OWASP - User contributions [en]

File:VulnerabilityManagementInAnApplicaitonSecurityWorld OWASPDallas 20090225.pdf

2009-02-27T16:04:12Z

Marliehuizar:

Dallas

2009-02-16T16:41:30Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=Dallas|extra=The chapter leader is [mailto:jdsmith@owasp.org JD Smith ]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}
<paypal>Dallas Chapter</paypal>
==Local News ==

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group

Date: February 25, 2009 11:30am – 1:30pm

Location:
UTD Campus - Galaxy Room of the Student Union, Room SU 2.602
Doors open at 11:00 am.

Abstract:

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP: OWASP.DFW.RSVP@denimgroup.com

[[Dallas_OWASP_Flyer.pdf‎]]

File:Dallas OWASP Flyer.pdf

2009-02-16T16:31:13Z

Marliehuizar:

Dallas

2009-02-11T23:23:14Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=Dallas|extra=The chapter leader is [mailto:jdsmith@owasp.org JD Smith ]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}
<paypal>Dallas Chapter</paypal>
== Local News ==

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group

Date: February 25, 2009 11:30am – 1:30pm

Location:
UTD Campus - Galaxy Room of the Student Union, Room SU 2.602
Doors open at 11:00 am.

Abstract:

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP: OWASP.DFW.RSVP@denimgroup.com

File:VulnerabilityManagementInAnApplicaitonSecurityWorld OWASPSanAntonio 20090129.pdf

2009-01-30T20:31:02Z

Marliehuizar:

Dallas

2009-01-27T16:53:01Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=Dallas|extra=The chapter leader is [mailto:jdsmith@owasp.org JD Smith ]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}
<paypal>Dallas Chapter</paypal>
== Local News ==

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group

Date: February 25, 2009 11:30am – 1:30pm

Location:
UTD Campus - Galaxy Room of the Student Union, Room SU 2.602
Doors open at 11:00 am.

Abstract:

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP: Will be updated shortly.

Dallas

2009-01-27T16:52:26Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=Dallas|extra=The chapter leader is [mailto:jdsmith@owasp.org JD Smith ]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}
<paypal>Dallas Chapter</paypal>
== Local News ==

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group
Date: February 25, 2009 11:30am – 1:30pm

Location:
UTD Campus - Galaxy Room of the Student Union, Room SU 2.602
Doors open at 11:00 am.

Abstract:

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP: Will be updated shortly.

Dallas

2009-01-27T16:46:29Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=Dallas|extra=The chapter leader is [mailto:jdsmith@owasp.org JD Smith ]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}
<paypal>Dallas Chapter</paypal>
== Local News ==

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group Date: February 25, 2009 11:30am – 1:30pm

Location:
UTD Campus - Galaxy Room of the Student Union, Room SU 2.602
Doors open at 11:00 am.

Abstract:Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP: Will be updated shortly.

Dallas

2009-01-27T16:32:33Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=Dallas|extra=The chapter leader is [mailto:jdsmith@owasp.org JD Smith ]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}
<paypal>Dallas Chapter</paypal>
== Local News ==

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group Date: February 25, 2009 11:30am – 1:30pm

Location:
UTD Campus - Galaxy Room of the Student Union, Room SU 2.602
Doors open at 11:00 am.

Abstract:Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP:

San Antonio

2009-01-27T14:37:52Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: January 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group
Date: January 29, 2009 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities.
This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio October 2008 meeting available online here:
http://www.owasp.org/index.php/San_Antonio

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

San Antonio

2008-11-14T14:46:34Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: November 2008 Meeting

Topic: "Who do you want to mash with? Trust infrastructures for Internet mashups."

Presenter: Ravi Ganesan,Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA
Date: November 17,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:This talk is in two parts:

Part 1: The University of Texas at San Antonio is announcing a new technology incubator focused on commercializing security and privacy technologies. Highlights about the incubator and how to submit a proposal will be described.

Part 2: Mashups are emerging as a very important web application architecture paradigm. Developers (or even the users themselves) can assemble a uber app that mashes data and code from myriad sources. This talk will first explore the emerging world of mashups and highlight the security problems that are raised, and motivate the need for a mashup trust infrastructure. It will then describe MashSSL a technology that can be used to solve several of the security problems of mashups.

Presenter Bio:

Ravi Ganesan is Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA where he heads up the ICS Incubator. His prior experience spans: running large complex IT operations as Vice President - Distributed Operations at Verizon Communications, leading the design, development and operations of leading edge payment systems as Vice Chair and CTO of CheckFree Corporation, and founding and running a successful start up in the security space during his tenure as Chief Executive Officer of TriCipher, Inc. He also has several publications and patents. Ravi has a Ph.D. in Computer Science from The Johns Hopkins University, Baltimore, MD, USA. You can learn more than you probably want to know about Ravi at www.findravi.com.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio October 2008 meeting available online here:
http://www.owasp.org/index.php/San_Antonio

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

File:Ensuring System Security Using Data Flow Analysis.pdf

2008-11-10T16:08:37Z

Marliehuizar: San Antonio OWASP Meeting. Presented by Jeremy Price, Southwest Research Institute

San Antonio OWASP Meeting.
Presented by Jeremy Price, Southwest Research Institute

San Antonio

2008-11-04T23:25:10Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: November 2008 Meeting

Topic: "Who do you want to mash with? Trust infrastructures for Internet mashups."

Presenter: Ravi Ganesan,Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA
Date: November 17,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:This talk is in two parts:

Part 1: The University of Texas at San Antonio is announcing a new technology incubator focused on commercializing security and privacy technologies. Highlights about the incubator and how to submit a proposal will be described.

Part 2: Mashups are emerging as a very important web application architecture paradigm. Developers (or even the users themselves) can assemble a uber app that mashes data and code from myriad sources. This talk will first explore the emerging world of mashups and highlight the security problems that are raised, and motivate the need for a mashup trust infrastructure. It will then describe MashSSL a technology that can be used to solve several of the security problems of mashups.

Presenter Bio:

Ravi Ganesan is Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA where he heads up the ICS Incubator. His prior experience spans: running large complex IT operations as Vice President - Distributed Operations at Verizon Communications, leading the design, development and operations of leading edge payment systems as Vice Chair and CTO of CheckFree Corporation, and founding and running a successful start up in the security space during his tenure as Chief Executive Officer of TriCipher, Inc. He also has several publications and patents. Ravi has a Ph.D. in Computer Science from The Johns Hopkins University, Baltimore, MD, USA. You can learn more than you probably want to know about Ravi at www.findravi.com.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

San Antonio

2008-11-04T23:11:01Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: November 2008 Meeting

Topic: "Who do you want to mash with? Trust infrastructures for Internet mashups."

Presenter: Ravi Ganesan,Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA
Date: November 17,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:This talk is in two parts:

Part 1: The University of Texas at San Antonio is announcing a new technology incubator focused on commercializing security and privacy technologies. Highlights about the incubator and how to submit a proposal will be described.

Part 2: Mashups are emerging as a very important web application architecture paradigm. Developers (or even the user themselves) can assemble a uber app that mashes data and code from myriad sources. This talk will first explore the emerging world of mashups and highlight the security problems that are raised, and motivate the need for a mashup trust infrastructure. It will then describe MashSSL a technology that can be used to solve several of the security problems of mashups.

Presenter Bio:

Ravi Ganesan is Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA where he heads up the ICS Incubator. His prior experience spans: running large complex IT operations as Vice President - Distributed Operations at Verizon Communications, leading the design, development and operations of leading edge payment systems as Vice Chair and CTO of CheckFree Corporation, and founding and running a successful start up in the security space during his tenure as Chief Executive Officer of TriCipher, Inc. He also has several publications and patents. Ravi has a Ph.D. in Computer Science from The Johns Hopkins University, Baltimore, MD, USA. You can learn more than you probably want to know about Ravi at www.findravi.com.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

San Antonio

2008-11-04T19:47:53Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: November 2008 Meeting

Topic: "Who do you want to mash with? Trust infrastructures for Internet mashups."

Presenter: Ravi Ganesan,Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA
Date: November 17,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:This talk is in two parts:

Part 1: The University of Texas at San Antonio is announcing a new technology incubator focussed on commercializing security and privacy technologies. Highlights about the incubator and how to submit a proposal will be described.

Part 2: Mashups are emerging as a very important web application architecture paradigm. Developers (or even the user themselves) can assemble a uber app that mashes data and code from myriad sources. This talk will first explore the emerging world of mashups and highlight the security problems that are raised, and motivate the need for a mashup trust infrastructure. It will then describe MashSSL a technology that can be used to solve several of the security problems of mashups.

Presenter Bio:

Ravi Ganesan is Research Professor and Director of Commercialization at the Institute of Cyber Security at UTSA where he heads up the ICS Incubator. His prior experience spans: running large complex IT operations as Vice President - Distributed Operations at Verizon Communications, leading the design, development and operations of leading edge payment systems as Vice Chair and CTO of CheckFree Corporation, and founding and running a successful start up in the security space during his tenure as Chief Executive Officer of TriCipher, Inc. He also has several publications and patents. Ravi has a Ph.D. in Computer Science from The Johns Hopkins University, Baltimore, MD, USA. You can learn more than you probably want to know about Ravi at www.findravi.com.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

San Antonio

2008-11-04T19:45:30Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: November 2008 Meeting

Topic: "Who do you want to mash with? Trust infrastructures for Internet mashups."

Presenter: Ravi Ganesan,Reseach Professor and Director of Commercialization at the Institute of Cyber Security at UTSA
Date: November 17,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:This talk is in two parts:

Part 1: The University of Texas at San Antonio is announcing a new technology incubator focussed on commercializing security and privacy technologies. Highlights about the incubator and how to submit a proposal will be described.

Part 2: Mashups are emerging as a very important web application architecture paradigm. Developers (or even the user themselves) can assemble a uber app that mashes data and code from myriad sources. This talk will first explore the emerging world of mashups and highlight the security problems that are raised, and motivate the need for a mashup trust infrastructure. It will then describe MashSSL a technology that can be used to solve several of the security problems of mashups.

Presenter Bio:

Ravi Ganesan is Reseach Professor and Director of Commercialization at the Institute of Cyber Security at UTSA where he heads up the ICS Incubator. His prior experience spans: running large complex IT operations as Vice President - Distributed Operations at Verizon Communications, leading the design, development and operations of leading edge payment systems as Vice Chair and CTO of CheckFree Corporation, and founding and running a successful start up in the security space during his tenure as Chief Executive Officer of TriCipher, Inc. He also has several publications and patents. Ravi has a Ph.D. in Computer Science from The Johns Hopkins University, Baltimore, MD, USA. You can learn more than you probably want to know about Ravi at www.findravi.com.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

San Antonio

2008-10-07T16:23:53Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]
<paypal>San Antonio</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: October 2008 Meeting

Topic: Ensuring System Security Using Data Flow Analysis

Presenter: Jeremy Price, Senior Research Engineer at Southwest Research Institute (SwRI)

Date: October 22,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Ensuring computer system security using user defined policies is a difficult problem. One approach that is currently being researched is the application of system-level data flow analysis to ensure malicious code cannot infiltrate the system.

The data flow analysis involved with ensuring system security needs two levels of granularity: inter-process data flow analysis and intra-process data flow analysis. The University of Texas at Austin Department of Computer Science has created a Dynamic Data Flow Analysis (DDFA) tool that implements intra-process data flow analysis. Purdue University has created a Process Coloring (PC) system that implements the inter-process data flow analysis. Southwest Research Institute is working with both universities to integrate the PC and DDFA technologies to implement the system level data flow analysis solution. This talk will focus on technical details of the two different technologies and will detail example security scenarios that can be solved using these technologies.

Presenter Bio:

Jeremy Price is a Senior Research Engineer at Southwest Research Institute (SwRI). During his nine year tenure at SwRI, Mr. Price has worked on projects as varied as embedded systems, video compression, network data acquisition, and software defined radios. Most recently, Mr. Price has been leading a research effort funded by the Intelligence Advanced Research Projects Activity (IARPA) that focuses on system-level data flow analysis for the purpose of securing computer systems. Mr. Price's real love in the realm of computer engineering is getting his hands dirty working with the digital bits at the embedded system level.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

San Antonio

2008-10-06T15:05:52Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: October 2008 Meeting

Topic: Ensuring System Security Using Data Flow Analysis

Presenter: Price, Senior Research Engineer at Southwest Research Institute (SwRI)

Date: October 22,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Ensuring computer system security using user defined policies is a difficult problem. One approach that is currently being researched is the application of system-level data flow analysis to ensure malicious code cannot infiltrate the system.

The data flow analysis involved with ensuring system security needs two levels of granularity: inter-process data flow analysis and intra-process data flow analysis. The University of Texas at Austin Department of Computer Science has created a Dynamic Data Flow Analysis (DDFA) tool that implements intra-process data flow analysis. Purdue University has created a Process Coloring (PC) system that implements the inter-process data flow analysis. Southwest Research Institute is working with both universities to integrate the PC and DDFA technologies to implement the system level data flow analysis solution. This talk will focus on technical details of the two different technologies and will detail example security scenarios that can be solved using these technologies.

Presenter Bio:

Jeremy Price is a Senior Research Engineer at Southwest Research Institute (SwRI). During his nine year tenure at SwRI, Mr. Price has worked on projects as varied as embedded systems, video compression, network data acquisition, and software defined radios. Most recently, Mr. Price has been leading a research effort funded by the Intelligence Advanced Research Projects Activity (IARPA) that focuses on system-level data flow analysis for the purpose of securing computer systems. Mr. Price's real love in the realm of computer engineering is getting his hands dirty working with the digital bits at the embedded system level.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

File:Django & The OWASP Top 10.pptx

2008-08-29T16:11:23Z

Marliehuizar:

San Antonio

2008-08-21T13:38:41Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: August 2008 Meeting

Topic: Django and the OWASP Top 10

Presenter: Jarret Raim, Team Consultant at Denim Group, LTD.

Date: August 27,2008 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Django is a web application framework for Python that is 'for perfectionists with deadlines'. The presentation this week will start with a short introduction to Django, its goals, architecture and theory. It will then move on to the explicit and implicit security features of the framework and how they relate to the OWASP Top 10. No prior knowledge of Django or Python is required.

Presenter Bio:

Jarret Raim attained his Batchelor's degree in Computer Science from Trinity University here in San Antonio and continued on to get his Master's degree from Lehigh University in Pennsylvania. In addition to doing research in biometric security and honeypot systems, he has worked at Southwest Research Institute on a multiyear enterprise medical application for the government and is now a Team Consultant at Denim Group.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

[[Category:Texas]]

File:Security and Privacy in an Online Vehicle Infrastructure.ppt

2008-07-25T21:17:25Z

Marliehuizar: uploaded a new version of "Image:Security and Privacy in an Online Vehicle Infrastructure.ppt"

File:Security and Privacy in an Online Vehicle Infrastructure.ppt

2008-07-25T21:15:31Z

Marliehuizar:

San Antonio

2008-07-15T20:58:18Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: July 2008 Meeting

Topic: Security and Privacy in an Online Vehicle Infrastructure

Presenter: Erhan J. Kartaltepe, MCPD, Lead Consultant at Denim Group, Ltd.

Date: July 23rd, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Technologies such as GPS, high-speed wireless access, and the federally-funded Vehicle Infrastructure Integration (VII) initiative are used and accepted by corporations and government entities. As businesses and public sector agencies provide more of these web-accessible services to individual consumers, new and familiar security pitfalls abound. This presentation covers current security threats and defenses, as well as recent applied research in securing these multimillion dollar infrastructures.

Presenter Bio:

Erhan J. Kartaltepe is a lead consultant at the Denim Group with over eight years experience in secure software engineering, project management, and technical leadership. He has worked on mobile ad hoc network (MANET) and email security research while at Denim Group, Southwest Research Institute, and the University of Texas at San Antonio.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

San Antonio

2008-07-11T20:52:14Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: June 2008 Meeting

Topic: Security and Privacy in an Online Vehicle Infrastructure

Presenter: Erhan J. Kartaltepe, MCPD, Lead Consultant at Denim Group, Ltd.

Date: July 23rd, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Technologies such as GPS, high-speed wireless access, and the federally-funded Vehicle Infrastructure Integration (VII) initiative are used and accepted by corporations and government entities. As businesses and public sector agencies provide more of these web-accessible services to individual consumers, new and familiar security pitfalls abound. This presentation covers current security threats and defenses, as well as recent applied research in securing these multimillion dollar infrastructures.

Presenter Bio:

Erhan J. Kartaltepe is a lead consultant at the Denim Group with over eight years experience in secure software engineering, project management, and technical leadership. He has worked on mobile ad hoc network (MANET) and email security research while at Denim Group, Southwest Research Institute, and the University of Texas at San Antonio.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

File:TopTenStrategiestoSecureYourCode Howard.pdf

2008-06-26T13:59:18Z

Marliehuizar:

San Antonio

2008-06-17T19:29:43Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: June 2008 Meeting

Topic: Top Ten Strategies to Secure Your Code

Presenter: Michael Howard, Principal Security Program Manager at Microsoft Corp.

Date: June 25th, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Many people think security knowledge is out of their grasp and that such expertise belongs only to the security high-priesthood. First, there is no such thing as a "security high-priesthood"; all software developers should have some security expertise. Second, regardless of the programming languages you use, or the operating systems you deploy on, there are some very simple rules you can follow that will help secure your applications.

Come listen to Michael's thoughts on how to secure code based on his work with thousands of software developers inside and outside Microsoft. There are, of course, plenty of security war stories!

Presenter Bio:

Michael is a software security expert, author of several books and many papers and articles, and a frequent speaker at security-related conferences. He was notably involved in Microsoft's development and implementation of what was termed the "Security Development Lifecycle".
Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].

File:A Sample PHP Implementation of Input Validation.pdf

2008-06-05T19:30:22Z

Marliehuizar:

San Antonio

2008-05-07T15:51:24Z

Marliehuizar: /* Local News */

{{Chapter Template|chaptername=San Antonio|extra=The chapter leader is [mailto:dan@denimgroup.com Dan Cornell]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanantonio|emailarchives=http://lists.owasp.org/pipermail/owasp-sanantonio}}

== Local News ==

San Antonio OWASP Chapter: May 2008 Meeting

Topic: A Sample PHP Implementation of Input Validation

Presenter: Dan Ross

Date: May 28th, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Over half of the OWASP Top Ten are caused by improper input validation. Failure to perform this crucial step is equivalent to malpractice. A sample implementation of input validation is presented using PHP. In addition to being simple to use, these tools also make it difficult to programmers to forget to address this subject.

Also discussed will be:
* Tackling inherited programs which neglected input validation.
* How programs should respond to bad input.
* Stinger, and other open-source tools for other platforms.

Presenter Bio:

Dan Ross has been VP Engineering for 19 years at PIC Business Systems, which provides integrated business software for the several industries. He has led the design, development, and maintenance of many commercial web applications and programs. He has a BS in Industrial Engineering from St. Mary's University in San Antonio.

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp@denimgroup.com or call (210) 572-4400.

----

'''Previous News'''

The slide deck from OWASP San Antonio September 2007 meeting available online here:
[[Image:fortify-bjenkins-AppSecStrategy-20070906.pdf]].

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_09_AgileAndSecure.pdf]].

The slide deck from OWASP San Antonio August 2006 meeting available online here:
[[Image:OWASPSanAntonio_2006_08_SingleSignOn.ppt]].

The slide deck from OWASP San Antonio June 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_06_Crypto_Content.pdf]].

The slide deck from OWASP San Antonio May 2006 meeting available online here: [[Image:OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf]].

The slide deck from OWASP San Antonio September 2004 meeting available online here:
[[Image:OWASPSanAntonio_20040922.pdf]].