OWASP - User contributions [en]

Mark O'Neill

2007-03-01T11:11:09Z

Dmunge:

OWASP London Chapter meeting on the 22nd of March!

Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening.

Mark is the author of the book [http://www.vordel.com/knowledgebase/book.html Web Services Security], published by McGraw-Hill/Osborne Media. He has provided training on Web Services Security to amongst others some US Government agencies and to Telecoms companies worldwide.

For each of the past 7 years, Mark has spoken on Web Services Security at the RSA Conference. This year 2007, he presented on Security Vulnerabilities in AJAX and Web 2.0 when he demonstrated security holes in the “mash-up” model.

His talk to the London chapter of OWASP on the 22nd of March will be based on the RSA presentation

Mark’s experience includes IT solutions architectures, and a comprehensive knowledge of programming.

Mark is a contributing member of the OASIS Security Services Technical Committee

[[London|return to London page]]

Mark O'Neill

2007-03-01T11:07:37Z

Dmunge:

OWASP London Chapter meeting on the 22nd of March!

Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening.

Mark is the author of the book Web Services Security, published by McGraw-Hill/Osborne Media. He has provided training on Web Services Security to amongst others some US Government agencies and to Telecoms companies worldwide.

For each of the past 7 years, Mark has spoken on Web Services Security at the RSA Conference. This year 2007, he presented on Security Vulnerabilities in AJAX and Web 2.0 when he demonstrated security holes in the “mash-up” model.

His talk to the London chapter of OWASP on the 22nd of March will be based on the RSA presentation

Mark’s experience includes IT solutions architectures, and a comprehensive knowledge of programming.

Mark is a contributing member of the OASIS Security Services Technical Committee

[[London|return to London page]]

Mark O'Neill

2007-03-01T11:06:03Z

Dmunge:

OWASP London Chapter meeting on the 22nd of March!

Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening.

Mark is the author of the book Web Services Security, published by McGraw-Hill/Osborne Media. He has provided training on Web Services Security to amongst others some US Government agencies and to Telecoms companies worldwide.

For each of the past 7 years, Mark has spoken on Web Services Security at the RSA Conference. This year 2007, he presented on Security Vulnerabilities in AJAX and Web 2.0 when he demonstrated security holes in the “mash-up” model.

His talk to the London chapter of OWASP on the 22nd of March will be based on the RSA presentation

Mark’s experience includes IT solutions architectures, and a comprehensive knowledge of programming.

Mark is a contributing member of the OASIS Security Services Technical Committee

[[London return to London page]]

Mark O'Neill

2007-03-01T11:04:57Z

Dmunge:

OWASP London Chapter meeting on the 22nd of March!

Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening.

Mark is the author of the book Web Services Security, published by McGraw-Hill/Osborne Media. He has provided training on Web Services Security to amongst others some US Government agencies and to Telecoms companies worldwide.

For each of the past 7 years, Mark has spoken on Web Services Security at the RSA Conference. This year 2007, he presented on Security Vulnerabilities in AJAX and Web 2.0 when he demonstrated security holes in the “mash-up” model.

His talk to the London chapter of OWASP on the 22nd of March will be based on the RSA presentation

Mark’s experience includes IT solutions architectures, and a comprehensive knowledge of programming.

Mark is a contributing member of the OASIS Security Services Technical Committee

[[London]]

Mark O'Neill

2007-03-01T11:04:25Z

Dmunge:

OWASP London Chapter meeting on the 22nd of March!

Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening.

Mark is the author of the book Web Services Security, published by McGraw-Hill/Osborne Media. He has provided training on Web Services Security to amongst others some US Government agencies and to Telecoms companies worldwide.

For each of the past 7 years, Mark has spoken on Web Services Security at the RSA Conference. This year 2007, he presented on Security Vulnerabilities in AJAX and Web 2.0 when he demonstrated security holes in the “mash-up” model.

His talk to the London chapter of OWASP on the 22nd of March will be based on the RSA presentation

Mark’s experience includes IT solutions architectures, and a comprehensive knowledge of programming.

Mark is a contributing member of the OASIS Security Services Technical Committee [[London]]

Mark O'Neill

2007-03-01T11:03:01Z

Dmunge: New page: OWASP London Chapter meeting on the 22nd of March! Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening...

OWASP London Chapter meeting on the 22nd of March!

Mark O'Neill - Chief Technical Officer- Vordel Ltd. www.vordel.com is giving an XML/Web services security presentation on this evening.

Mark is the author of the book Web Services Security, published by McGraw-Hill/Osborne Media. He has provided training on Web Services Security to amongst others some US Government agencies and to Telecoms companies worldwide.

For each of the past 7 years, Mark has spoken on Web Services Security at the RSA Conference. This year 2007, he presented on Security Vulnerabilities in AJAX and Web 2.0 when he demonstrated security holes in the “mash-up” model.

His talk to the London chapter of OWASP on the 22nd of March will be based on the RSA presentation

Mark’s experience includes IT solutions architectures, and a comprehensive knowledge of programming.

Mark is a contributing member of the OASIS Security Services Technical Committee,

London

2007-03-01T11:01:25Z

Dmunge: /* Local News */

{{Chapter Template|chaptername=London|extra=The chapter leader is [[user:Dinis.cruz| Dinis Cruz]] (since Jan 2007)|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-london|emailarchives=http://lists.owasp.org/pipermail/owasp-london}}

== Local News ==

The next two Owasp-London events will be:

* '''Thursday 22nd February'''
** Location: The Water Poet Pub, Liverpool St, London [http://www.beerintheevening.com/cgi-bin/map_link.cgi?id=17986&type=8 map] , [http://www.beerintheevening.com/pubs/s/17/17986/Water_Poet/Shoreditch description]
** We are going to use the downstairs room which you can access from the back of the pub
* '''Presentations''':
** by '''Dinis Cruz (Chief OWASP Evangelist)''' :
*** '''OWASP, the Open Web Application Security Project''' 30m - The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.
*** '''Buffer Overflows on .Net and Asp.Net''' 30m - One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).
*** '''0wning Vista's userland - The CAS / UAC missed opportunity , and what I think MS should had done''' - In this presentation Dinis will explore the missed opportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small difference, ideas and solutions for the future will also be presented.
** by '''Ivan Ristic''':
*** '''ModSecurity''' - 30m

* '''Schedule''':
** 6pm - 7pm arrive and grab a drink
** 7:00 - '''OWASP, the Open Web Application Security Project''', Dinis Cruz
** 7:45 - '''ModSecurity''', Ivan Ristic
** 8:15 - '''Buffer Overflows on .Net and Asp.Net''', Dinis Cruz
** 8:50 - 0wning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done, Dinis Cruz
** 9:00 - Dinner (TBD)

*''' Thursday 22nd March'''
** Presentations:
*** Dinis Cruz on more OWASP's World - 30m
*** [[Mark O'Neill]] "Security Vulnerabilities in AJAX and Web 2.0" - 45 m
*** Dan: 'Hacking Tailand' - 30m

London

2007-03-01T10:59:31Z

Dmunge: /* Local News */

{{Chapter Template|chaptername=London|extra=The chapter leader is [[user:Dinis.cruz| Dinis Cruz]] (since Jan 2007)|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-london|emailarchives=http://lists.owasp.org/pipermail/owasp-london}}

== Local News ==

The next two Owasp-London events will be:

* '''Thursday 22nd February'''
** Location: The Water Poet Pub, Liverpool St, London [http://www.beerintheevening.com/cgi-bin/map_link.cgi?id=17986&type=8 map] , [http://www.beerintheevening.com/pubs/s/17/17986/Water_Poet/Shoreditch description]
** We are going to use the downstairs room which you can access from the back of the pub
* '''Presentations''':
** by '''Dinis Cruz (Chief OWASP Evangelist)''' :
*** '''OWASP, the Open Web Application Security Project''' 30m - The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.
*** '''Buffer Overflows on .Net and Asp.Net''' 30m - One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).
*** '''0wning Vista's userland - The CAS / UAC missed opportunity , and what I think MS should had done''' - In this presentation Dinis will explore the missed opportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small difference, ideas and solutions for the future will also be presented.
** by '''Ivan Ristic''':
*** '''ModSecurity''' - 30m

* '''Schedule''':
** 6pm - 7pm arrive and grab a drink
** 7:00 - '''OWASP, the Open Web Application Security Project''', Dinis Cruz
** 7:45 - '''ModSecurity''', Ivan Ristic
** 8:15 - '''Buffer Overflows on .Net and Asp.Net''', Dinis Cruz
** 8:50 - 0wning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done, Dinis Cruz
** 9:00 - Dinner (TBD)

*''' Thursday 22nd March'''
** Presentations:
*** Dinis Cruz on more OWASP's World - 30m
*** Mark O'Neill "Security Vulnerabilities in AJAX and Web 2.0" 45 mins
*** Dan: 'Hacking Tailand' - 30m