https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Dr.+Emin+Tatl%C4%B1OWASP - User contributions [en]2026-05-21T09:27:49ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Turkey&diff=196666Turkey2015-06-29T20:32:50Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
<br />
<br />
== Application Security Day, Eskişehir 2015, Conference ==<br />
<br />
Slides to download: [http://www.appsectr.org/?page_id=53 Application Security Day, Eskişehir 2015]<br />
<br />
== Chapter Meeting, İstanbul, 26th May 2014 ==<br />
<br />
== Attendance at Cyber Security Conference, İstanbul, 13 May 2014 ==<br />
[http://www.siberguvenlikkonferansi.org/p/sponsorlar.html Cyber Security Conference 2014]<br />
<br />
== Application Security Day, İstanbul 2013, Conference ==<br />
<br />
[http://www.appsectr.org/2013/ Application Security Day, İstanbul 2013]<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196665Turkey2015-06-29T20:29:11Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
<br />
<br />
== Application Security Day, Eskişehir 2015, Conference ==<br />
<br />
Slides to download: [http://www.appsectr.org/?page_id=53 Application Security Day, Eskişehir 2015]<br />
<br />
== Chapter Meeting, İstanbul, 26th May 2014 ==<br />
<br />
== Attendance at Cyber Security Conference, İstanbul, 13 May 2014 ==<br />
<br />
== Application Security Day, İstanbul 2013, Conference ==<br />
<br />
[http://www.appsectr.org/2013/ Application Security Day, İstanbul 2013]<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196664Turkey2015-06-29T20:23:47Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
<br />
<br />
== Application Security Day, Eskişehir 2015, Conference ==<br />
<br />
Slides to download: [http://www.appsectr.org/?page_id=53 Application Security Day, Eskişehir 2015]<br />
<br />
== Application Security Day, İstanbul 2013, Conference ==<br />
<br />
[http://www.appsectr.org/2013/ Application Security Day, İstanbul 2013]<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196663Turkey2015-06-29T20:22:20Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
<br />
<br />
== Application Security Day, Eskişehir 2015, Conference ==<br />
<br />
[http://www.appsectr.org/?page_id=53 Application Security Day, Eskişehir 2015]<br />
<br />
== Application Security Day, İstanbul 2013, Conference ==<br />
<br />
[http://www.appsectr.org/2013/ Application Security Day, İstanbul 2013]<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196662Turkey2015-06-29T20:21:47Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
<br />
<br />
== Application Security Day, Eskişehir 2015, Conference ==<br />
<br />
[http://www.appsectr.org/?page_id=53 Application Security Day, Eskişehir 2015]<br />
<br />
== Application Security Day, İstanbul 2013, Conference ==<br />
<br />
[http://www.appsectr.org/2013/ Application Security Day, İstanbul 2013]<br />
<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196661Turkey2015-06-29T20:20:49Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
<br />
<br />
== Application Security Day, Eskişehir 2015, Conference ==<br />
<br />
[www.appsectr.org/?page_id=53 Application Security Day, Eskişehir 2015]<br />
<br />
== Application Security Day, İstanbul 2013, Conference ==<br />
<br />
[http://www.appsectr.org/2013/ Application Security Day, İstanbul 2013]<br />
<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196660Turkey2015-06-29T20:15:43Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
Twitter: https://twitter.com/owasptr<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196659Turkey2015-06-29T20:14:15Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
Web Page: http://www.webguvenligi.org<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196658Turkey2015-06-29T19:59:26Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196657Turkey2015-06-29T19:58:05Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<b>Webpage:</b> http://www.webguvenligi.org<br />
<br />
<paypal>Turkey</paypal><br />
<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=196656Turkey2015-06-29T19:56:50Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
Webpage: http://www.webguvenligi.org<br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=189786User:Dr. Emin Tatlı2015-02-17T11:34:21Z<p>Dr. Emin Tatlı: /* Personal & Work */</p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Assist.Prof. at İstanbul Medipol University in Turkey, http://cybersec.medipol.edu.tr<br />
* Studied and worked in Germany between 2001-2013 (Ex-IBM and Ex-Daimler TSS Employee)<br />
* Focusing on penetration testing, security analysis of architectures, secure design and coding trainings, compliance and risk management<br />
* Research Publications @ Scholar: https://scholar.google.com.tr/citations?user=dru7fS0AAAAJ<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
* Speaker at OWASP Turkey Web Application Security Days (http://www.appsectr.org)<br />
<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=189785User:Dr. Emin Tatlı2015-02-17T11:33:50Z<p>Dr. Emin Tatlı: /* Personal & Work */</p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Assist.Prof. at İstanbul Medipol University in Turkey, http://cybersec.medipol.edu.tr<br />
* Studied and worked in Germany between 2001-2013 (Ex-IBM and Ex-Daimler TSS Employee)<br />
* Focusing on penetration testing, security analysis of architectures, secure design and coding trainings, compliance and risk management<br />
* Research Publications: [Google Scholar, https://scholar.google.com.tr/citations?user=dru7fS0AAAAJ&hl=tr]<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
* Speaker at OWASP Turkey Web Application Security Days (http://www.appsectr.org)<br />
<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=189784User:Dr. Emin Tatlı2015-02-17T11:33:11Z<p>Dr. Emin Tatlı: /* Personal & Work */</p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Assist.Prof. at İstanbul Medipol University in Turkey, http://cybersec.medipol.edu.tr<br />
* Studied and worked in Germany between 2001-2013 (Ex-IBM and Ex-Daimler TSS Employee)<br />
* Focusing on penetration testing, security analysis of architectures, secure design and coding trainings, compliance and risk management<br />
* Research Publications: [Google Scholar][https://scholar.google.com.tr/citations?user=dru7fS0AAAAJ&hl=tr]<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
* Speaker at OWASP Turkey Web Application Security Days (http://www.appsectr.org)<br />
<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=189783User:Dr. Emin Tatlı2015-02-17T11:31:07Z<p>Dr. Emin Tatlı: /* Personal & Work */</p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Assist.Prof. at İstanbul Medipol University in Turkey, http://cybersec.medipol.edu.tr<br />
* Studied and worked in Germany between 2001-2013 (Ex-IBM and Ex-Daimler TSS Employee)<br />
* Focusing on penetration testing, security analysis of architectures, secure design and coding trainings, compliance and risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
* Speaker at OWASP Turkey Web Application Security Days (http://www.appsectr.org)<br />
<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=189782User:Dr. Emin Tatlı2015-02-17T11:28:25Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design and coding trainings, compliance and risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
* Speaker at OWASP Turkey Web Application Security Days (http://www.appsectr.org)<br />
<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Category:OWASP_Application_Security_Verification_Standard_Project&diff=189781Category:OWASP Application Security Verification Standard Project2015-02-17T11:25:27Z<p>Dr. Emin Tatlı: /* Acknowledgements */</p>
<hr />
<div>= Home =<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|2400x160px|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is ASVS? ==<br />
<br />
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls.<br />
<br />
The primary aim of the '''OWASP Application Security Verification Standard (ASVS) Project''' is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind: <br />
<br />
*'''Use as a metric''' - Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications, <br />
*'''Use as guidance''' - Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and <br />
*'''Use during procurement''' - Provide a basis for specifying application security verification requirements in contracts.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Email List ==<br />
<br />
[[Image:Asvs-bulb.jpg]] [https://lists.owasp.org/mailman/listinfo/owasp-application-security-verification-standard Project Email List]<br />
<br />
== Project Leaders ==<br />
<br />
Sahba Kazerooni<br/><br />
Daniel Cuthbert<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[Image:Asvs-satellite.jpg]]'''OWASP Resources''' <br />
<br />
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten] <br />
*[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide] <br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://www.owasp.org/images/5/58/OWASP_ASVS_Version_2.pdf Download] the standard in English.<br />
<br />
== News and Events ==<br />
* [11 Aug 2014] Version 2.0 released!<br />
* [28 Mar 2014] List of contributors added<br />
* [27 Mar 2014] New wiki template!<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Downloads =<br />
<br />
'''Application Security Verification Standard 2.0 (final)'''<br />
<br />
* ASVS 2.0 in English ([[Media:OWASP_ASVS_Version_2.pdf|download PDF - 1.6 MB]])<br />
* ASVS 2.0 in English ([[Media:OWASP_ASVS_Version_2.docx|download Word - 1.0MB]])<br />
<br />
We are looking for translators for this version. If you can help us, please contact the project mail list!<br />
<br />
'''Contributed'''<br />
* Simple English Excel Reporting ([[Media:Asvs_v2_items.xlsx|download Excel - 50KB]])<br />
* Simple French Excel Reporting ([[Media:Asvs_v2_items_fr.xlsx|download Excel - 35KB]])<br />
<br />
= Acknowledgements =<br />
<br />
== Volunteers ==<br />
<br />
=== Version 2 (2014) ===<br />
<br />
Project leaders<br />
*Sahba Kazerooni<br />
*Daniel Cuthbert<br />
<br />
Lead authors<br />
*Andrew van der Stock<br />
*Sahba Kazerooni<br />
*Daniel Cuthbert<br />
*Krishna Raja<br />
<br />
Other reviewers and contributors<br />
*Jerome Athias<br />
*Boy Baukema<br />
*Archangel Cuison<br />
*Sebastien.Deleersnyder<br />
*Antonio Fontes<br />
*Evan Gaustad<br />
*Safuat Hamdy<br />
*Ari Kesäniemi<br />
*Scott Luc<br />
*Jim Manico<br />
*Mait Peekma<br />
*Pekka Sillanpää<br />
*Jeff Sergeant<br />
*Etienne Stalmans<br />
*Colin Watson<br />
*Dr. Emin İslam Tatlı<br />
<br />
=== Version 2009 ===<br />
<br />
Project leader<br />
*Mike Boberski<br />
<br />
Lead authors<br />
*Mike Boberski<br />
*Jeff Williams<br />
*Dave Wichers<br />
<br />
Other reviewers and contributors<br />
<br />
Pierre Parrend (OWASP Summer of Code), Andrew van der Stock, Nam Nguyen, John Martin, Gaurang Shah, Theodore Winograd, Stan Wisseman, Barry Boyd, Steve Coyle, Paul Douthit, Ken Huang, Dave Hausladen, Mandeep Khera Scott Matsumoto, John Steven, Stephen de Vries, Dan Cornell, Shouvik Bardhan, Dr. Sarbari Gupta, Eoin Keary, Richard Campbell, Matt Presson, Jeff LoSapio, Liz Fong, George Lawless, Dave van Stein, Terrie Diaz, Ketan Dilipkumar Vyas, Bedirhan Urgun, Dr. Thomas Braun, Colin Watson, Jeremiah Grossman.<br />
<br />
<br />
== OWASP Summer of Code 2008 ==<br />
<br />
The OWASP Foundation sponsored the OWASP Application Security Verification Standard Project during the OWASP Summer of Code 2008.<br />
<br />
= Glossary =<br />
<br />
[[Image:Asvs-letters.jpg]]'''ASVS Terminology''' <br />
<br />
*'''Access Control''' – A means of restricting access to files, referenced functions, URLs, and data based on the identity of users and/or groups to which they belong. <br />
*'''Application Component''' – An individual or group of source files, libraries, and/or executables, as defined by the verifier for a particular application. <br />
*'''Application Security''' – Application-level security focuses on the analysis of components that comprise the application layer of the Open Systems Interconnection Reference Model (OSI Model), rather than focusing on for example the underlying operating system or connected networks. <br />
*'''Application Security Verification''' – The technical assessment of an application against the OWASP ASVS. <br />
*'''Application Security Verification Report''' – A report that documents the overall results and supporting analysis produced by the verifier for a particular application. <br />
*'''Application Security Verification Standard (ASVS)''' – An OWASP standard that defines four levels of application security verification for applications. <br />
*'''Authentication''' – The verification of the claimed identity of an application user. <br />
*'''Automated Verification''' – The use of automated tools (either dynamic analysis tools, static analysis tools, or both) that use vulnerability signatures to find problems. <br />
*'''Back Doors''' – A type of malicious code that allows unauthorized access to an application. <br />
*'''Blacklist''' – A list of data or operations that are not permitted, for example a list of characters that are not allowed as input. <br />
*'''Common Criteria (CC)''' – A multipart standard that can be used as the basis for the verification of the design and implementation of security controls in IT products. <br />
*'''Communication Security''' – The protection of application data when it is transmitted between application components, between clients and servers, and between external systems and the application. <br />
*'''Design Verification''' – The technical assessment of the security architecture of an application. <br />
*'''Internal Verification''' – The technical assessment of specific aspects of the security architecture of an application as defined in the OWASP ASVS. <br />
*'''Cryptographic module''' – Hardware, software, and/or firmware that implements cryptographic algorithms and/or generates cryptographic keys. <br />
*'''Denial of Service (DOS) Attacks''' – The flooding of an application with more requests than it can handle. <br />
*'''Dynamic Verification''' – The use of automated tools that use vulnerability signatures to find problems during the execution of an application. <br />
*'''Easter Eggs''' – A type of malicious code that does not run until a specific user input event occurs. <br />
*'''External Systems''' – A server-side application or service that is not part of the application. <br />
*'''FIPS 140-2''' – A standard that can be used as the basis for the verification of the design and implementation of cryptographic modules <br />
*'''Input Validation''' – The canonicalization and validation of untrusted user input. <br />
*'''Malicious Code''' – Code introduced into an application during its development unbeknownst to the application owner which circumvents the application’s intended security policy. Not the same as malware such as a virus or worm! <br />
*'''Malware''' – Executable code that is introduced into an application during runtime without the knowledge of the application user or administrator. <br />
*'''Open Web Application Security Project (OWASP)''' – The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. See: http://www.owasp.org/ <br />
*'''Output Validation''' – The canonicalization and validation of application output to Web browsers and to external systems. <br />
*'''OWASP Enterprise Security API (ESAPI)''' – A free and open collection of all the security methods that developers need to build secure Web applications. See: http://www.owasp.org/index.php/ESAPI <br />
*'''OWASP Risk Rating Methodology''' – A risk rating methodology that has been customized for application security. See: http://www.owasp.org/index.php/How_to_value_the_real_risk <br />
*'''OWASP Testing Guide''' – A document designed to help organizations understand what comprises a testing program, and to help them identify the steps needed to build and operate that testing program. See: http://www.owasp.org/index.php/Category:OWASP_Testing_Project <br />
*'''OWASP Top Ten''' – A document that represents a broad consensus about what the most critical Web application security flaws are. See: http://www.owasp.org/index.php/Top10 <br />
*'''Positive''' – See whitelist. <br />
*'''Salami Attack''' – A type of malicious code that is used to redirect small amounts of money without detection in financial transactions. <br />
*'''Security Architecture''' – An abstraction of an application’s design that identifies and describes where and how security controls are used, and also identifies and describes the location and sensitivity of both user and application data. <br />
*'''Security Control''' – A function or component that performs a security check (e.g. an access control check) or when called results in a security effect (e.g. generating an audit record). <br />
*'''Security Configuration''' – The runtime configuration of an application that affects how security controls are used. <br />
*'''Static Verification''' – The use of automated tools that use vulnerability signatures to find problems in application source code. <br />
*'''Target of Verification (TOV)''' – If you are performing an application security verification according to the OWASP ASVS requirements, the verification will be of a particular application. This application is called the "Target of Verification" or simply the TOV. <br />
*'''Threat Modeling''' - A technique consisting of developing increasingly refined security architectures to identify threat agents, security zones, security controls, and important technical and business assets. <br />
*'''Time Bomb''' – A type of malicious code that does not run until a preconfigured time or date elapses. <br />
*'''Verifier''' - The person or team that is reviewing an application against the OWASP ASVS requirements. <br />
*'''Whitelist''' – A list of permitted data or operations, for example a list of characters that are allowed to perform input validation.<br />
<br />
= ASVS Users =<br />
[[Image:Asvs-handshake.JPG]]<br />
<br />
A broad range of companies and agencies around the globe have added ASVS to their software assurance tool boxes, including [http://www.aspectsecurity.com Aspect Security], [http://www.astyran.com Astyran], [http://www.boozallen.com Booz Allen Hamilton], [http://casabasecurity.com Casaba Security], [http://www.cgi.com/web/en/industries/governments/us_federal/services_solutions.htm CGI Federal], [http://denimgroup.com Denim Group], [http://etebaran.com Etebaran Informatics], [http://www.mindedsecurity.com Minded Security], [http://www.nixu.com Nixu], [http://www.pstestware.com/ ps_testware], [http://www.proactiverisk.com Proactive Risk], [http://quince.co.uk Quince Associates Limited (SeeMyData)], [http://www.serpro.gov.br/ Serviço Federal de Processamento de Dados (SERPRO)], [http://www.udistrital.edu.co/ Universidad Distrital Francisco José de Caldas] Organizations listed are not accredited by OWASP. Neither their products or services have been endorsed by OWASP. Use of ASVS may include for example providing verification services using the standard. Use of ASVS may also include for example performing internal evaluation of products with the OWASP ASVS in mind, and NOT making any claims of meeting any given level in the standard. Please let us know how your organization is using OWASP ASVS. Include your name, organization's name, and brief description of how you use the standard. The project lead can be reached [mailto:sahba@securitycompass.com here].<br />
<br />
= Precedents-Interpretations =<br />
<br />
'''PI-0001: Are there levels between the levels?''' <br />
<br />
*Issue: Are there levels between the levels for the cases where "The specification for an application may require OWASP ASVS Level N, but it could also include other additional detailed requirements such as from a higher ASVS level"? <br />
*Resolution: No. Use of alternate level definitions or notations such as "ASVS Level 1B+" is discouraged. <br />
*References: ASVS section "Application Security Verification Levels"<br />
<br />
'''PI-0002: Is use of a master key simply another level of indirection?''' <br />
<br />
*Issue: If a master key is stored as plaintext, isn't using a master key simply another level of indirection? <br />
*Resolution: No. There is a strong rationale for having a "master key" stored in a secure location that is used to encrypt all other secrets. In many applications, there are lots of secrets stored in many different locations. This greatly increases the likelihood that one of them will be compromised. Having a single master key makes managing the protection considerably simpler and is not simply a level of indirection. <br />
*References: ASVS verification requirement V2.14<br />
<br />
'''PI-0003: What is a "TOV" or "Target of Verification"?''' <br />
<br />
*Issue: New terminology <br />
*Resolution: If you are performing an application security verification according to ASVS, the verification will be of a particular application. This application is called the "Target of Verification" or simply the TOV. The TOV should be identified in verification documentation as follows: <br />
**TOV Identification – &lt;name and version of the application&gt; or &lt;Application name&gt;, &lt;application version&gt;, dynamic testing was performed in a staging environment, not the production environment <br />
**TOV Developer – &lt;insert name of the developer or verification customer&gt; <br />
*References: ASVS section "Approach"<br />
<br />
= Internationalization =<br />
<br />
[[Image:Asvs-writing.JPG]]<br />
<br />
The ASVS project is always on the lookout for volunteers who are interested in translating ASVS into another language. <br />
<br />
[http://owasp-project-management.googlecode.com/svn/trunk/documentation/asvs-translating.pdf Translation Onboarding Instructions]<br />
<br />
= Archive - Previous Version =<br />
<br />
'''*Please note that ASVS is currently on version 2.0. The information on this page is for archival purposes only.*'''<br />
<br />
[[Image:Asvs-step1.jpg]]'1. About ASVS 1.0' <br />
<br />
*Video presentation in English [https://www.youtube.com/watch?v=Ba6ncpIfaJA (YouTube)] <br />
*ASVS vs. WASC et al [http://www.owasp.org/index.php/ASVS_vs_WASC_Et_Al (Wiki)]<br />
<br />
[[Image:Asvs-step2.jpg]]'2. Get ASVS 1.0' <br />
<br />
*ASVS in Bahasa Indonesia (Indonesian language) ([http://owasp-asvs.googlecode.com/files/asvs-webapp-release-2009-id.pdf PDF])<br />
*ASVS in Bahasa Malaysia (Malay) (Currently under development!)<br />
*ASVS in Chinese(Currently under development!) <br />
*ASVS in English ([http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf PDF], [http://www.owasp.org/images/3/35/OWASP_ASVS_2009_Web_App_Std_Release.doc Word], [http://code.google.com/p/owasp-asvs/wiki/ASVS '''Online'''], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-xml.zip XML]) <br />
*ASVS in French ([http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-fr.pdf PDF], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-fr.odt OpenOffice]) <br />
*ASVS in German ([http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-de.pdf PDF], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-de.doc Word])<br />
*ASVS in Hungarian (Currently under development!) <br />
*ASVS in Japanese ([http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-jp.pdf PDF], [http://owasp-asvs.googlecode.com/svn/trunk/documentation/asvs-webapp-release-2009-jp.doc Word]) <br />
*ASVS in Persian (Farsi) ([http://abiusx.com/archive/document/OWASP-ASVS-fa-20111115.pdf PDF]) beta 0.7<br />
*ASVS in Polish ([http://owasp-asvs.googlecode.com/files/asvs-webapp-release-2009-pl.pdf PDF])<br />
*ASVS in Portuguese-Brazil ([http://owasp-asvs.googlecode.com/files/asvs-webapp-release-2009-pt-br.pdf PDF])<br />
*ASVS in Spanish (Currently under development!)<br />
*ASVS in Thai (Currently under development!)<br />
<br />
[[Image:Asvs-step3.jpg]]'3. Learn ASVS 1.0' <br />
<br />
*ASVS Article: Getting Started Using ASVS ([http://www.owasp.org/images/f/f8/OWASP_ASVS_Article_-_Getting_Started_Using_ASVS.pdf PDF]) <br />
*ASVS Article: Code Reviews and Other Verification Activities: USELESS Unless Acted Upon IMMEDIATELY [http://www.owasp.org/index.php/Code_Reviews_and_Other_Verification_Activities:_USELESS_Unless_Acted_Upon_IMMEDIATELY (Wiki)] <br />
*ASVS Article: Agile Software Development: Don't Forget EVIL User Stories ([http://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories Wiki]) <br />
*ASVS Article: Man vs. Code ([http://www.owasp.org/index.php/Man_vs._Code Wiki]) <br />
*ASVS Article: Getting started designing for a level of assurance ([http://www.owasp.org/images/0/01/Getting_started_designing_for_a_level_of_assurance.pdf PDF]) <br />
*ASVS Template: Sample verification fee schedule template ([http://www.owasp.org/index.php/Image:Sample_ASVS_Fee_Schedule_Template.xls Excel]) <br />
*ASVS Template: Sample verification report template ([http://www.owasp.org/index.php/Image:Sample_ASVS_Report_Template.doc Word]) <br />
*ASVS Training: An ASVS training presentation ([http://www.owasp.org/index.php/Image:OWASP_AU_Secure_Architecture_and_Coding.ppt PowerPoint]) <br />
*ASVS Presentation: Executive-Level Presentation ([http://www.owasp.org/images/9/99/About_OWASP_ASVS_Executive_Presentation.ppt PowerPoint]) <br />
*ASVS Presentation: Presentation Abstract ([http://www.owasp.org/images/1/10/OWASP_ASVS_Presentation_Abstract.doc Word]) <br />
*Articles [http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#Articles_Below_-_More_About_ASVS_and_Using_It (More About ASVS and Using It)]<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP_Project|Application Security Verification Standard Project]]<br />
[[Category:OWASP_Document]]<br />
[[Category:OWASP_Download]]<br />
[[Category:OWASP_Release_Quality_Document|OWASP Stable Quality Document]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=141611User:Dr. Emin Tatlı2012-12-29T15:35:41Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design and coding trainings, compliance and risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=141610User:Dr. Emin Tatlı2012-12-29T15:31:56Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
=== OWASP Contributions===<br />
* Articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
<br />
* Software/Tools <br />
** Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
** ccrawl - Code Review Tool: [https://code.google.com/p/ccrawl/]<br />
<br />
<br />
<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Category:Europe&diff=140936Category:Europe2012-12-09T19:51:38Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>{{columns-list|3|<br />
;'''[[Armenia]]'''<br />
----<br />
;'''[[Austria]]'''<br />
----<br />
;'''[[Belgium]]'''<br />
----<br />
;'''[[Bulgaria]]'''<br />
----<br />
;'''[[Croatia]]'''<br />
----<br />
;'''[[Cyprus]]'''<br />
----<br />
;'''[[:Category:Czech Republic|Czech Republic]]''':[[Czech Republic]]<br/>[[Prague]]<br />
----<br />
;'''[[Denmark]]'''<br />
----<br />
;'''[[:Category:Finland|Finland]]''':[[Helsinki]]<br />
----<br />
;'''[[France]]'''<br />
----<br />
;'''[[Germany]]'''<br />
----<br />
;'''[[Gibraltar]]'''<br />
----<br />
;'''[[Greece]]'''<br />
----<br />
;'''[[Hungary]]'''<br />
----<br />
;'''[[:Category:Ireland|Ireland]]''':[[Ireland-Limerick|Limerick]]<br/>[[Ireland-Dublin|Dublin]]<br/>[[Galway]]<br />
----<br />
;'''[[:Category:Israel|Israel]]'''<br />
----<br />
;'''[[Italy]]'''<br />
----<br />
;'''[[Latvia]]'''<br />
----<br />
;'''[[Luxembourg]]'''<br />
----<br />
;'''[[Netherlands]]'''<br />
----<br />
;'''[[:Category:Norway|Norway]]''':[[Medlemsmøter 2010]]<br/>[[Norway]]<br />
----<br />
;'''[[Poland]]'''<br />
----<br />
;'''[[Portugal|Portugal]]'''<br />
----<br />
;'''[[Romania]]'''<br />
----<br />
;'''[[Rostov]]'''<br />
----<br />
;'''[[:Category:Russia|Russia]]''':[[Rostov]]<br/>[[Russia]]<br />
----<br />
;'''[[Scotland]]'''<br />
----<br />
;'''[[Serbia]]'''<br />
----<br />
;'''[[Slovakia]]'''<br />
----<br />
;'''[[Slovenia]]'''<br />
----<br />
;'''[[:Category:Spain|Spain]]''':[[Andalucia]]<br/>[[Spain]]<br />
----<br />
;'''[[:Category:Sweden|Sweden]]''':[[Sweden]]<br/>[[Gothenburg]]<br />
----<br />
;'''[[:Category:Switzerland|Switzerland]]''':[[Geneva]]<br/>[[Switzerland]]<br />
----<br />
;'''[[Turkey]]'''<br />
----<br />
;'''[[:Category:Ukraine|Ukraine]]''':[[Lviv]]<br/>[[Ukraine]]<br />
----<br />
;'''[[:Category:United Kingdom|United Kingdom]]''':[[Birmingham]]<br/>[[Bristol]]<br/>[[Cambridge]]<br/>[[East Midlands]]<br/>[[Leeds UK]]<br/>[[London]]<br/>[[Newcastle]]<br/>[[Royal Holloway]]<br/>[[Manchester|Manchester (UK)]]<br/>[[Scotland]]<br/>[[South Wales]]<br />
<br />
}}<br />
<br />
<br />
<noinclude><br />
This [[:Special:Categories|category]] is meant to contain all [[:Category:OWASP Chapter|OWASP Chapters]] in Europe.<br />
<br />
<br />
[[Category:OWASP Chapter]]<br />
</noinclude></div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=140935Turkey2012-12-09T19:49:26Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir], Co-leader is [mailto:urgunb~hotmail.com Bedirhan Urgun]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat], [mailto:denizcev@gmail.com Deniz Cevik]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Turkey]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=Turkey&diff=140934Turkey2012-12-09T19:48:54Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><center>[[File:Owasptr.png]] </center><br />
<br />
<br />
<br />
==== About OWASP/TR ====<br />
<br />
{{Chapter Template|chaptername=Turkey|extra=The chapter leader is [mailto:bunyamindemir~gmail.com Bunyamin Demir], Co-leader is [mailto:urgunb~hotmail.com Bedirhan Urgun]<br />
<br />
Board Members: [mailto:ferruh~mavituna.com Ferruh Mavituna], [mailto:mesut_timur~hotmail.com Mesut Timur], [mailto:contact~onuryilmaz.info Onur Yılmaz], [mailto:emin.tatli@owasp.org Emin Islam Tatli], [mailto:oguzhantopgul@gmail.com Oguzhan TOPGUL], [mailto:sertan@gmail.com Sertan Kolat], [mailto:denizcev@gmail.com Deniz Cevik]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-turkey|emailarchives=http://lists.owasp.org/pipermail/owasp-turkey}}<br />
<br />
<paypal>Turkey</paypal><br />
<br />
== Chapter Brochure ==<br />
<br />
[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].<br />
<br />
== Application Security Day, İstanbul 2012, Conference ==<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!<br />
<br />
== Local News ==<br />
Conference<br />
<br />
[http://www.appsectr.org/ Application Security Day, İstanbul 2012] will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul. <br />
<br />
Published <br />
<br />
[http://www.webguvenligi.org/dokuman/web-uygulama-guvenligi-kontrol-listesi-2012.html Web App Security Check List 2012 in Turkish].<br />
<br />
== Projects/Tools/Translations ==<br />
<br />
Here are some of the projects produced by OWASP/Türkiye;<br />
<br />
* [http://code.google.com/p/droidalert/ DroidAlert] by Bedirhan Urgun<br />
<br />
A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.<br />
<br />
* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun<br />
<br />
Instead of having a structured penetration test report (docx, pdf, html v.b.) from 3rd parties, why not getting them produce a semi-structured report (xml) that is understood well. Chiasma is a Java desktop application producing XML vulnerability report.<br />
<br />
* [http://www.webguvenligi.org/docs/web_uygulama_guvenligi_kontrol_listesi_2010.pdf Web Uygulama Güvenliği Kontrol Listesi 2010- WebAppSec Checklist] by OWASP-Turkey<br />
<br />
A complete set of controls related to security of web applications.<br />
<br />
* [http://code.google.com/p/piknik/ Piknik] by Bedirhan Urgun<br />
<br />
A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work] <br />
<br />
* [http://code.google.com/p/finddomains/ FindDomains] by Mesut Timur<br />
<br />
FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.<br />
<br />
* [http://dergi.webguvenligi.org/ WGT E-Magazine] by OWASP/TR and Onur Yilmaz<br />
<br />
An online web security related magazine in Turkish with a 2 months per-issue period<br />
<br />
* [http://ctf.webguvenligi.org/ CTF contest] by Onur Yilmaz<br />
<br />
A CTF contest where researchers, professionals and hackers can show off their skills in an ethical way <br />
<br />
* [http://code.google.com/p/jarvinen Jarvinen] by Gökhan Alkan & Yusuf Çeri & Bedirhan Urgun<br />
<br />
A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.<br />
<br />
* [http://code.google.com/p/cammp CAMMP] by Gökhan Alkan<br />
<br />
Aims to provide (bash) shell scripts in order to automatize the source code installations of apache (php and modsecurity) and mysql under chroot (for RedHat based systems for now).<br />
<br />
* [http://code.google.com/p/secureimage SecureImage] by Mesut Timur & Bedirhan Urgun & Kerem Küsmezer<br />
<br />
A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; [http://code.google.com/p/psecureimage PSecureImage] for PHP, [http://code.google.com/p/jsecureimage JSecureImage] for Java and [http://www.codeplex.com/owaspturkey/Release/ProjectReleases.aspx?ReleaseId=18008 NSecureImage] for .NET<br />
<br />
* [http://code.google.com/p/securetomcat SecureTomcat] by Bedirhan Urgun & Deniz Çevik & Gökhan Alkan<br />
<br />
A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.<br />
<br />
* [http://code.google.com/p/webekci/ WeBekci] by Bünyamin Demir<br />
<br />
WeBekci is a graphical user end for ModSecurity 2.x web application firewall.<br />
<br />
* [http://www.webguvenligi.org/?page_id=16 Web Security Turkish Translation Project] by [http://www.webguvenligi.org/?page_id=16 great volunteers] & Bedirhan Urgun <br />
<br />
Turkish translations of OWASP guides and other web application security related documents '''over 500 pages''' and counting<br />
<br />
* [http://code.google.com/p/wivet/ WIVET] by Bedirhan Urgun<br />
<br />
A benchmarking project that aims to statistically analyze web link extractors. It provides a good sum of input vectors to any extractor and presents the results. Check out the live app [http://www.webguvenligi.org/wivet/ here].<br />
<br />
* [http://code.google.com/p/sqlibench/ SqliBench] by Mesut Timur & Bedirhan Urgun<br />
<br />
SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. Check out the live app [http://www.webguvenligi.org/sqlibench/web/ here]. The project is sponsored by [http://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP SoC 08].<br />
<br />
* [http://code.google.com/p/msalparser MSALParser] by Bedirhan Urgun<br />
<br />
MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.<br />
<br />
* [http://code.google.com/p/apachelive ApacheLive] by Bedirhan Urgun<br />
<br />
ApacheLive (aka Haydar) project consists of a python script which was aimed to stress Apache web servers (httpd) using Keep-Alive parameters.<br />
<br />
* [http://code.google.com/p/anticsurf AntiCsurf] by Mesut Timur<br />
<br />
For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.<br />
<br />
* [http://code.google.com/p/fm-fsf FM-FSF] by Ferruh Mavituna<br />
<br />
FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.<br />
<br />
* [http://code.google.com/p/msalmobile MSALMobile] & [http://code.google.com/p/msalservice MSALService] by Bedirhan Urgun<br />
<br />
MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See [http://www.webguvenligi.org/software/msalmobile/msalmobile_video.rar a video of MSALMobile in action] on www.webguvenligi.org.<br />
<br />
* [http://www.webguvenligi.org/xsstb/reflected.php XSS TestBed] by Bedirhan Urgun<br />
<br />
A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...<br />
<br />
* [http://www.webguvenligi.org/projeler/wcsa Web.config Security Analyzer] by Mesut Timur<br />
<br />
Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.<br />
<br />
== Translations ==<br />
<br />
Çeviri projesine yardım etmek isteyen arkadaşlar, lütfen [mailto:bunyamindemir@gmail.com bunyamin] veya [mailto:urgunb@hotmail.com bedirhan] ''(proje lideri)'' ile iletişime geçiniz. Şu ana kadar yayınlanan çevirilere [http://www.webguvenligi.org/?page_id=16 buradan] ulaşabilirsiniz. ''You can find Turkish translations of OWASP and other web security related documents [http://www.webguvenligi.org/?page_id=16 here].''<br />
<br />
==== Meetings/Conferences ====<br />
<br />
== OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara ==<br />
<br />
Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.<br />
<br />
Location: ODTÜ Kültür ve Kongre Merkezi, Ankara<br />
<br />
Date: 22 May 2012, Tuesday<br />
<br />
Time: 15:30 – 16:00<br />
<br />
== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==<br />
<br />
Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.<br />
<br />
Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir<br />
<br />
Date: 7 April 2012 Saturday<br />
<br />
Time: 14:00 – 14:45<br />
<br />
== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==<br />
<br />
Bünyamin Demir of OWASP/TR will give a presentation titled as "<br />
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.<br />
<br />
Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul<br />
<br />
Date: 31 March 2012 Saturday<br />
<br />
Time: 10:00 – 13:00<br />
<br />
Location 1: 1. Salon<br />
Location 2: Toplantı Salonu<br />
<br />
== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==<br />
<br />
Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].<br />
<br />
Location: Yeditepe University, 26 Agustos Yerlesimi, Salon 2<br />
<br />
Date: 14 October 2011, Friday<br />
<br />
Time: 15:00 – 15:45<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Bahçeşehir Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Bahçeşehir Üniversitesi, Beşiktaş Kampüsü, D-404 Salonu<br />
<br />
Date: 10 Mart 2010 Çarşamba<br />
<br />
Time: 18.30 – 19.30<br />
<br />
== OWASP/TR Introductory Meetings and Seminar @ Işık Üniversitesi, March 2010 ==<br />
<br />
[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around. <br />
<br />
Location: Işık Üniversitesi, Şile Kampüsü<br />
Registration: http://bilisimgunleri.isikun.edu.tr<br />
Date: 8 Mart 2010 Pazartesi<br />
Time: 15.00 - 16.00<br />
<br />
== OWASP/TR Meeting in Turkcell Akademi with OISF Team, February 2010 ==<br />
<br />
With 7 [http://www.openinfosecfoundation.org OISF] members we had our 23 February meeting. Brian [http://vimeo.com/9825055 talked about ModSecurity] and Victor & Will [http://vimeo.com/9825622 talked about Suricata ].<br />
<br />
As always, check out the photos on [http://www.flickr.com/photos/webguvenligi flickr-webguvenligi]!!<br />
<br />
Thanks to our sponsor for this meeting [http://www.guvenlikegitimleri.com GuvenlikEgitimleri.Com]<br />
<br />
== OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009 ==<br />
<br />
We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.<br />
<br />
Presenter: [http://www.shibumidojo.org/ Kubilay Onur Güngör]<br />
<br />
Date: Tuesday, December 29, 2009 <br />
<br />
Time: 12:00pm - 1:30pm <br />
<br />
Location: İstanbul Kültür Üniersitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu<br />
<br />
== October 11, 2009 OWASP/TR on the Green Field ==<br />
<br />
Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.<br />
<br />
== Artifacts - OWASP-Turkey Meeting in September 26, 2009 ==<br />
<br />
30 people gathered for the OWASP/TR meeting. Here's the [http://www.webguvenligi.org/docs/26_Eylul_OWASPTR_Bulusma.ppt agenda of the meeting]. Moreover, Ibrahim Saruhan gave a [http://www.webguvenligi.org/docs/Facebook_Twitter_Botnets.ppt presentation] on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.<br />
<br />
See the [http://www.flickr.com/webguvenligi/ pictures] and listen to the DimDim [http://recp.dimdim.com/view/dimdim/1a9400f2-fbdb-102c-9515-003048642bd7 recording].<br />
<br />
== September 26 Meeting ==<br />
<br />
A regular meeting for anyone interested in web/software security. It will take place in Istanbul, Taksim at 14:00, on 26 September. <br />
<br />
== Artifacts - 06 May/13 May 2009 OWASP-TR Talks in Kocaeli & Gazi Universities ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Onur Yılmaz at "Information Techonology Days" in [http://www.kocaeli.edu.tr/ Kocaeli University] and [http://www.gazi.edu.tr/ Gazi University], [http://www.webguvenligi.org/docs/kocaeli09owasptr.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/docs/gaziuni09owasptr.ppt Basic Web App Security Presentation] respectively. <br />
<br />
Pictures are on [http://www.flickr.com/photos/webguvenligi flicker] as always.<br />
<br />
== Web Application Security Talk in Gazi University, 13 May 2009 ==<br />
<br />
We'll be giving a talk in "Information Days" event at Gazi University about code/sql injection attack vectors and prevention techniques on 13th (Wednesday) of May 2009, between 10:30-11:20. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/web-uygulamalari-guvenligi-sunumu-gazi-universitesi.html here]<br />
<br />
== OWASP-TR Seminar in Kocaeli University, 06 May 2009 ==<br />
<br />
We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30. <br />
<br />
Reach out the details [http://www.webguvenligi.org/haberler/owasp-tr-ve-wgt-semineri-kocaeli-universitesi.html here]<br />
<br />
== Artifacts - March 19 2009 OWASP-TR Talk in Sakarya University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Gökhan Alkan at "Information Techonology Days" in [http://www.sau.edu.tr/ Sakarya University], [http://www.webguvenligi.org/sau_bilisim_gunleri09/sakarya_bilisim_gunleri.ppt OWASP-TR & WebGoat Presentation] and [http://www.webguvenligi.org/sau_bilisim_gunleri09/Recel_Krallagindan_Webe.ppt Jarvinen Presentation] respectively. We'd like to thank [http://www.bilisimk.sau.edu.tr/ Sakarya Universitesi Bilişim Kulubü] for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi pictures] taken during the day.<br />
<br />
== Talk in Information Techonology Days '09 in Sakarya University ==<br />
<br />
We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in [http://www.sau.edu.tr/ Sakarya University] on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.<br />
<br />
== Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
We had close to 35 people gathered. Here's the [http://www.webguvenligi.org/docs/WGT_OWASP-TR_08_Mart_2009_Bulusmasi_Ajanda.pptx agenda of the meeting]. Moreover, Fatih Emiral gave a [http://www.webguvenligi.org/docs/Yazilim_Guvenligi.ppt presentation] comparing three main Software Security models. Thanks everyone for participating.<br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fifth OWASP-Turkey Meeting in March 08, 2009 ==<br />
<br />
A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday. <br />
Here's the map for the [http://www.gencgirisimciler.org/bpi.asp?caid=161&cid=17 meeting place]<br />
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)<br />
<br />
== Artifacts - Web Security Days Kocaeli December 2008 ==<br />
<br />
With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.<br />
<br />
Presentations & SlideShows & Photos:<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_intro.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_owasptr_wgt.ppt WGT/OWASPTR] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_www.ppt WWW Introduction] - Uğur Yıldız<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_csrf.ppt CSRF] - Yusuf Çeri<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_graphics.ppt Graphic Attacks] - Mesut Timur <br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_chroot.ppt Secure Web Production Environments] - Gökhan Alkan<br />
* [http://www.flickr.com/webguvenligi/ Pictures] - Bedirhan & Bünyamin<br />
* [http://www.webguvenligi.org/docs/kocaeli/wgg4_slideshow.ppt OWASP Top 10 Slide Show] - Bedirhan Urgun<br />
<br />
== Next Event - 4th Web Security Days Kocaeli - December 23 (Turkey 2008) ==<br />
<br />
This event will be the fourth of "Web Security Days" and will take place on 23rd of December 2008 in Kocaeli. The agenda of the event is [http://www.owasp.org/index.php/4th_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
Here's the [http://www.webguvenligi.org/wp-content/uploads/2008/10/WGT&OWASP-TR_18_Ekim_2008_Bulusmasi_Ajanda.ppt agenda of the meeting]. We also had two small discussion and presentation of a simple demo overview of recent clickjacking vulnerability and [http://www.webguvenligi.org/wp-content/uploads/2008/10/sqlibench-presentation.ppt sqlibench SoC 2008 OWASP project]. Thanks everyone for participating.<br />
<br />
Moreover, all of the OWASP sent books (~30)/pens(~15) were distributed freely! <br />
<br />
For the photos take a look at [http://www.flickr.com/photos/webguvenligi/ here].<br />
<br />
== Fourth OWASP-Turkey Meeting in October 18, 2008 ==<br />
<br />
A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun) <br />
<br />
== Artifacts - June 21 2008 OWASP-TR Talk in "Free Software Conference" ==<br />
<br />
Here is the presentation given by Mesut Timur and keynote submitted at [http://konferans.linux.org.tr/ "Free Software Conference"] in [http://www.etu.edu.tr/ TOBB University of Economics and Technology]; <br />
[http://www.webguvenligi.org/wp-content/uploads/2008/06/owasp_wgt_lkd_21062008.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/06/webguvenligi_bildiri_lkd_21062008.pdf Web Security and Free Software Keynote] (in Turkish) respectively.<br />
<br />
== Talk in Free Software Conference in Ankara ==<br />
<br />
We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in [http://www.etu.edu.tr/ TOBB University of Economics and Technology] on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey. <br />
<br />
The Day will start at 09:30 and our talk, which will be presented by [http://www.h-labs.org Mesut Timur], will be between 15.00-15.30. You can skim the programme [http://konferans.linux.org.tr/etkinlik-programi/ here].<br />
<br />
== Artifacts - April 19 2008 OWASP-TR Talk in Yildiz Technical University ==<br />
<br />
Here are the presentations given by Bünyamin Demir and Yusuf Çeri at "Open Source Code Day" in [http://www.yildiz.edu.tr/english Yildiz Technical University], [http://www.webguvenligi.org/wp-content/uploads/2008/04/owasp-wgt-ytu-19nisan08.ppt OWASP-TR Presentation] and [http://www.webguvenligi.org/wp-content/uploads/2008/04/sqlmapdemo-wgt-ytu-19nisan08.ppt SqlDemo Presentation] respectively. We'd like to thank YTÜ Bilişim Kulubü for inviting us.<br />
<br />
And never the least, here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604620396950/ pictures] taken during the day.<br />
<br />
== Talk in Open Source Code Day in Yildiz Technical University ==<br />
<br />
We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in [http://www.yildiz.edu.tr/english Yildiz Technical University] on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo. <br />
<br />
The Day will start at 09:30 and our talk will be the last one before the noon. <br />
<br />
== Artifacts - March 09 2008 Meeting ==<br />
<br />
It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the [http://www.flickr.com/photos/webguvenligi/sets/72157604077351886/ pictures] taken during the meeting.<br />
<br />
== March 09 Meeting ==<br />
<br />
A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the [http://www.flickr.com/photos/jrogivue/21918611/ Bosphorus]! <br />
<br />
== Artifacts - Web Security Days Ankara & İzmir November 2007 ==<br />
<br />
Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.<br />
<br />
Presentations & Code & Photos:<br />
* [http://www.webguvenligi.org/docs/ankara/init_ankara.ppt Giris] - Bedirhan Urgun<br />
* [http://www.webguvenligi.org/docs/ankara/wgt.ppt WGT Giris] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/ulakcsirt.pdf ULAK-CSIRT Giris] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/ankara/burak_sc.ppt Yazılım Geliştirme Sürecinde Güvenlik Testleri] - Burak Dayıoğlu<br />
* [http://www.webguvenligi.org/docs/izmir/enis_web.ppt Kurumsal Web Güvenliği Yapısı] - Enis Karaarslan<br />
* [http://www.webguvenligi.org/docs/izmir/tahsin_did.ppt Uygulamalarda Katmanlı Güvenlik Anlayışı] - Tahsin Türköz<br />
* [http://www.webguvenligi.org/docs/izmir/oguzhan_php.ppt PHP ve Güvenli Kodlama] - Oğuzhan Yalçın<br />
* [http://www.webguvenligi.org/docs/ankara/bunyamin_pl.ppt Perl'de Guvenlik Modulu] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/izmir/security_pm.rar Perl'de Guvenlik Modulu - Kod] - Bünyamin Demir<br />
* [http://www.webguvenligi.org/docs/ankara/bedirhan_js.ppt Web 2.0 Savunma Dili: Javascript] - Bedirhan Urgun<br />
* [http://www.flickr.com/photos/webguvenligi/sets/72157603311164597/ Photos] - Bedirhan & Bünyamin<br />
<br />
== Next Event - 3rd Web Security Days İzmir - November 26 (Turkey 2007) ==<br />
<br />
This event will be the third of "Web Security Days" and will take place on 26th of November 2007 in İzmir. The agenda of the event is [https://www.owasp.org/index.php/3rd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Next Event - 2nd Web Security Days Ankara - November 24 (Turkey 2007) ==<br />
<br />
This event will be the second of "Web Security Days" and will take place on 24th of November 2007 in Ankara. <br />
The agenda of the event is [https://www.owasp.org/index.php/2nd_Web_Security_Days_OWASP_Turkey here].<br />
<br />
== Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
Presentations:<br />
<br />
* [https://www.owasp.org/images/6/66/OWASP_DAY_TR.sub.ppt Turkish Subtitle] for [http://www.owasp.org/downloads/OWASP_Day.wmv Jeff's OWASP Day Intro movie] (delete .ppt extension)<br />
* [https://www.owasp.org/images/b/bc/OWASP2007_KamudaPrivacy.ppt OWASP2007_KamudaPrivacy.ppt]<br />
* [https://www.owasp.org/images/4/4b/Guvenli_Web_Uygulamalarinin_Gelistirilmesi2.ppt Guvenli_Web_Uygulamalarinin_Gelistirilmesi.ppt] <br />
<br />
Discussion Answers:<br />
<br />
Q1.<br />
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? <br />
<br />
A1.<br />
During the meeting an effort was made to clarify the meaning of privacy;<br />
- what are the key items that builds up to "privacy"?<br />
- are we talking about the privacy of real people or should we also include the privacy of legal entities?<br />
- is there really a solid line (or even a vague line) between confidentiality and privacy?<br />
We defined privacy as confidentiality of the data; be it of a real person or a legal entity.<br />
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism. <br />
<br />
Enough of these convulsions;<br />
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.<br />
<br />
Q2.<br />
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?<br />
<br />
A2.<br />
Most of the participants agreed that a law is a necessity.<br />
But, maybe, more important thing is to raise the awareness of the customers.<br />
Here we also had a discussion on the current status of the law on privacy? There are mainly three <br />
documents on privacy in Turkish law;<br />
* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)<br />
* a draft law on privacy from Department of Justice, which is still in the process of approval<br />
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the <br />
European Parliament and of the Council" on the data retention. This law, however, still needs a few<br />
directives, which are about to be published.<br />
<br />
Q3.<br />
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?<br />
<br />
A3.<br />
As a first step there should be an "agreement" presented to the user by the application side.<br />
This wouldn't be enough so there should be regular inspections (a third eye) on these services.<br />
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer<br />
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts<br />
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is<br />
a domain serving, founded by the victims of online banking crimes in Turkey.<br />
<br />
Q4.<br />
What should OWASP be focusing on?<br />
<br />
A4.<br />
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui <br />
on small programming tips to avoid security holes in web applications.<br />
<br />
And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.<br />
<br />
Q5.<br />
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)<br />
<br />
A5.<br />
Some suggestions;<br />
. Printed booklets of Guide and Testing Guide. <br />
. OWASP CD with shiny labels<br />
. I'm afraid to say but... t-shirts<br />
<br />
Q6.<br />
Should OWASP organize such 'OWASP Weeks' every quarter?<br />
<br />
A6.<br />
OWASP should organize these events every 6 months or so :)<br />
<br />
== Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007) ==<br />
<br />
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event ([http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days]) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.<br />
<br />
Here's the "still in process" agenda:<br />
<br />
* 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects<br />
<br />
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.<br />
<br />
Bedirhan URGUN, Bunyamin DEMİR<br />
<br />
* 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis<br />
<br />
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.<br />
<br />
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.<br />
<br />
Hayrettin BAHŞİ<br />
Chief Researcher CC Lab-UEKAE TUBITAK<br />
<br />
* 15:00 - 15:50 Secure Web Application Development<br />
<br />
Korhan GÜRLER<br />
Chief Researcher PRO-G<br />
<br />
* 15:00 - 16:00 A Panel on Privacy in Turkey <br />
<br />
OWASP-Turkey Members<br />
<br />
== Last Event - 1st Web Security Days - July 14 (Turkey 2007) ==<br />
<br />
First of the [http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey Web Security Days] has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.<br />
<br />
<br />
[http://www.owasp.org/index.php/1st_Web_Security_Days_OWASP_Turkey For details...]<br />
<br />
== Last Meetings ==<br />
<br />
'''Sunday 6 May 2007'''<br><br />
'''Time:''' 11:15-12:30<BR><br />
<br />
'''Address''' to the meeting are:<br />
<br />
[http://www.metu.edu.tr Middle East Technical University]<br/><br />
Ankara-Turkey<br/><br />
<br/><br />
<br />
'''Presentation'''<br><br />
<br />
Web Application Security with ModSecurity and OWASP<br />
<br />
<br />
__NOTOC__ <br />
<br />
<headertabs/><br />
<br />
[[Category:Germany]] [[Category:Europe]]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=AppSecEU2013&diff=140901AppSecEU20132012-12-09T12:25:12Z<p>Dr. Emin Tatlı: </p>
<hr />
<div><br />
<!-- please no headertabs!! --><br />
<br />
=== Welcome ===<br />
<br />
{| style="width: 100%;"<br />
|-<br />
| style="width: 100%; color: rgb(0, 0, 0);" | <br />
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"<br />
|-<br />
| style="width: 95%; color: rgb(0, 0, 0);" | <br />
<br />
We are pleased to announce that the [http://www.owasp.org/index.php/Germany German OWASP Chapter] will host the OWASP AppSec Europe Research 2013 global conference in beautiful [http://en.wikipedia.org/wiki/Hamburg Hamburg], Germany from August 20-23. Hamburg is basically the [http://travel.nytimes.com/2012/01/22/travel/36-hours-hamburg-germany.html sleepy beauty] of Germany, in the very north of it.<br />
<br><br />
<br />
The AppSec Europe 2013 conference will be a premier gathering of Information Security leaders, also the AppSec Europe 2013 is going to have a Research part.<br />
<br />
Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals. <br />
<br />
On the research side OWASPs AppSecEU Research will give you an excellent chance to present your cutting edge research, including a paper for the proceedings.<br />
<br />
The conference will be held from August 20-23, 2013 at the [http://www.emporio-hamburg.de Emporio Hamburg]. It' [https://maps.google.de/maps?q=emporio+hamburg&hl=en&sll=53.561418,10.01215&sspn=0.043996,0.082397&hq=emporio+hamburg&t=m&z=15 centrally located in the city of Hamburg] with a splendid [http://www.emporio-hamburg.de/uploads/tx_templavoila/09_20101026-_mg_8051_hdr_02.jpg view] over Binnen-, Aussenalster and River Elbe. <br />
<br />
<br><br />
<br />
=== Teams ===<br />
<br />
==== Conference Orga ====<br />
Dirk Wetter (Chair) <br/><br />
Kai Jendrian (Co-Chair) <br/><br />
Birgit Bernskötter (External) <br/><br />
Boris Hemkemeier <br/><br />
Achim Hoffmann <br/><br />
Ingo Hanke <br/><br />
Martin Johns <br/><br />
Tobias Glemser <br/><br />
Sebastien Deleersnyder <br/><br />
Sarah Baso <br/><br />
<br />
<br />
==== Program Committee (to be completed) ====<br />
<br />
<!-- Hannes Federath (Research) <br/> --><br />
John Wilander (Research + Industry) <br/><br />
Sebastian Schinzel (Research + Industry) <br/><br />
Achim Hoffmann <br/><br />
Boris Hemkemeier <br/><br />
Diniz Cruz <br/><br />
Emin Tatli <br /><br />
<br />
Martin Johns <br/><br />
Dirk Wetter <br/><br />
<br />
<br />
<br />
<br/><br />
;Twitter: <br />
[https://twitter.com/#!/search/OWASP_de Twitter: @OWASP_de]<br />
(at a certain time we'll take over the appseceu account)</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135791User:Dr. Emin Tatlı2012-09-13T17:56:35Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Involved with OWASP since 2005<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
=== OWASP Contributions===<br />
* Written articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=German_OWASP_Day_2012/CfP&diff=135790German OWASP Day 2012/CfP2012-09-13T17:55:13Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>{|<br />
|<br />
__NOTOC__<br />
<!-- das TOC ist doppelt FIXME --><br />
<br />
[[Category:OWASP_AppSec_Conference]] [[Category:Germany]] [[Category:Europe]] [[Category:German OWASP Day]]<br />
<br />
Die deutsche Sektion des Open Web Application Security Project (OWASP) richtet die zum fünften Mal eine deutsche OWASP-Konferenz aus: den German OWASP Day. Das German OWASP Chapter ruft für die diesjährige Konferenz auch wieder einen Call for Presentations (CfP) aus. Die Konferenz richtet sich primär an ein deutschsprachiges Publikum; die Konferenzsprache ist Deutsch, Vorträge in Englisch sind auch willkommen. Der German OWASP Day 2012 ist eine klassische Security-Konferenz, mit Fachvorträgen zu sicherer Entwicklung, Betrieb, Test und Managment im Umfeld von webbasierten Anwendungen bietet. Auch fachübergreifende, nicht-technische Themen sind willkommen. Bitte keine Marketingvorträge.<br />
|<br />
The German Chapter of the Open Web Application Security Project (OWASP) is again organizing a German OWASP Conference, for the 5th time this year: the German OWASP Day. <br />
<br />
There is a call for presentations (CfP), see below for details. The target group consists of German speaking people, and correspondingly the conference language is German, but English presentations are welcome as well. The German OWASP Day is a true security conference, with expected talks and presentations on secure software development, usage, test and management, all around web based applications. Non-technical talks are welcome as well. Please refrain from submitting plain marketing pitches.<br />
|-<br />
|<br />
== Fachliches ==<br />
<br />
Für Vortragsvorschläge bitten wir um eine Kurzzusammenfassung oder eine Vorabversion des Vortrags. Die Zusammenfassung sollte nicht weniger als 500 (maximal: 4000) Zeichen lang sein, damit das Programmkomitee eine gute Entscheidungsgrundlage hat. (Bitte auf Orthographie achten, da die Zusammenfassung so wie sie ist ggf. im Programm erscheint). Die gilt ebenso für die obligatorische Kurzbiographie (150-800 Zeichen). Die Präsentationen werden voraussichtlich 40 Minuten dauern, plus 5 Minuten Diskussion. <br />
<br />
Erwünscht sind alle Themen mit Bezug zu Webapplikationssicherheit und OWASP, insbesondere: <br />
<br />
*Praxisrelevante technische Vorträge<br />
*Sichere Webanwendungen in der Cloud <br />
*Mobile Security<br />
*Browser-Sicherheit<br />
*HTML5 Security<br />
*Sicherheit bei Web Services (REST, XML)<br />
*Sichere / Sicherheit bei Development Frameworks <br />
*Security-Awareness und Education<br />
*Vulnerability analysis und Application Security Testing: Code Review, Pentest, SCA<br />
*Secure Development Lifecycle <br />
*OWASP in Ihrem Unternehmen, Ihrer Hochschule etc.<br />
*Anwendungssicherheit bei Outsourcing- und Offshoring-Projekten <br />
*Anwendungssicherheit und Metriken <br />
*Datenschutz bei Webanwendungen<br />
*Neues zu OWASP-Projekten/Standards/Tools<br />
<br />
Abhängig von der Anzahl eingehender Vorträge bieten wir ein oder zwei Tracks an. Folien der Vorträge werden unter der freien [[OWASP Licenses#Licensing_of_OWASP_Website_Content|OWASP Lizenz]] auf der Konferenzwebseite veröffentlicht. Daher muss spätestens bei Annahme des Beitrags durch das Programmkomitee das [[Speaker Agreement|OWASP Speaker Agreement]] ohne Änderung akzeptiert und unterschrieben werden. Das Speaker Agreements sieht vor, dass die Standardfoliensätze von OWASP verwendet werden ([[Media:OWASP_Presentation_template.ppt|PPT]], [[Media:OWASP_Presentation_template.pptx|PPTX]], [[Media:OWASP_Presentation_template.odp|ODF/OpenOffice]]). <br />
<br />
Kosten (für Reise und Unterkunft) können wir leider nicht übernehmen. <br />
<br />
'''Alle Teilnehmer sowie Vortragende sind herzlich eingeladen zur Abendveranstaltung am 6.11.2012.''' <br />
|<br />
== CfP in detail ==<br />
<br />
To submit a proposal, please submit online (LINK) an abstract of the presentation (500 to 4000 chararters) and a brief biography (150 to 800 characters). The planned presentation time is 40 minutes (excl. 5 minutes for discussion). You can also attach a preliminary version of your presentation. (Please watch out for mistakes as we take your abstract and publish it 1:1 together with our program).<br />
<br />
We are interested in all topics related to Web Application Security and OWASP, in particular:<br />
<br />
*Technical presentations related to (security) operations<br />
*Frameworks and best practices for secure development<br />
*Mobile Security<br />
*Cloud Security, specifically secure Cloud Apps<br />
*Browser Security<br />
*HTML5 Security<br />
*Privacy in Web Applications and Web Services (REST, XML)<br />
*Secure Development Lifecycle<br />
*Metrics for application security<br />
*Privacy protection in web based apps<br />
*Security awareness programs for developers, testers, architects and project owners<br />
*Security management for applications in the corporate environment<br />
*Application security in Outsourcing and Offshoring projects<br />
*Field reports from corporations regarding the institution of Web Application Security processes, internal and external auditing etc.<br />
*OWASP in your workplace, university, etc.<br />
<br />
Depending on the number of submissions we will offer either one or two tracks. All presentations will be published on the conference website under the OWSAP license. Therefore all speakers must accept and sign the OWASP Speaker Agreement without changes prior to the conference. It requires that you use one of the following templates: ([[Media:OWASP_Presentation_template.ppt|PPT]], [[Media:OWASP_Presentation_template.pptx|PPTX]], [[Media:OWASP_Presentation_template.odp|ODF/OpenOffice]]). <br />
<br />
Unfortunately we can't cover any travel expenses or costs for accomodations.<br />
<br />
'''Participants and speakers are all warmly invited to attend the evening program on November 6, 2012'''.<br />
<br />
|-<br />
|<br />
== Programmkomitee ==<br />
<br />
*Boris Hemkemeier <br />
*Martin Johns (koordinierend)<br />
*[[User:Kai Jendrian|Kai Jendrian]]<br />
*Holger Junker<br />
*Sachar Paulus<br />
*Michael Schaefer<br />
*[[User:Dr._Emin_Tatlı|Emin Tatli]]<br />
*[[User:Dirk_Wetter|Dirk Wetter]] (koordinierend)<br />
<br />
|<br />
== Program Committee ==<br />
<br />
*Boris Hemkemeier <br />
*Martin Johns (coordinating)<br />
*[[User:Kai Jendrian|Kai Jendrian]]<br />
*Holger Junker<br />
*Sachar Paulus<br />
*Michael Schaefer<br />
*[[User:Dr._Emin_Tatlı|Emin Tatli]]<br />
*[[User:Dirk_Wetter|Dirk Wetter]] (coordinating)<br />
|-<br />
|<br />
<br />
== Termine / Einreichung ==<br />
<br />
*Einreichungen ausschließlich online bis zum ''15.8.2012'' über https://www.easychair.org/conferences/?conf=owaspger12 . <br />
*Bitte geben sie alle vortragsrelevanten Informationen an (siehe Call for Presentations oben): <br />
** Abstract<br />
** Bio<br />
** Länge<br />
** ggf. Foliensätze <br />
*Benachrichtigung der Einreicher 29.8.2012 (+1 Woche)<br />
*Programm online: 1.9.2012 (+1 Woche)<br />
*Einreichung prefinaler Foliensätze: 22.10.2012<br />
*Konferenz: 7.11.2012<br />
|<br />
== Deadlines ==<br />
<br />
*Submissions no later than '''August 15, 2012''' only online via https://www.easychair.org/conferences/?conf=owaspger12 <br />
*Please read and follow the requirements above: Abstract, bio, length and maybe slides!<br />
*Notification of acceptance by August 29, 2012 (delay: one week)<br />
*Program to be online: September 1, 2012 (delay: one week)<br />
*Prefinal submission of the slides by October 22, 2012<br />
*Conference: November 7, 2012<br />
|}<br />
<br />
<br></div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=German_OWASP_Day_2012/CfP&diff=135789German OWASP Day 2012/CfP2012-09-13T17:53:35Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>{|<br />
|<br />
__NOTOC__<br />
<!-- das TOC ist doppelt FIXME --><br />
<br />
[[Category:OWASP_AppSec_Conference]] [[Category:Germany]] [[Category:Europe]] [[Category:German OWASP Day]]<br />
<br />
Die deutsche Sektion des Open Web Application Security Project (OWASP) richtet die zum fünften Mal eine deutsche OWASP-Konferenz aus: den German OWASP Day. Das German OWASP Chapter ruft für die diesjährige Konferenz auch wieder einen Call for Presentations (CfP) aus. Die Konferenz richtet sich primär an ein deutschsprachiges Publikum; die Konferenzsprache ist Deutsch, Vorträge in Englisch sind auch willkommen. Der German OWASP Day 2012 ist eine klassische Security-Konferenz, mit Fachvorträgen zu sicherer Entwicklung, Betrieb, Test und Managment im Umfeld von webbasierten Anwendungen bietet. Auch fachübergreifende, nicht-technische Themen sind willkommen. Bitte keine Marketingvorträge.<br />
|<br />
The German Chapter of the Open Web Application Security Project (OWASP) is again organizing a German OWASP Conference, for the 5th time this year: the German OWASP Day. <br />
<br />
There is a call for presentations (CfP), see below for details. The target group consists of German speaking people, and correspondingly the conference language is German, but English presentations are welcome as well. The German OWASP Day is a true security conference, with expected talks and presentations on secure software development, usage, test and management, all around web based applications. Non-technical talks are welcome as well. Please refrain from submitting plain marketing pitches.<br />
|-<br />
|<br />
== Fachliches ==<br />
<br />
Für Vortragsvorschläge bitten wir um eine Kurzzusammenfassung oder eine Vorabversion des Vortrags. Die Zusammenfassung sollte nicht weniger als 500 (maximal: 4000) Zeichen lang sein, damit das Programmkomitee eine gute Entscheidungsgrundlage hat. (Bitte auf Orthographie achten, da die Zusammenfassung so wie sie ist ggf. im Programm erscheint). Die gilt ebenso für die obligatorische Kurzbiographie (150-800 Zeichen). Die Präsentationen werden voraussichtlich 40 Minuten dauern, plus 5 Minuten Diskussion. <br />
<br />
Erwünscht sind alle Themen mit Bezug zu Webapplikationssicherheit und OWASP, insbesondere: <br />
<br />
*Praxisrelevante technische Vorträge<br />
*Sichere Webanwendungen in der Cloud <br />
*Mobile Security<br />
*Browser-Sicherheit<br />
*HTML5 Security<br />
*Sicherheit bei Web Services (REST, XML)<br />
*Sichere / Sicherheit bei Development Frameworks <br />
*Security-Awareness und Education<br />
*Vulnerability analysis und Application Security Testing: Code Review, Pentest, SCA<br />
*Secure Development Lifecycle <br />
*OWASP in Ihrem Unternehmen, Ihrer Hochschule etc.<br />
*Anwendungssicherheit bei Outsourcing- und Offshoring-Projekten <br />
*Anwendungssicherheit und Metriken <br />
*Datenschutz bei Webanwendungen<br />
*Neues zu OWASP-Projekten/Standards/Tools<br />
<br />
Abhängig von der Anzahl eingehender Vorträge bieten wir ein oder zwei Tracks an. Folien der Vorträge werden unter der freien [[OWASP Licenses#Licensing_of_OWASP_Website_Content|OWASP Lizenz]] auf der Konferenzwebseite veröffentlicht. Daher muss spätestens bei Annahme des Beitrags durch das Programmkomitee das [[Speaker Agreement|OWASP Speaker Agreement]] ohne Änderung akzeptiert und unterschrieben werden. Das Speaker Agreements sieht vor, dass die Standardfoliensätze von OWASP verwendet werden ([[Media:OWASP_Presentation_template.ppt|PPT]], [[Media:OWASP_Presentation_template.pptx|PPTX]], [[Media:OWASP_Presentation_template.odp|ODF/OpenOffice]]). <br />
<br />
Kosten (für Reise und Unterkunft) können wir leider nicht übernehmen. <br />
<br />
'''Alle Teilnehmer sowie Vortragende sind herzlich eingeladen zur Abendveranstaltung am 6.11.2012.''' <br />
|<br />
== CfP in detail ==<br />
<br />
To submit a proposal, please submit online (LINK) an abstract of the presentation (500 to 4000 chararters) and a brief biography (150 to 800 characters). The planned presentation time is 40 minutes (excl. 5 minutes for discussion). You can also attach a preliminary version of your presentation. (Please watch out for mistakes as we take your abstract and publish it 1:1 together with our program).<br />
<br />
We are interested in all topics related to Web Application Security and OWASP, in particular:<br />
<br />
*Technical presentations related to (security) operations<br />
*Frameworks and best practices for secure development<br />
*Mobile Security<br />
*Cloud Security, specifically secure Cloud Apps<br />
*Browser Security<br />
*HTML5 Security<br />
*Privacy in Web Applications and Web Services (REST, XML)<br />
*Secure Development Lifecycle<br />
*Metrics for application security<br />
*Privacy protection in web based apps<br />
*Security awareness programs for developers, testers, architects and project owners<br />
*Security management for applications in the corporate environment<br />
*Application security in Outsourcing and Offshoring projects<br />
*Field reports from corporations regarding the institution of Web Application Security processes, internal and external auditing etc.<br />
*OWASP in your workplace, university, etc.<br />
<br />
Depending on the number of submissions we will offer either one or two tracks. All presentations will be published on the conference website under the OWSAP license. Therefore all speakers must accept and sign the OWASP Speaker Agreement without changes prior to the conference. It requires that you use one of the following templates: ([[Media:OWASP_Presentation_template.ppt|PPT]], [[Media:OWASP_Presentation_template.pptx|PPTX]], [[Media:OWASP_Presentation_template.odp|ODF/OpenOffice]]). <br />
<br />
Unfortunately we can't cover any travel expenses or costs for accomodations.<br />
<br />
'''Participants and speakers are all warmly invited to attend the evening program on November 6, 2012'''.<br />
<br />
|-<br />
|<br />
== Programmkomitee ==<br />
<br />
*Boris Hemkemeier <br />
*Martin Johns (koordinierend)<br />
*[[User:Kai Jendrian|Kai Jendrian]]<br />
*Holger Junker<br />
*Sachar Paulus<br />
*Michael Schaefer<br />
*[[User:DrEminTatli|Emin Tatli]]Emin Tatlı<br />
*[[User:Dirk_Wetter|Dirk Wetter]] (koordinierend)<br />
<br />
|<br />
== Program Committee ==<br />
<br />
*Boris Hemkemeier <br />
*Martin Johns (coordinating)<br />
*[[User:Kai Jendrian|Kai Jendrian]]<br />
*Holger Junker<br />
*Sachar Paulus<br />
*Michael Schaefer<br />
*Emin Tatlı<br />
*[[User:Dirk_Wetter|Dirk Wetter]] (coordinating)<br />
|-<br />
|<br />
<br />
== Termine / Einreichung ==<br />
<br />
*Einreichungen ausschließlich online bis zum ''15.8.2012'' über https://www.easychair.org/conferences/?conf=owaspger12 . <br />
*Bitte geben sie alle vortragsrelevanten Informationen an (siehe Call for Presentations oben): <br />
** Abstract<br />
** Bio<br />
** Länge<br />
** ggf. Foliensätze <br />
*Benachrichtigung der Einreicher 29.8.2012 (+1 Woche)<br />
*Programm online: 1.9.2012 (+1 Woche)<br />
*Einreichung prefinaler Foliensätze: 22.10.2012<br />
*Konferenz: 7.11.2012<br />
|<br />
== Deadlines ==<br />
<br />
*Submissions no later than '''August 15, 2012''' only online via https://www.easychair.org/conferences/?conf=owaspger12 <br />
*Please read and follow the requirements above: Abstract, bio, length and maybe slides!<br />
*Notification of acceptance by August 29, 2012 (delay: one week)<br />
*Program to be online: September 1, 2012 (delay: one week)<br />
*Prefinal submission of the slides by October 22, 2012<br />
*Conference: November 7, 2012<br />
|}<br />
<br />
<br></div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135747User:Dr. Emin Tatlı2012-09-13T16:45:12Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* Organisation and Program Committee of OWASP Conferences in Germany and Turkey<br />
=== OWASP Contributions===<br />
* Written articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135745User:Dr. Emin Tatlı2012-09-13T16:44:00Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* OWASP German Conferences, Program Committee and more<br />
<br />
=== OWASP Contributions===<br />
* Written articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with OpenSAMM] (in Turkish)<br />
** OWASP Guidelines and Tools for Secure SDLC (in German)<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135744User:Dr. Emin Tatlı2012-09-13T16:42:10Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* OWASP German Conferences, Program Committee and more<br />
<br />
=== OWASP Contributions===<br />
* Written articles about OWASP projects <br />
** [http://www.architectingsecurity.com/wp-content/uploads/papers/SAMM-Tatli-Ocak11.pdf Secure Application Development with SAMM] (in Turkish)<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135743User:Dr. Emin Tatlı2012-09-13T16:39:47Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* OWASP German Conferences, Program Committee and more<br />
<br />
=== OWASP Contributions===<br />
* Written articles about OWASP projects <br />
** <br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135742User:Dr. Emin Tatlı2012-09-13T16:37:45Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Since 2010 Board Member of [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of [[Germany|German Chapter]]<br />
* OWASP German Conferences, Program Committee and more<br />
<br />
=== OWASP Contributions===<br />
<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135741User:Dr. Emin Tatlı2012-09-13T16:36:36Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Since 2010 Board Member of Turkey Chapter [[Turkey|Turkey Chapter]]<br />
* Since 2012 Board Member of German Chapter [[Germany|German Chapter]]<br />
* OWASP German Conferences, Program Committee and more<br />
<br />
=== OWASP Contributions===<br />
<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135740User:Dr. Emin Tatlı2012-09-13T16:33:01Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/ wasclist]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: [https://twitter.com/eitatli @eitatli]</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135739User:Dr. Emin Tatlı2012-09-13T16:31:36Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
=== OWASP Activities ===<br />
<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/]<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org <br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: @eitatli</div>Dr. Emin Tatlıhttps://wiki.owasp.org/index.php?title=User:Dr._Emin_Tatl%C4%B1&diff=135738User:Dr. Emin Tatlı2012-09-13T16:30:04Z<p>Dr. Emin Tatlı: </p>
<hr />
<div>=== Personal & Work ===<br />
<br />
* Born in Turkey & Living since 2001 in Germany<br />
* Ex-IBMer and working now as Security Architect and Researcher by Daimler TSS<br />
* Focusing on penetration testing, security analysis of architectures, secure design&coding trainings, risk management<br />
<br />
<br />
=== OWASP Activities ===<br />
<br />
* Managing OWASP-Turkey's Web Application Security Check List project: [http://code.google.com/p/wasclist/]<br />
<br />
<br />
=== Contact ===<br />
* Blog: [http://www.architectingsecurity.com]<br />
* E-mail: emin.tatli @ owasp dot org<br />
* [http://www.linkedin.com/in/tatli LinkedIn]<br />
* Twitter: @eitatli</div>Dr. Emin Tatlı