OWASP - User contributions [en]

Chicago

2006-12-23T20:17:36Z

Jwitty: /* Next Meeting */

== Welcome to the OWASP Chicago Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

If you have any questions about the Chicago chapter, please send an email to our chapter leaders, [mailto:joe@bernik.net Joe Bernik] or [mailto:jason@wittys.com Jason Witty.]

The Chicago chapter is sponsored by LaSalle Bank[http://www.LaSalleBank.com/]

== Next Meeting ==

The next Quarterly Chicago OWASP Chapter meeting will be held on December 13th, 2006 at 6PM CST. We have a very exciting agenda with two excellent presenters.

We hope to see you at the ABN AMRO Plaza at 540 W. Madison, Downtown Chicago, 23rd floor. Please RSVP to jason{AT}wittys.com by Monday 12/11/2006 if you plan to attend. Your name will need to be entered into the building's security system in order to gain access to the meeting.

'''Agenda:'''

6:00 Refreshments and Networking 
6:30 Welcome message - Joe Bernik & Jason Witty, Lasalle Bank, ABN AMRO North America 
6:40 [http://wittys.com/owasp/OWASP_Chicago_Thomas_Ptacek.pdf]"Webapps in Name Only" - Thomas Ptacek, Matasano Security 
7:20 [http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt]"Token-less strong auth for web apps: A Security Review" - Cory Scott, ABN AMRO 
7:35 Q&A and Networking 

'''[http://wittys.com/owasp/OWASP_Chicago_Thomas_Ptacek.pdf]Webapps In Name Only'''
Thomas Ptacek, Matasano Security

Where modern network architecture meets legacy application design, we get "The Port 80 Problem": vendors wrapping every conceivable network protocol in a series of POSTs and calling them "safe". These "Webapps In Name Only" are a nightmare for application security specialists.

In this talk, we'll discuss, with case studies, how tools from protocol reverse engineering can be brought to bear on web application security, covering the following areas:

- Locating and Decompiling Java and .NET Code
- Structure and Interpretation of Binary Protocols in HTTP
- Protocol Debugging Tools
- Web App Crypto Tricks

'''[http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt]Token-less strong authentication for web applications: A Security Review'''
Cory Scott, ABN AMRO

A short presentation on the threat models and attack vectors for token-less schemes used to reduce the risk of password-only authentication, but yet do not implement "true" two-factor technologies for logistical costs or user acceptance reasons. We'll go over how device fingerprinting and IP geo-location work and discuss the pros and cons of the solutions.
[[Category:OWASP Chapter]]

Chicago

2006-12-16T20:57:11Z

Jwitty: /* Next Meeting */

== Welcome to the OWASP Chicago Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

If you have any questions about the Chicago chapter, please send an email to our chapter leaders, [mailto:joe@bernik.net Joe Bernik] or [mailto:jason@wittys.com Jason Witty.]

The Chicago chapter is sponsored by LaSalle Bank[http://www.LaSalleBank.com/]

== Next Meeting ==

The next Quarterly Chicago OWASP Chapter meeting will be held on December 13th, 2006 at 6PM CST. We have a very exciting agenda with two excellent presenters.

We hope to see you at the ABN AMRO Plaza at 540 W. Madison, Downtown Chicago, 23rd floor. Please RSVP to jason{AT}wittys.com by Monday 12/11/2006 if you plan to attend. Your name will need to be entered into the building's security system in order to gain access to the meeting.

'''Agenda:'''

6:00 Refreshments and Networking 
6:30 Welcome message - Joe Bernik & Jason Witty, Lasalle Bank, ABN AMRO North America 
6:40 "Webapps in Name Only" - Thomas Ptacek, Matasano Security 
7:20 [http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt]"Token-less strong auth for web apps: A Security Review" - Cory Scott, ABN AMRO 
7:35 Q&A and Networking 

'''Webapps In Name Only'''
Thomas Ptacek, Matasano Security

Where modern network architecture meets legacy application design, we get "The Port 80 Problem": vendors wrapping every conceivable network protocol in a series of POSTs and calling them "safe". These "Webapps In Name Only" are a nightmare for application security specialists.

In this talk, we'll discuss, with case studies, how tools from protocol reverse engineering can be brought to bear on web application security, covering the following areas:

- Locating and Decompiling Java and .NET Code
- Structure and Interpretation of Binary Protocols in HTTP
- Protocol Debugging Tools
- Web App Crypto Tricks

'''[http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt]Token-less strong authentication for web applications: A Security Review'''
Cory Scott, ABN AMRO

A short presentation on the threat models and attack vectors for token-less schemes used to reduce the risk of password-only authentication, but yet do not implement "true" two-factor technologies for logistical costs or user acceptance reasons. We'll go over how device fingerprinting and IP geo-location work and discuss the pros and cons of the solutions.
[[Category:OWASP Chapter]]

Chicago

2006-12-16T20:55:24Z

Jwitty: /* Next Meeting */

== Welcome to the OWASP Chicago Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

If you have any questions about the Chicago chapter, please send an email to our chapter leaders, [mailto:joe@bernik.net Joe Bernik] or [mailto:jason@wittys.com Jason Witty.]

The Chicago chapter is sponsored by LaSalle Bank[http://www.LaSalleBank.com/]

== Next Meeting ==

The next Quarterly Chicago OWASP Chapter meeting will be held on December 13th, 2006 at 6PM CST. We have a very exciting agenda with two excellent presenters.

We hope to see you at the ABN AMRO Plaza at 540 W. Madison, Downtown Chicago, 23rd floor. Please RSVP to jason{AT}wittys.com by Monday 12/11/2006 if you plan to attend. Your name will need to be entered into the building's security system in order to gain access to the meeting.

'''Agenda:'''

6:00 Refreshments and Networking 
6:30 Welcome message - Joe Bernik & Jason Witty, Lasalle Bank, ABN AMRO North America 
6:40 "Webapps in Name Only" - Thomas Ptacek, Matasano Security 
7:20 <A HREF="http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt">"Token-less strong auth for web apps: A Security Review"</a> - Cory Scott, ABN AMRO 
7:35 Q&A and Networking 

'''Webapps In Name Only'''
Thomas Ptacek, Matasano Security

Where modern network architecture meets legacy application design, we get "The Port 80 Problem": vendors wrapping every conceivable network protocol in a series of POSTs and calling them "safe". These "Webapps In Name Only" are a nightmare for application security specialists.

In this talk, we'll discuss, with case studies, how tools from protocol reverse engineering can be brought to bear on web application security, covering the following areas:

- Locating and Decompiling Java and .NET Code
- Structure and Interpretation of Binary Protocols in HTTP
- Protocol Debugging Tools
- Web App Crypto Tricks

'''<a href="http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt">Token-less strong authentication for web applications: A Security Review</a>'''
Cory Scott, ABN AMRO

A short presentation on the threat models and attack vectors for token-less schemes used to reduce the risk of password-only authentication, but yet do not implement "true" two-factor technologies for logistical costs or user acceptance reasons. We'll go over how device fingerprinting and IP geo-location work and discuss the pros and cons of the solutions.
[[Category:OWASP Chapter]]

OWASP Community

2006-12-05T02:22:22Z

Jwitty: /* Events */

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events. This page is monitored, and items will be copied to the front page.

Please post new items in chronological order using the following format:

<nowiki>
'''Mon ## (##:00h) - [[Article]]'''
</nowiki>



==Events==

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Dec 18 (18:30h) - [[Rochester|Rochester chapter meeting]]'''

'''Dec 14 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Dec 13 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Dec 12 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Dec 12 (18:00h) - [[Cleveland|Cleveland chapter meeting]]'''

'''Dec 12 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Dec 7 (17:30h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Dec 6 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Dec 6 (18:30h) - [[Boston|Boston chapter meeting]] (cancelled)'''

'''Dec 5 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Nov 21 (11:30h) - [[Austin|Austin chapter meeting]]

'''Nov 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Nov 15 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Nov 14 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Nov 13 (14:30h) - [[Israel|Israeli chapter mini-conference at IDC Herzliya]]'''

'''Nov 11 (10:00h) - [[Switzerland|Kickoff Meeting OWASP Switzerland Local Chapter]]'''

'''Nov 9 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Nov 8 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Nov 6 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Nov 1 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Oct 31 (12:00h) - [[Austin|Austin OWASP chapter]]'''

'''Oct 30 (11:00h) - [[Montgomery|Montgomery chapter meeting]]'''

'''Oct 26 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Oct 24 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Oct 16-18 - [[OWASP AppSec Seattle 2006|OWASP AppSec Seattle 2006 Conference]]'''

'''Oct 16 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Oct 12 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Oct 7 - [[Italy| OWASP Italy at SMAU 06]]'''

'''Oct 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Oct 2 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Sep 29 - [[Italy| OWASP Italy at OpenEXP]]'''

'''Sep 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Sep 27 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Sep 26-27 (08:00h) - [[Manila|OWASP Manila presenting at PhilOSC 2006]]'''

'''Sep 26 (12:00h) - [[Austin|Austin OWASP chapter]]'''

'''Sep 25 (17:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Sep 21 (17:30h) - [[San Francisco|San Francisco chapter meeting]]'''

'''Sep 18 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Sep 14 (18:00h) - [[Brisbane|Brisbane chapter meeting]]'''

'''Sep 14 (18:00h) - [[Belgium|Belgium chapter meeting in Antwerp]]'''

'''Sep 14 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]] (cancelled)'''

'''Sep 12 - [[Edmonton|Edmonton chapter meeting]]'''

'''Sep 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Aug 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Aug 31 (08:00h) - [[Manila|OWASP Manila presentation at UST]]'''

'''Aug 29 (11:30h) - [[Austin|Austin OWASP chapter]]'''

'''Aug 24 (17:30h) - [[Brisbane|Brisbane chapter meeting]]'''

'''Aug 23 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Aug 19 - [[Bangalore|Bangalore chapter meeting]]'''

'''Aug 17 - [[London|London chapter meeting (Central London)]]'''

'''Aug 10 - [[San Jose|San Jose chapter meeting (SJ Hyatt - Airport)]]'''

'''Aug 9 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Aug 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Aug 8 (18:00h) - [[Minneapolis St Paul|Minneapolis / St.Paul chapter meeting]]'''

'''Aug 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Aug 2 (19:30h) - [[OWASP/Blackhat Vegas International Meet-Up]]'''

'''Jul 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jul 27 (12:00h) - [[Austin|Austin OWASP chapter kickoff meeting]]'''

'''Jul 26 (19:15h) - [[Israel|Israel chapter meeting]]'''

'''Jul 19 (12:15h) - [[Hong Kong|Hong Kong chapter meeting]]'''

'''Jul 15 - [[Bangalore|Bangalore chapter meeting]]'''

'''Jul 12 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jul 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Jul 5 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Jun 29 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Jun 26 (15:30h) - [[BostonFinancialDist|Boston financial district chapter meeting]]'''

'''Jun 24 (9:30h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jun 22 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Jun 21 - [[Italy|OWASP presentations at InfoSecurity 2006 (Italy)]]'''

'''Jun 21 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Jun 20 (18:00h) - [[Minneapolis St Paul|Minneapolis/St. Paul chapter meeting]]'''

'''Jun 19 (18:00h) - [[Ottawa|Ottawa chapter meeting]]'''

'''Jun 16 (16:45h) - [[Spain|Spain chapter meeting (Barcelona)]]'''

'''Jun 14-16 - [http://www.nyphpcon.com NY PHP Conference]'''

'''Jun 14 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jun 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Jun 2 (12:00h) - [[Hong Kong|Hong Kong chapter meeting]]'''

'''May 29-31 - [[AppSec Europe 2006|OWASP AppSec 2006 Europe Conference]]'''

Chicago

2006-12-05T02:20:51Z

Jwitty: /* Next Meeting */

== Welcome to the OWASP Chicago Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

If you have any questions about the Chicago chapter, please send an email to our chapter leaders, [mailto:joe@bernik.net Joe Bernik] or [mailto:jason@wittys.com Jason Witty.]

The Chicago chapter is sponsored by LaSalle Bank[http://www.LaSalleBank.com/]

== Next Meeting ==

The next Quarterly Chicago OWASP Chapter meeting will be held on December 13th, 2006 at 6PM CST. We have a very exciting agenda with two excellent presenters.

We hope to see you at the ABN AMRO Plaza at 540 W. Madison, Downtown Chicago, 23rd floor. Please RSVP to jason{AT}wittys.com by Monday 12/11/2006 if you plan to attend. Your name will need to be entered into the building's security system in order to gain access to the meeting.

'''Agenda:'''

6:00 Refreshments and Networking 
6:30 Welcome message - Joe Bernik & Jason Witty, Lasalle Bank, ABN AMRO North America 
6:40 "Webapps in Name Only" - Thomas Ptacek, Matasano Security 
7:20 "Token-less strong auth for web apps: A Security Review" - Cory Scott, ABN AMRO 
7:35 Q&A and Networking 

'''Webapps In Name Only'''
Thomas Ptacek, Matasano Security

Where modern network architecture meets legacy application design, we get "The Port 80 Problem": vendors wrapping every conceivable network protocol in a series of POSTs and calling them "safe". These "Webapps In Name Only" are a nightmare for application security specialists.

In this talk, we'll discuss, with case studies, how tools from protocol reverse engineering can be brought to bear on web application security, covering the following areas:

- Locating and Decompiling Java and .NET Code
- Structure and Interpretation of Binary Protocols in HTTP
- Protocol Debugging Tools
- Web App Crypto Tricks

'''Token-less strong authentication for web applications: A Security Review'''
Cory Scott, ABN AMRO

A short presentation on the threat models and attack vectors for token-less schemes used to reduce the risk of password-only authentication, but yet do not implement "true" two-factor technologies for logistical costs or user acceptance reasons. We'll go over how device fingerprinting and IP geo-location work and discuss the pros and cons of the solutions.
[[Category:OWASP Chapter]]

Chicago

2006-12-05T02:17:06Z

Jwitty: /* Local News */

== Welcome to the OWASP Chicago Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

If you have any questions about the Chicago chapter, please send an email to our chapter leaders, [mailto:joe@bernik.net Joe Bernik] or [mailto:jason@wittys.com Jason Witty.]

The Chicago chapter is sponsored by LaSalle Bank[http://www.LaSalleBank.com/]

== Local News ==

The next Quarterly Chicago OWASP Chapter meeting will be held on December 13th, 2006 at 6PM CST. We have a very exciting agenda with two excellent presenters.

We hope to see you at the ABN AMRO Plaza at 540 W. Madison, Downtown Chicago, 23rd floor. Please RSVP to jason{AT}wittys.com by Monday 12/11/2006 if you plan to attend. Your name will need to be entered into the building's security system in order to gain access to the meeting.

'''Agenda:'''

6:00 Refreshments and Networking 
6:30 Welcome message - Joe Bernik & Jason Witty, Lasalle Bank, ABN AMRO North America 
6:40 "Webapps in Name Only" - Thomas Ptacek, Matasano Security 
7:20 "Token-less strong auth for web apps: A Security Review" - Cory Scott, ABN AMRO 
7:35 Q&A and Networking 

'''Webapps In Name Only'''
Thomas Ptacek, Matasano Security

Where modern network architecture meets legacy application design, we get "The Port 80 Problem": vendors wrapping every conceivable network protocol in a series of POSTs and calling them "safe". These "Webapps In Name Only" are a nightmare for application security specialists.

In this talk, we'll discuss, with case studies, how tools from protocol reverse engineering can be brought to bear on web application security, covering the following areas:

- Locating and Decompiling Java and .NET Code
- Structure and Interpretation of Binary Protocols in HTTP
- Protocol Debugging Tools
- Web App Crypto Tricks

'''Token-less strong authentication for web applications: A Security Review'''
Cory Scott, ABN AMRO

A short presentation on the threat models and attack vectors for token-less schemes used to reduce the risk of password-only authentication, but yet do not implement "true" two-factor technologies for logistical costs or user acceptance reasons. We'll go over how device fingerprinting and IP geo-location work and discuss the pros and cons of the solutions.
[[Category:OWASP Chapter]]

Chicago

2006-10-22T21:15:12Z

Jwitty: /* Local News */

Chicago

2006-10-22T12:01:25Z

Jwitty: /* Local News */

Chicago

2006-10-22T11:59:26Z

Jwitty: /* Welcome to the OWASP Chicago Local Chapter */