OWASP - User contributions [en]

Sacramento

2011-09-21T19:24:45Z

Mike:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:michael.weber35@gmail.com Michael Weber] & [mailto:sheadington@gmail.com Scott Headington].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== Next Meeting September 29th, 2011: Basic Cryptography, Scott Headington, Foundstone Security Consultant ==

In this presentation you will learn the basic principles of cryptography and how use of different cryptographic technologies (symmetric, asymmetric encryption and hashing). Also during this presentation is a discussion of applying these cryptographic technologies using SSL as a case study.

'''Speaker Bio:'''

Scott Headington is a security consultant at McAfee's Foundstone. At Foundstone Scott focuses on providing web application penetration testing, code review, threat modeling and teaches several classes. Scott has many years experience working with application security, prior to joining Foundstone Scott was a software engineer for over 14 years.

'''RSVP:'''

Please sign up at http://www.eventbrite.com/event/2224082290

== Future meetings ==
We always want ideas! Send your request for a meeting topic to a chapter leader or the [http://lists.owasp.org/mailman/listinfo/owasp-sacramento chapter mailing list].

== Past Meetings ==
2011-04-28: Michael Weber, Aspect Security, Cross-Site Request Forgery: Attack and Defense

2011-03-24: HTML 5: Scott Headington, Foundstone, Presented on "New and exciting… for attackers too"

2010-09-30: Roman Hustad conducted a "Threat Modeling Workshop"

2010-06-24: [mailto:michael.weber35@gmail.com Michael Weber] conducted a "SQL Injection Lab"

2010-05-27: Erik Peterson of [http://www.veracode.com Veracode] presented "Automated Web Application Testing - Why we're Doing It Wrong"

2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2011-09-21T19:24:15Z

Mike:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:michael.weber35@gmail.com Michael Weber] & [mailto:sheadington@gmail.com Scott Headington].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== Next meeting September 29th, 2011: Basic Cryptography, Scott Headington, Foundstone Security Consultant ==

In this presentation you will learn the basic principles of cryptography and how use of different cryptographic technologies (symmetric, asymmetric encryption and hashing). Also during this presentation is a discussion of applying these cryptographic technologies using SSL as a case study.

'''Speaker Bio:'''

Scott Headington is a security consultant at McAfee's Foundstone. At Foundstone Scott focuses on providing web application penetration testing, code review, threat modeling and teaches several classes. Scott has many years experience working with application security, prior to joining Foundstone Scott was a software engineer for over 14 years.

'''RSVP:'''

Please sign up at http://www.eventbrite.com/event/2224082290

== Future meetings ==
We always want ideas! Send your request for a meeting topic to a chapter leader or the [http://lists.owasp.org/mailman/listinfo/owasp-sacramento chapter mailing list].

== Past Meetings ==
2011-04-28: Michael Weber, Aspect Security, Cross-Site Request Forgery: Attack and Defense

2011-03-24: HTML 5: Scott Headington, Foundstone, Presented on "New and exciting… for attackers too"

2010-09-30: Roman Hustad conducted a "Threat Modeling Workshop"

2010-06-24: [mailto:michael.weber35@gmail.com Michael Weber] conducted a "SQL Injection Lab"

2010-05-27: Erik Peterson of [http://www.veracode.com Veracode] presented "Automated Web Application Testing - Why we're Doing It Wrong"

2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2011-09-21T18:45:51Z

Mike:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:michael.weber35@gmail.com Michael Weber] & [mailto:sheadington@gmail.com Scott Headington].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== Next meeting September 29th, 2011: Basic Cryptography, Scott Headington, Foundstone Security Consultant ==

In this presentation you will learn the basic principles of cryptography and how use of different cryptographic technologies (symmetric, asymmetric encryption and hashing). Also during this presentation is a discussion of applying these cryptographic technologies using SSL as a case study.

'''Speaker Bio:'''

Scott Headington is a security consultant at McAfee's Foundstone. At Foundstone Scott focuses on providing web application penetration testing, code review, threat modeling and teaches several classes. Scott has many years experience working with application security, prior to joining Foundstone Scott was a software engineer for over 14 years.

'''RSVP:'''

Please sign up at http://www.eventbrite.com/event/2224082290

== Future meetings ==
We always want ideas! Send your request for a meeting topic to a chapter leader or the [http://lists.owasp.org/mailman/listinfo/owasp-sacramento chapter mailing list].

== Past Meetings ==
2011-04-28: HTML 5: Michael Weber, Aspect Security, Cross-Site Request Forgery: Attack and Defense

2011-03-24: HTML 5: Scott Headington, Foundstone, Presented on "New and exciting… for attackers too"

2010-09-30: Roman Hustad conducted a "Threat Modeling Workshop"

2010-06-24: [mailto:michael.weber35@gmail.com Michael Weber] conducted a "SQL Injection Lab"

2010-05-27: Erik Peterson of [http://www.veracode.com Veracode] presented "Automated Web Application Testing - Why we're Doing It Wrong"

2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2011-04-26T23:51:00Z

Mike:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:michael.weber35@gmail.com Michael Weber] & [mailto:sheadington@gmail.com Scott Headington].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== Next meeting April 28th, 2011: Cross-Site Request Forgery: Attack and Defense, Michael Weber, Aspect Security ==

Cross-Site Request Forgery is a deceptively simple attack that has been slowly climbing up the OWASP Top 10 the last few years. During this presentation we will learn how a CSRF attack works, why it is so dangerous and how to prevent CSRF attacks. We will also examine tools for testing for CSRF attacks as well as the OWASP CSRF Guard project.

'''Speaker Bio:'''

Michael Weber is an Application Security Engineer of Aspect Security, a consulting services company specializing in application security, with a focus in web application security and software development. Drawing upon extensive web application development expertise, Mike provides expert guidance to clients in the financial, medical and retail sectors. Michael has performed many security architecture reviews, application code reviews and penetration testing of mission critical applications.

'''RSVP:'''

Please sign up at http://www.eventbrite.com/event/1595487145

== Future meetings ==
We always want ideas! Send your request for a meeting topic to a chapter leader or the [http://lists.owasp.org/mailman/listinfo/owasp-sacramento chapter mailing list].

== Past Meetings ==
2011-03-24: HTML 5: Scott Headington, Foundstone, Presented on "New and exciting… for attackers too"

2010-09-30: Roman Hustad conducted a "Threat Modeling Workshop"

2010-06-24: [mailto:michael.weber35@gmail.com Michael Weber] conducted a "SQL Injection Lab"

2010-05-27: Erik Peterson of [http://www.veracode.com Veracode] presented "Automated Web Application Testing - Why we're Doing It Wrong"

2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2011-03-10T23:27:04Z

Mike:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:michael.weber35@gmail.com Michael Weber] & [mailto:sheadington@gmail.com Scott Headington].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== Next meeting March 24th, 2011: HTML 5: New and exciting… for attackers too, Scott Headington, Foundstone ==

HTML 5 is the next revision of the HTML specification. It promises to integrate audio and video without the need for additional plug-ins, a new and improved tag library and the ability for web applications to work offline by using client side storage. All these exciting new features that have developers ready to move but, HTML 5 also brings along a series of new security concerns at a time when security flaws in web applications are at an all time high. This presentation will cover a brief discussion of the new features of HTML 5 and an overview of the security risks associated with them.

'''Speaker Bio:'''

Scott is a Security Consultant at Foundstone, working out of the Sacramento, CA area. He specializes in performing web application penetration testing, threat modeling and code reviews. Scott also provides client education services for Foundstone class lead and instructor of Writing Secure Code: Java and Building Secure Code courses. He is also an instructor for the Ultimate Hacking: Web course.

Prior to joining Foundstone, Scott worked as a software engineer with over 14 years experience with several years experience on security projects. In his years as a software engineer he has filled the roles of architect and lead developer and has worked for companies ranging from Fortune 500 companies to small successful start-ups. His core development competencies are in Java and related technologies for creation of web and server side applications and is also proficient with .NET technologies.

== Future meetings ==
We always want ideas! Send your request for a meeting topic to a chapter leader or the [http://lists.owasp.org/mailman/listinfo/owasp-sacramento chapter mailing list].

== Past Meetings ==
2010-09-30: Roman Hustad conducted a "Threat Modeling Workshop"

2010-06-24: [mailto:michael.weber35@gmail.com Michael Weber] conducted a "SQL Injection Lab"

2010-05-27: Erik Peterson of [http://www.veracode.com Veracode] presented "Automated Web Application Testing - Why we're Doing It Wrong"

2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2011-02-10T02:12:45Z

Mike:

GPC Project Details/OWASP Enterprise Security API .NET Version

2010-12-04T19:38:14Z

Mike:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
| project_name = OWASP ESAPI for .NET
| project_description = This is the .NET language version of OWASP ESAPI.
* [http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio. Point your SVN tool at http://owasp-esapi-dotnet.googlecode.com/svn/trunk. Anonymous checkout is supported. You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].
| project_license = [http://en.wikipedia.org/wiki/BSD_license BSD license]
| leader_name = Alex Smolen
| leader_email = me@alexsmolen.com
| leader_username =
| past_leaders_special_contributions =
| maintainer_name = Michael Weber
| maintainer_email = michael.weber35@gmail.com
| maintainer_username =
| contributor_name1 = Paul Apostolescu
| contributor_email1 = apbogdan@gmail.com
| contributor_username1 =
| contributor_name2 =
| contributor_email2 =
| contributor_username2 =
| contributor_name3 =
| contributor_email3 =
| contributor_username3 =
| contributor_name4 =
| contributor_email4 =
| contributor_username4 =
| contributor_name5 =
| contributor_email5 =
| contributor_username5 =
| contributor_name6 =
| contributor_email6 =
| contributor_username6 =
| contributor_name7 =
| contributor_email7 =
| contributor_username7 =
| contributor_name8 =
| contributor_email8 =
| contributor_username8 =
| contributor_name9 =
| contributor_email9 =
| contributor_username9 =
| contributor_name10 =
| contributor_email10 =
| contributor_username10 =
| pamphlet_link =
| presentation_link =
| mailing_list_name = esapi-dev-dotnet
| links_url1 = http://code.google.com/p/owasp-esapi-dotnet/
| links_name1 = ESAPI for .NET Google Code repository
| links_url2 = http://owasp-esapi-dotnet.googlecode.com/files/Esapi.zip
| links_name2 = Download the latest .NET ESAPI library binary from Google Code here.
| links_url3 = http://owasp-esapi-dotnet.googlecode.com/files/Esapi_Documentation.zip
| links_name3 = Download the latest .NET ESAPI documentation from Google Code here. It is a zipped .chm (help) file.
| links_url4 = http://alexsmolen.com/dotnetesapidoc/index.html
| links_name4 = You can also browse the .NET ESAPI documentation here
| links_url5 = http://www.owasp.org/index.php/ESAPI_DotNET_Readme
| links_name5 = ESAPI .NET readme and release notes
| links_url6 = http://keepitlocked.net/archive/2009/07/29/owasp-net-esapi-0-2-released.aspx
| links_name6 = ESAPI for .NET design notes (Blog)
| links_url7 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads
| links_name7 = General ESAPI information
| links_url8 =
| links_name8 =
| links_url9 =
| links_name9 =
| links_url10 =
| links_name10 =
| project_road_map =
| project_health_status =
| current_release_name =
| current_release_date =
| current_release_download_link =
| current_release_rating =
| current_release_leader_name =
| current_release_leader_email =
| current_release_leader_username =
| current_release_details =
| last_reviewed_release_name =
| last_reviewed_release_date =
| last_reviewed_release_download_link =
| last_reviewed_release_rating =
| last_reviewed_release_leader_name =
| last_reviewed_release_leader_email =
| last_reviewed_release_leader_username =
| old_release_name1 =
| old_release_date1 =
| old_release_download_link1 =
| old_release_name2 =
| old_release_date2 =
| old_release_download_link2 =
| old_release_name3 =
| old_release_date3 =
| old_release_download_link3 =
| old_release_name4 =
| old_release_date4 =
| old_release_download_link4 =
| old_release_name5 =
| old_release_date5 =
| old_release_download_link5 =
| last_GPC_update = 4/10/2009
| GPC_Notes = Empty template (.NET_Version)
| project_home_page = :Category:OWASP_Enterprise_Security_API
| project_details_wiki_page = GPC_Project_Details/OWASP_Enterprise_Security_API_.NET_Version
}}

Sacramento

2010-11-12T00:58:02Z

Mike:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== Next meeting: TBD ==

We are currently recruiting a speaker for our January/February meeting.

== Future meetings ==
We always want ideas! Send your request for a meeting topic to a chapter leader or the [http://lists.owasp.org/mailman/listinfo/owasp-sacramento chapter mailing list].

== Past Meetings ==
2010-09-30: Roman Hustad conducted a "Threat Modeling Workshop"

2010-06-24: [mailto:michael.weber35@gmail.com Michael Weber] conducted a "SQL Injection Lab"

2010-05-27: Erik Peterson of [http://www.veracode.com Veracode] presented "Automated Web Application Testing - Why we're Doing It Wrong"

2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2010-05-14T19:26:35Z

Mike: /* MEETING: May 27, 2010, 6-8 pm: Automated Web Application Testing - Why we're Doing It Wrong */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:roman.hustad@yahoo.com Roman Hustad], [mailto:mpetteys@caiso.com Matt Petteys], and [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== MEETING: May 27, 2010, 6-8 pm: Automated Web Application Testing - Why we're Doing It Wrong ==

'''TOPIC: Automated Web Application Testing - Why we're Doing It Wrong'''.

AUDIENCE PRE-REQUISITIES:

A general understanding of web application technology as well as a general understanding of web application security testing tools and methods will be useful but not absolutely required. Even those new to web application testing, managers and executives concerned about web security will find this talk useful.

Attendees to this session will walk away with a good understanding of the following:

1. A brief understanding of the history of automated dynamic or black box testing for web applications

2. How modern web application technology is impacting the security teams ability to test for security defects and ensure the business is effectively managing application risk

3. The way many organizations are using web application testing tools today and how these approaches can lead to a false sense of security

4. How changing how we think about web applications and combining new testing techniques can deliver more accurate results and better test coverage

ABSTRACT:

It's been over 10 years since the first automated web scanning products were introduced so why are so many of the dynamic or black box testing tools still challenging to use and often ineffective? With the average organization having dozens or in some cases hundreds of web applications, testing them all manually is an expensive and time consuming task. As a result organizations have turned to automated solutions to assess their online risks, but are automated dynamic scanning solutions really effective or are they only offering us a false sense of security?

This talk covers the history of web application scanning, how web applications and therefore the methods of assessing web application risk have and must change and how cloud computing is enabling new approaches to managing and assessing risk that bring scalability and cost inline with business expectations.

SPEAKER BIO:

Erik Peterson is a Senior Solutions Architect for Veracode and an application and information security veteran with over 15 years of industry experience. Prior to Veracode, Erik Peterson was with Hewlett-Packard where he was Senior Director of Products for the HP Application Security Center, previously known as S.P.I. Dynamics which was acquired by HP in 2007. Erik was a member of the S.P.I. Dynamics executive team and led the product management team which defined the company's product and technology strategy.

'''RSVP & LOCATION:'''

Please [http://www.eventbrite.com/event/694041898 RSVP] for this event. Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Roman Hustad, 916-402-0620
*: HP Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== FUTURE Meetings ==
2010-06-24: Michael Weber be presenting "SQL Injection Lab - Attacks & Defense"

== Past Meetings ==
2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2010-05-14T19:21:05Z

Mike: /* MEETING: April 29, 2010, 6-8 pm: The Secure Software Development Lifecycle */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:roman.hustad@yahoo.com Roman Hustad], [mailto:mpetteys@caiso.com Matt Petteys], and [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== MEETING: May 27, 2010, 6-8 pm: Automated Web Application Testing - Why we're Doing It Wrong ==

'''TOPIC: Automated Web Application Testing - Why we're Doing It Wrong'''.

AUDIENCE PRE-REQUISITIES:

A general understanding of web application technology as well as a general understanding of web application security testing tools and methods will be useful but not absolutely required. Even those new to web application testing, managers and executives concerned about web security will find this talk useful.

Attendees to this session will walk away with a good understanding of the following:

1. A brief understanding of the history of automated dynamic or black box testing for web applications
2. How modern web application technology is impacting the security teams ability to test for security defects and ensure the business is effectively managing application risk
3. The way many organizations are using web application testing tools today and how these approaches can lead to a false sense of security
4. How changing how we think about web applications and combining new testing techniques can deliver more accurate results and better test coverage

ABSTRACT:

It's been over 10 years since the first automated web scanning products were introduced so why are so many of the dynamic or black box testing tools still challenging to use and often ineffective? With the average organization having dozens or in some cases hundreds of web applications, testing them all manually is an expensive and time consuming task. As a result organizations have turned to automated solutions to assess their online risks, but are automated dynamic scanning solutions really effective or are they only offering us a false sense of security?

This talk covers the history of web application scanning, how web applications and therefore the methods of assessing web application risk have and must change and how cloud computing is enabling new approaches to managing and assessing risk that bring scalability and cost inline with business expectations.

SPEAKER BIO:

Erik Peterson is a Senior Solutions Architect for Veracode and an application and information security veteran with over 15 years of industry experience. Prior to Veracode, Erik Peterson was with Hewlett-Packard where he was Senior Director of Products for the HP Application Security Center, previously known as S.P.I. Dynamics which was acquired by HP in 2007. Erik was a member of the S.P.I. Dynamics executive team and led the product management team which defined the company's product and technology strategy.

'''RSVP & LOCATION:'''

Please [http://www.eventbrite.com/event/694041898 RSVP] for this event. Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Roman Hustad, 916-402-0620
*: HP Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== FUTURE Meetings ==
2010-06-24: Michael Weber be presenting "SQL Injection Lab - Attacks & Defense"

== Past Meetings ==
2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2010-05-14T18:54:47Z

Mike: /* FUTURE Meetings */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:roman.hustad@yahoo.com Roman Hustad], [mailto:mpetteys@caiso.com Matt Petteys], and [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== MEETING: April 29, 2010, 6-8 pm: The Secure Software Development Lifecycle ==

'''TOPIC: The Secure Software Development Lifecycle'''.
Come to this meeting if you want to learn (and discuss) how to bake security into your applications as they are created. We will examine the current maturity models and methodologies (CLASP, SDL, 7 Touchpoints, OpenSAMM, BSI-MM) and talk about how these work out in the real world. The focus will be on high-value, low drag activities that are practical for most development teams. Peripheral issues will also be considered, such as how to get management on board; how traditional information security professionals can work with development teams; dealing with legacy applications; and how to separate the real threats from the security busywork.

SPEAKER BIO
Roman Hustad has been an enterprise software developer in Sacramento for most of the past ten years. Most recently he was a Principal Consultant at Foundstone where he specialized in application security by performing code reviews, threat models, and teaching secure programming. Roman is a regular presenter at local chapters of OWASP, ISSA, ISACA, and Java User Groups. He is currently a local Java development lead in the financial services industry.

'''RSVP & LOCATION:'''

Please [http://owaspsacramento.eventbrite.com/ RSVP] for this event. Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Roman Hustad, 916-402-0620
*: HP Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== FUTURE Meetings ==
2010-06-24: Michael Weber be presenting "SQL Injection Lab - Attacks & Defense"

== Past Meetings ==
2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2010-05-14T18:54:21Z

Mike: /* FUTURE Meetings */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:roman.hustad@yahoo.com Roman Hustad], [mailto:mpetteys@caiso.com Matt Petteys], and [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== MEETING: April 29, 2010, 6-8 pm: The Secure Software Development Lifecycle ==

'''TOPIC: The Secure Software Development Lifecycle'''.
Come to this meeting if you want to learn (and discuss) how to bake security into your applications as they are created. We will examine the current maturity models and methodologies (CLASP, SDL, 7 Touchpoints, OpenSAMM, BSI-MM) and talk about how these work out in the real world. The focus will be on high-value, low drag activities that are practical for most development teams. Peripheral issues will also be considered, such as how to get management on board; how traditional information security professionals can work with development teams; dealing with legacy applications; and how to separate the real threats from the security busywork.

SPEAKER BIO
Roman Hustad has been an enterprise software developer in Sacramento for most of the past ten years. Most recently he was a Principal Consultant at Foundstone where he specialized in application security by performing code reviews, threat models, and teaching secure programming. Roman is a regular presenter at local chapters of OWASP, ISSA, ISACA, and Java User Groups. He is currently a local Java development lead in the financial services industry.

'''RSVP & LOCATION:'''

Please [http://owaspsacramento.eventbrite.com/ RSVP] for this event. Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Roman Hustad, 916-402-0620
*: HP Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== FUTURE Meetings ==
2010-06-24: Michael Weber be presenting/teaching "SQL Injection Lab - Attacks & Defense"

== Past Meetings ==
2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2010-05-14T18:51:41Z

Mike: /* Past Meetings */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:roman.hustad@yahoo.com Roman Hustad], [mailto:mpetteys@caiso.com Matt Petteys], and [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== MEETING: April 29, 2010, 6-8 pm: The Secure Software Development Lifecycle ==

'''TOPIC: The Secure Software Development Lifecycle'''.
Come to this meeting if you want to learn (and discuss) how to bake security into your applications as they are created. We will examine the current maturity models and methodologies (CLASP, SDL, 7 Touchpoints, OpenSAMM, BSI-MM) and talk about how these work out in the real world. The focus will be on high-value, low drag activities that are practical for most development teams. Peripheral issues will also be considered, such as how to get management on board; how traditional information security professionals can work with development teams; dealing with legacy applications; and how to separate the real threats from the security busywork.

SPEAKER BIO
Roman Hustad has been an enterprise software developer in Sacramento for most of the past ten years. Most recently he was a Principal Consultant at Foundstone where he specialized in application security by performing code reviews, threat models, and teaching secure programming. Roman is a regular presenter at local chapters of OWASP, ISSA, ISACA, and Java User Groups. He is currently a local Java development lead in the financial services industry.

'''RSVP & LOCATION:'''

Please [http://owaspsacramento.eventbrite.com/ RSVP] for this event. Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Roman Hustad, 916-402-0620
*: HP Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== FUTURE Meetings ==
2010-05-27: [http://www.veracode.com Veracode] will be talking about "Automated Web Application Scanning"

== Past Meetings ==
2010-04-29: Roman Hustad presented "The Secure Software Development Lifecycle"

2010-03-25: Mike Fauzy of [http://www.aspectsecurity.com Aspect Security] presented "Tool Assisted Manual Code Review - Manual Precision with Automated Performance"

2010-02-25: Arshad Noor of [http://www.strongauth.com/ StrongAuth, Inc.] presented "Key Management & Encryption" [http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf Download presentation]

2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]

Sacramento

2010-03-03T18:00:07Z

Mike: /* MEETING: February 25, 2010, 6-8 pm: Key Management & Encryption */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leaders are [mailto:roman.hustad@yahoo.com Roman Hustad], [mailto:mpetteys@caiso.com Matt Petteys], and [mailto:michael.weber35@gmail.com Michael Weber].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun. Meetings are typically on the last Thursday evening of the month.

== MEETING: February 25, 2010, 6-8 pm: Key Management & Encryption ==

Refreshments will be provided by the speaker.

'''TOPIC: Key Management & Encryption'''. The presentation will explore the technical details of this discipline to explain some basics, pitfalls, best practices and the current state-of-the-art of encryption and key-management. Using this information, attendees will be able to make more informed choices when using cryptography to protect sensitive data.

* Encryption and Key Management techniques
* Tokenization vs. Encryption - pros and cons
* What are software developers doing wrong today
* Why sites like Heartland get hacked despite being PCI-certified
* What are the best practices for encryption and Key Management
* How do software developers get from here to the best practices
* Key Management standards confusion and how to navigate it
** http://xml.coverpages.org/keyManagement.html

'''SPEAKER: Arshad Noor''', is the CTO of StrongAuth, Inc, a Cupertino CA-based company that specializes in enterprise key management. He is the designer and lead-developer of StrongKey, the industry's first open-source Symmetric Key Management System, and the StrongKey Lite Encryption System - the industry's first appliance combining encryption, tokenization, key-management and a cryptographic hardware module. He has written many papers and spoken at many forums on the subject of encryption and key-management over the years.

'''RSVP & LOCATION:'''

Please [http://fs17.formsite.com/rhustad/form306287621/ RSVP] for this event. Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Roman Hustad, 916-402-0620
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

'''Presentation Download:'''
http://www.mediafire.com/file/jz5dyu1wiyk/EKM-1.0.pdf

== Past Meetings ==
2009-12-09: Alex Smolen presented "The OWASP .NET ESAPI"

2009-10-08: Ned Allison chaired a roundtable on "Database Security"

2009-07-30: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on Cross-Site Scripting"

2009-05-12: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "Hands-on SQL Injection"

2008-10-30: Joy Forsythe from [http://www.fortifysoftware.com Fortify Software] presented "Voting Security."

2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications."

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

[[Category:California]]