW
|-
| [[London]]
| 12 Mar 2009
| Outreach
| Closed
| Presentation about the Global Industry Committee, its role and recent activities (presentation slides [[Image:Owasp-london-industry-committee-march-2009.ppt]] and written notes [[Image:Owasp-london-industry-committee-march-2009-notes.pdf]])
| CW
|-
| [[Industry:Digital Britain Interim Report|Digital Britain Interim Report]]
| 11 Mar 2009
| Legislation
| Closed
| Provide response to UK Government's "Digital Britain Interim Report Jan 2009"
| CW
|-
| [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Front Range]
| 5 Mar 2009
| Outreach
| Closed
| Conference organisation
| DC
|-
| US [http://www.commerce.gov/ Department of Commerce]
| 25 Feb 2009
| Outreach
| Closed
| Presentation about OWASP to Economic Security Working Group
| RB
|-
| [[Industry:DPC BS 8878:2009|DPC BS 8878:2009]]
| 31 Jan 2009
| Standards
| Closed
| Provide response to "BS 8878:2009 Web accessibility. Building accessible experiences for disabled people" Draft for Public Comment (DPC)
| Puneet/CW
|-
| AppSec Presentation Delivered to Infragard, Dec 2008
| Dec 2008
| Outreach
| Closed
| [http://www.infragard.net/ Infragard] is a collaboration between the US FBI and maintainers of critical infrastructure. [http://docs.google.com/Present?docid=ddkr62qv_0cn7km4c3&skipauth=true Presentation here]. Email DC for full PPT with speaker notes
| DC
|-
| The Register [http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/ Google Analytics — Yes, it is a security risk]
| Nov 2008
| Outreach
| Closed
| Co-ordination of response and provision of comments from OWASP leaders about risk of JavaScript on Barack Obama's website
| DC
|}

=== General Presentations and Reports ===

[[Summit 2009]]

*Global Industry Committee Presentation [[Image:Owasp-summit2009-industry-committee.ppt]]

Summaries (for inclusion into other full OWASP presentations):

*Sep 2009 [[Image:Owasp-industry-committee-summary-september-2009.ppt]]
*Jul 2009 [[Image:Owasp-industry-committee-summary-july-2009.ppt]]
*May 2009 [[Image:Owasp-industry-committee-summary-may-2009.ppt]]
*Apr 2009 [[Image:Owasp-industry-committee-summary-april-2009.ppt]]
*Mar 2009 [[Image:Owasp-industry-committee-summary-march-2009.ppt]]

 

Other [http://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

Summit 2011 Attendee/Attendee078

2010-12-16T18:50:09Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Mike Zusman
| summit_attendee_email1 = mike.zusman@intrepidusgroup.com
| summit_attendee_wiki_username1 = schmoilito
|-
| summit_attendee_company = Intrepidus Group
|-
| summit_attendee_current_owasp_involvement_name1 = Mobile Security Project
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = Lead Mobile Security working session
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor = Mobile Security Project (?)
|-
| summit_attendee_summit_time_paid_by_name1 = Intrepidus Group
| summit_attendee_summit_time_paid_by_url_1 =
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 = OWASP?
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = Mobile Security Project leader
|-
| status = attendance confirmed, seeking funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee078
| attendee_home_page =  Summit_2011_Attendee/Attendee078
}}

Summit 2011 Working Sessions/Session065

2010-12-16T18:38:01Z

Dc:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions tab</noinclude>
|-
| summit_session_name = Mobile Security
| summit_session_url = http://www.owasp.org/index.php/Working_Sessions_Projects_Mobile_Security
|-
| summit_session_objective_name1 = '''1) Primary: Create core knowledge base on project wiki site'''
| summit_session_objective_name2 = 2) Recruit volunteers to contribute to project
| summit_session_objective_name3 = 3) Establish relationships with key players (i.e. Apple/Google/etc)
| summit_session_objective_name4 =
| summit_session_objective_name5 =
|-
|summit_session_deliverable_name1 = Project wiki page
|summit_session_deliverable_url_1 = http://www.owasp.org/index.php/OWASP_Mobile_Security_Project
|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =
|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =
|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =
|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =
|-
| summit_session_leader_name1 = Mike Zusman
| summit_session_leader_email1 = mike.zusman@intrepidusgroup.com
| summit_session_leader_wiki_username1 = schmoilito
| summit_session_leader_name2 = David Campbell
| summit_session_leader_email2 = dcampbell@owasp.org
| summit_session_leader_wiki_username2 = dc
| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =
|-
| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =
| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =
| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =
| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =
| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =
| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =
| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =
| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =
| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =
| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =
| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =
| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =
| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =
| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =
| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =
| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =
| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=
| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =
| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =
| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =
|-
| session_name_mask =  Session065
| session_home_page =  Summit_2011_Working_Sessions/Session065
}}