OWASP - User contributions [en]

Sacramento

2008-10-21T21:52:00Z

Mpetteys: /* Future Meetings */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:mpetteys@caiso.com Matt Petteys]
<paypal>Sacramento</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

== Next Meeting - OCT 30th ==
The next OWASP Sacramento meeting will be on Thursday October 30th at 6pm. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Fortify.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 10/29/08 if you plan to attend.

http://fs2.formsite.com/mpetteys/form624599676/index.html

TOPIC

Elections are the core of the democratic process. In order for an election to remain truly democratic, it must uphold four critical properties: privacy, incoercibility, accuracy and verifiability. This presentation will discuss threats against these properties, summarize the strengths and weaknesses of current voting techniques, and compare security in voting systems and business systems. It will conclude with a look to the future of voting systems in America and recommendations for how the federal government and state governments can work with voting machine vendors to adopt business software assurance techniques into the systems they create.

SPEAKER BIO:

Joy Forsythe is a member of the Security Research Group at Fortify Software, where she is responsible for developing security content for the Fortify suite of products. Prior to joining Fortify, Ms. Forsythe worked for Oracle, where she designed and implemented the encryption and storage optimization features for SecureFiles. At MIT she was a Research Assistant in the Computer Science and Artificial Intelligence Laboratory, where she worked under Professor Ron Rivest on electronic voting and cryptography. She holds a M.E. and a B.S. in Computer Science and Engineering from MIT.

* LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== Future Meetings ==

November 2008: A hands-on training with [[:Category:OWASP_WebGoat_Project|WebGoat]] is planned. Bring your laptop with a CD-ROM drive so you can boot the [[:Category:OWASP_Live_CD_2008_Project|OWASP Live CD]].

== Past Meetings ==
2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications".

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

== Local News ==
2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey2.html OWASP Sacramento March Topic Survey]. This meeting will be sponsored by [http://www.breach.com Breach Security].

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacramento Topic Survey]

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

[[Category:California]]

Sacramento

2008-10-21T21:40:20Z

Mpetteys:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:mpetteys@caiso.com Matt Petteys]
<paypal>Sacramento</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

== Next Meeting - OCT 30th ==
The next OWASP Sacramento meeting will be on Thursday October 30th at 6pm. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Fortify.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 10/29/08 if you plan to attend.

http://fs2.formsite.com/mpetteys/form624599676/index.html

TOPIC

Elections are the core of the democratic process. In order for an election to remain truly democratic, it must uphold four critical properties: privacy, incoercibility, accuracy and verifiability. This presentation will discuss threats against these properties, summarize the strengths and weaknesses of current voting techniques, and compare security in voting systems and business systems. It will conclude with a look to the future of voting systems in America and recommendations for how the federal government and state governments can work with voting machine vendors to adopt business software assurance techniques into the systems they create.

SPEAKER BIO:

Joy Forsythe is a member of the Security Research Group at Fortify Software, where she is responsible for developing security content for the Fortify suite of products. Prior to joining Fortify, Ms. Forsythe worked for Oracle, where she designed and implemented the encryption and storage optimization features for SecureFiles. At MIT she was a Research Assistant in the Computer Science and Artificial Intelligence Laboratory, where she worked under Professor Ron Rivest on electronic voting and cryptography. She holds a M.E. and a B.S. in Computer Science and Engineering from MIT.

* LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== Future Meetings ==

October 2008: A hands-on training with [[:Category:OWASP_WebGoat_Project|WebGoat]] is planned. Bring your laptop with a CD-ROM drive so you can boot the [[:Category:OWASP_Live_CD_2008_Project|OWASP Live CD]].

== Past Meetings ==
2008-07-31: [mailto:roman.hustad@yahoo.com Roman Hustad] presented "How to Test the Security of Web Applications".

2008-06-26: Shan Zhou from [http://www.imperva.com/ Imperva] presented "Database Security."

2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification."

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

== Local News ==
2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey2.html OWASP Sacramento March Topic Survey]. This meeting will be sponsored by [http://www.breach.com Breach Security].

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacramento Topic Survey]

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

[[Category:California]]

Sacramento

2008-05-23T19:21:41Z

Mpetteys:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:mpetteys@caiso.com Matt Petteys]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

== Next Meeting - JUNE 26th ==

The next OWASP Sacramento meeting will be on Thursday June 26th at 6pm. The topic of this meeting will be Database security. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Imperva.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 6/19/08 if you plan to attend.

http://fs2.formsite.com/mpetteys/form790760465/index.html

TOPIC

The presentation will be a live, educational demo to demonstrate and facilitate discussion of the top Database Security vulnerabilities. Corporate databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions in fines, lawsuits, and customer attrition. The good news is there are commonly used methods to attack databases. Attend this event to see a live Database hacking demonstration of SQL Injection and several other DB attacks.

* Understand the most prominent database security threats and how they are carried out
* Know how to assess and mitigate database threats
* Have a blueprint for implementing a comprehensive database protection
* Free copy of the Scuba Database vulnerability scanning tool to help you analyze and identify database vulnerabilities, mis-configurations, unpatched software, unsafe processes, and weak passwords: the high risk security vulnerabilities that expose your databases to attack.

SPEAKER BIO:

Shan Zhou joined Imperva in 2005 and serves as Security Engineer Manager for the Western United States. Shan has been involved in and is responsible for architecture, design, and implementation of Imperva’s largest customers.

Previously, Shan held similar positions at Sourcefire, the world leader in intrusion prevention technology. Sourcefire grew from an open source startup to raising $86 million dollars in its IPO. Prior to Sourcefire, Shan worked as Global Accounts Systems Engineer at Check Point Software Technologies, integrating Check Point’s security solutions into Fortune 50 companies worldwide.

Shan attended Drexel University majoring in Electrical Engineering. He also participates in various application and network security organizations.

* LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== Local News ==
2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification"

2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey2.html OWASP Sacramento March Topic Survey]. This meeting will be sponsored by [http://www.breach.com Breach Security].

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacramento Topic Survey]

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2008-05-23T00:32:56Z

Mpetteys:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:mpetteys@caiso.com Matt Petteys]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

== Next Meeting - JUNE 26th ==

The next OWASP Sacramento meeting will be on Thursday June 26th at 6pm. The topic of this meeting will be Database security. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Imperva.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 6/19/08 if you plan to attend.

http://fs2.formsite.com/mpetteys/form790760465/index.html

TOPIC

The presentation will be a live, educational demo to demonstrate and facilitate discussion of the top Database Security vulnerabilities. Corporate databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions in fines, lawsuits, and customer attrition. The good news is there are commonly used methods to attack databases. Attend this event to see a live Database hacking demonstration of SQL Injection and several other DB attacks.

* Understand the most prominent database security threats and how they are carried out
* Know how to assess and mitigate database threats
* Have a blueprint for implementing a comprehensive database protection
* Free copy of the Scuba Database vulnerability scanning tool to help you analyze and identify database vulnerabilities, mis-configurations, unpatched software, unsafe processes, and weak passwords: the high risk security vulnerabilities that expose your databases to attack.

SPEAKER BIO: Ryan Barnett – Director of Application Security Training

Shan Zhou joined Imperva in 2005 and serves as Security Engineer Manager for the Western United States. Shan has been involved in and is responsible for architecture, design, and implementation of Imperva’s largest customers.

Previously, Shan held similar positions at Sourcefire, the world leader in intrusion prevention technology. Sourcefire grew from an open source startup to raising $86 million dollars in its IPO. Prior to Sourcefire, Shan worked as Global Accounts Systems Engineer at Check Point Software Technologies, integrating Check Point’s security solutions into Fortune 50 companies worldwide.

Shan attended Drexel University majoring in Electrical Engineering. He also participates in various application and network security organizations.

* LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== Local News ==
2008-04-03: Ryan C. Barnett from [http://www.breach.com/ Breach Security] presented "Passive Web Application Defect Identification"

2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey2.html OWASP Sacramento March Topic Survey]. This meeting will be sponsored by [http://www.breach.com Breach Security].

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacramento Topic Survey]

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2008-03-06T18:39:41Z

Mpetteys: /* Local News */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:mpetteys@caiso.com Matt Petteys]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

== Next Meeting - ARPIL 3RD ==

The next OWASP Sacramento meeting will be on Thursday Apr. 3rd at 6pm. The topic of this meeting will be Passive Web Application Defect Identification. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Breach Security.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 3/26/08 if you plan to attend.

http://fs2.formsite.com/mpetteys/form826893818/index.html

TOPIC

Identifying web application vulnerabilities has traditionally been achieved by running vulnerability scanners. While these tools can been effective, they have some deficiencies, mainly that they are simply snap-shots in time and they often add network load on the web application. Web application firewalls can help to detect application defects in applications by monitoring the application as it is used. In this presentation, Ryan Barnett, Director of Application Security at Breach, will discuss how deploying a web application firewall can provide more value beyond simply protecting applications from attack.

Due to their strategic placement within the application's communication stream, web application firewalls, can provide a great deal of visibility into how an application is used and detect defects by watching the interaction between the application and a client.

This presentation will discuss:
* Real-time application monitoring - unprecedented insight for security teams into the communication of application's they are responsible for protecting
* Application defect detection - scanning vs. monitoring usage
* Enhancements for the application development lifecycle - more comprehensive application assessment than simulated tests

SPEAKER BIO: Ryan Barnett – Director of Application Security Training

Ryan C. Barnett is a recognized security thought leader and evangelist who frequently speaks with the media and industry groups. Ryan is the director of application security at Breach Security. He is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security/Building a Web Application Firewall Workshop, Top 20 Vulnerabilities Team Member and Local Mentor for the SANS Track 4, "Hacker Techniques, Exploits and Incident Handling" course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX) and Security Essentials (GSEC). Mr. Barnett also serves as the team lead for the Center for Internet Security Apache Benchmark Project and is a member of the Web Application Security Consortium. His web security book, "Preventing Web Attacks with Apache,” was published by Addison/Wesley in 2006.

* LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== Local News ==
2008-03-26: Ryan C. Barnett from [http://www.breach.com/ Breach Security] will be presenting "Passive Web Application Defect Identification" on April 3rd 2008.

2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey2.html OWASP Sacramento March Topic Survey]. This meeting will be sponsored by [http://www.breach.com Breach Security].

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacramento Topic Survey]

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2008-03-06T18:34:40Z

Mpetteys: /* Next Meeting - ARPIL 3RD */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:mpetteys@caiso.com Matt Petteys]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

== Next Meeting - ARPIL 3RD ==

The next OWASP Sacramento meeting will be on Thursday Apr. 3rd at 6pm. The topic of this meeting will be Passive Web Application Defect Identification. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Breach Security.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 3/26/08 if you plan to attend.

http://fs2.formsite.com/mpetteys/form826893818/index.html

TOPIC

Identifying web application vulnerabilities has traditionally been achieved by running vulnerability scanners. While these tools can been effective, they have some deficiencies, mainly that they are simply snap-shots in time and they often add network load on the web application. Web application firewalls can help to detect application defects in applications by monitoring the application as it is used. In this presentation, Ryan Barnett, Director of Application Security at Breach, will discuss how deploying a web application firewall can provide more value beyond simply protecting applications from attack.

Due to their strategic placement within the application's communication stream, web application firewalls, can provide a great deal of visibility into how an application is used and detect defects by watching the interaction between the application and a client.

This presentation will discuss:
* Real-time application monitoring - unprecedented insight for security teams into the communication of application's they are responsible for protecting
* Application defect detection - scanning vs. monitoring usage
* Enhancements for the application development lifecycle - more comprehensive application assessment than simulated tests

SPEAKER BIO: Ryan Barnett – Director of Application Security Training

Ryan C. Barnett is a recognized security thought leader and evangelist who frequently speaks with the media and industry groups. Ryan is the director of application security at Breach Security. He is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security/Building a Web Application Firewall Workshop, Top 20 Vulnerabilities Team Member and Local Mentor for the SANS Track 4, "Hacker Techniques, Exploits and Incident Handling" course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX) and Security Essentials (GSEC). Mr. Barnett also serves as the team lead for the Center for Internet Security Apache Benchmark Project and is a member of the Web Application Security Consortium. His web security book, "Preventing Web Attacks with Apache,” was published by Addison/Wesley in 2006.

* LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
*: EDS Medi-Cal [http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3215+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr (map)]
*: 3215 Prospect Park Drive
*: Rancho Cordova , CA
*: 95670

== Local News ==
2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey2.html OWASP Sacramento March Topic Survey]. This meeting will be sponsored by [http://www.breach.com Breach Security].

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from [http://www.foundstone.com Foundstone] presented "Web Application Hacking" to over 40 attendees.

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-08-30: Barmak Meftah from [http://www.fortifysoftware.com Fortify Software] presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacramento Topic Survey]

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2008-02-28T00:47:22Z

Mpetteys: /* Next Meeting */

Sacramento

2008-02-08T19:38:41Z

Mpetteys: /* Local News */

Sacramento

2007-11-27T21:54:31Z

Mpetteys: /* NOVEMBER 29th MEETING */

OWASP Community

2007-11-07T06:56:23Z

Mpetteys:

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP Calendar [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Upcoming Events==
Not yet registered in the Calendar:

==Upcoming Events==

'''Dec 18 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Dec 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Dec 5(18:00h) - [[Boston|Possible Boston OWASP Chapter Meeting]] '''

'''Dec 3(13:00h) - [[Israel|OWASP Israel 2007]] '''

'''Nov 29 (18:00h) -[[Seattle|Seattle Chapter Meeting]] '''

'''Nov 29 (18:00h) -[[Sacramento|Sacramento Chapter Meeting]] '''

'''Nov 26 (09:30h) - [[Turkey|Turkey Chapter Meeting - Izmir]] '''

'''Nov 24 (13:30h) - [[Turkey|Turkey Chapter Meeting - Ankara]] '''

'''Nov 20 (18:00h) - [[Belgium|Belgium Chapter Meeting]] '''

'''Nov 14 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Nov 14 (18:00h) - [[Houston|Houston Chapter Meeting]] '''

'''Nov 11 (18:00h) - [[Ireland|Ireland Chapter Meeting]] '''

'''Nov 7 (18:00h) - [[Boston|Possible Boston OWASP Chapter Meeting]] '''

'''Nov 7 (19:00h) - [[Singapore|Singapore OWASP Chapter Meeting]] '''

'''Nov 3 (18:30h) - [[Malaysia|Malaysia OWASP Chapter Meeting]] '''

==Past Events==

'''Oct 9 (1930h) - [[Singapore|Singapore OWASP chapter meeting]]'''

'''Oct 2 (1830h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Sept 27 (1800h) - [[New York|NY/NJ Metro chapter meeting]]'''

'''Sept 27 (13:00h) - [[Taiwan|Taiwan chapter meeting]]'''

'''Sept 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Sept 10 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Sept 7 (15:00h) [[Germany|German chapter meeting]]''' - Restart of the German Chapter

'''Sept (12:00h) - [[Belgium|Belgium OWASP Day Event]] '''

'''Sept 6 (18:00h) - [[Kansas_City|Kansas City Chapter meeting]]'''

'''Sept 5 (18:00h) - [[Chicago|Chicago Chapter Meeting]]'''

'''Sept 5 (17:00h) - [[Israel|Israeli chapter meeting]]'''

'''July 25 (18:00h) - [[San Jose|San Jose Chapter Meeting]]'''

'''July 24 (17:00h) - [[Switzerland|Switzerland chapter meeting]]'''

'''July 14 (11:00h) - [[Turkey|Turkey chapter meeting - 1st Web Security Days]]'''

'''July 6 (17:00h) - [[Spain|Spain chapter meeting]]'''

'''June 26 (11:30hr) - [[Austin|Austin chapter meeting]]''' - Running Web Application Scans

'''June 22 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''June 21 (19:00h) - [[Denver]]''' - Anti-DNS Pinning Attacks / Calculating Return on Security Investment (ROSI)

'''June 19 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''June 15 (17:00hr) - [[Spain|Spain chapter meeting]]'''

'''June 13 (18:30hr) - [[Kansas City|Kansas City chapter meeting]]'''

'''June 12 (18:00hr) - [[New York|NY/NJ Metro chapter meeting]]'''

'''Jun 5 (19:00h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Jun 5 (17:30h) - [[Houston | Houston Chapter Meeting]]'''

'''May 29 (9:00h) - [[http://www.owasp.org/index.php/Italy#May_29th.2C_2007_-_Seminar:_.22Software_Security.22 Italy@Firenze Tecnologia]]'''

'''May 29 (11:30h) - [[Austin | Austin Chapter Meeting]]''' - Bullet Proof UI - A programmer's guide to the complete idiot".

'''May 29 (18:00h) - [[Ottawa | Ottawa Chapter Meeting]]'''

'''May 22 (18:30h) - [[New Zealand|1st New Zealand chapter Meeting]]'''

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 6 (11:00h) - [[Turkey|Turkey chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (11:00h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 24 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 18 (17:00h) - [[San Francisco City Chapter Meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 - [[Melbourne | Melbourne chapter meeting]]'''

'''May 2 - [[Boston]]'''

'''May 6 - [[Turkey]]'''

'''May 8 - [[Virginia (Northern Virginia)|Washington DC (VA)]]'''

'''May 9 - [[Toronto]]'''

'''May 10 - [[Belgium]]'''

'''May 15 - [[Rochester]]'''

'''May 21 - [[Israel]]'''

'''May 22 - [[New Zealand]]'''

'''May 29 - [[Italy]]'''

'''June 5 - [[Houston]]'''

'''June 5 - [[Melbourne]]'''

'''June 5 - [[Helsinki]]'''

'''June 12 - [[New Jersey]]'''

'''June 15 - [[Spain]]'''

'''July 14 - [[Turkey]]'''

Sacramento

2007-10-29T18:42:06Z

Mpetteys: /* Local News */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:bobhome@dslextreme.com Bob Grill]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

==NOVEMBER 29th MEETING==
The next OWASP Sacramento meeting will be on Thursday Nov. 29 at 6pm. The topic of this meeting will be Web Application Hacking. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Foundstone.

Please use the online RSVP form below or contact Mpetteys at caiso.com by
11/22/07 if you plan to attend.

[http://fs2.formsite.com/mpetteys/form681597126/index.html RSVP Form]

TOPIC

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

SPEAKER BIO: [http://www.nofluffjuststuff.com/conference/speaker/roman_hustad.html Roman Hustad, Foundstone Professional Services]

LOCATION INFORMATION:

Upon arriving at the main entrance, please ask for Robert Grill,
office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716

EDS Medi-Cal
3125 Prospect Park Drive
Rancho Cordova, CA 95670

[http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3125+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr Directions To EDS]

== Local News ==
'''We have rescheduled the next meeting for November 29th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.'''

We have rescheduled the next meeting for August 30th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacrament Topic Survey]

OWASP Sacramento is planning a public presentation in late Augues 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2007-10-29T18:36:00Z

Mpetteys: /* Local News */

Sacramento

2007-10-29T18:32:40Z

Mpetteys: /* Local News */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:bobhome@dslextreme.com Bob Grill]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

==NOVEMBER 29th MEETING==
The next OWASP Sacramento meeting will be on Thursday Nov. 29 at 6pm. The topic of this meeting will be Web Application Hacking. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Foundstone.

Please use the online RSVP form below or contact Mpetteys at caiso.com by
11/22/07 if you plan to attend.

[http://fs2.formsite.com/mpetteys/form681597126/index.html RSVP Form]

TOPIC

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

SPEAKER BIO: [http://www.nofluffjuststuff.com/conference/speaker/roman_hustad.html Roman Hustad, Foundstone Professional Services]

LOCATION INFORMATION:

Upon arriving at the main entrance, please ask for Robert Grill,
office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716

EDS Medi-Cal
3125 Prospect Park Drive
Rancho Cordova, CA 95670

[http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3125+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr Directions To EDS]

== Local News ==
We have rescheduled the next meeting for November 29th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

We have rescheduled the next meeting for August 30th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacrament Topic Survey]

OWASP Sacramento is planning a public presentation in late Augues 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

'''OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)'''

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2007-10-29T18:32:27Z

Mpetteys: /* Local News */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:bobhome@dslextreme.com Bob Grill]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

==NOVEMBER 29th MEETING==
The next OWASP Sacramento meeting will be on Thursday Nov. 29 at 6pm. The topic of this meeting will be Web Application Hacking. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Foundstone.

Please use the online RSVP form below or contact Mpetteys at caiso.com by
11/22/07 if you plan to attend.

[http://fs2.formsite.com/mpetteys/form681597126/index.html RSVP Form]

TOPIC

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

SPEAKER BIO: [http://www.nofluffjuststuff.com/conference/speaker/roman_hustad.html Roman Hustad, Foundstone Professional Services]

LOCATION INFORMATION:

Upon arriving at the main entrance, please ask for Robert Grill,
office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716

EDS Medi-Cal
3125 Prospect Park Drive
Rancho Cordova, CA 95670

[http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3125+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr Directions To EDS]

== Local News ==
We have rescheduled the next meeting to November 29th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

We have rescheduled the next meeting to August 30th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacrament Topic Survey]

OWASP Sacramento is planning a public presentation in late Augues 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

'''OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)'''

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2007-10-29T18:31:58Z

Mpetteys: /* NOVEMBER 29th MEETING */

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:bobhome@dslextreme.com Bob Grill]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

==NOVEMBER 29th MEETING==
The next OWASP Sacramento meeting will be on Thursday Nov. 29 at 6pm. The topic of this meeting will be Web Application Hacking. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Foundstone.

Please use the online RSVP form below or contact Mpetteys at caiso.com by
11/22/07 if you plan to attend.

[http://fs2.formsite.com/mpetteys/form681597126/index.html RSVP Form]

TOPIC

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

SPEAKER BIO: [http://www.nofluffjuststuff.com/conference/speaker/roman_hustad.html Roman Hustad, Foundstone Professional Services]

LOCATION INFORMATION:

Upon arriving at the main entrance, please ask for Robert Grill,
office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716

EDS Medi-Cal
3125 Prospect Park Drive
Rancho Cordova, CA 95670

[http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3125+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&om=1&ll=38.58885,-121.275437&spn=0.01117,0.019956&t=k&z=16&iwloc=addr Directions To EDS]

== Local News ==
We have rescheduled the next meeting to August 30th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacrament Topic Survey]

OWASP Sacramento is planning a public presentation in late Augues 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

'''OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)'''

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2007-08-01T00:03:44Z

Mpetteys:

{{Chapter Template|chaptername=Sacramento|extra=The chapter leader is [mailto:bobhome@dslextreme.com Bob Grill]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sacramento|emailarchives=http://lists.owasp.org/pipermail/owasp-sacramento}}

== Charter ==
The Sacramento OWASP Chapter promotes the [[About_The_Open_Web_Application_Security_Project|principles of OWASP]] in our local community with an emphasis on education, local networking opportunities, and fun.

==AUGUST 30th MEETING==
The next OWASP Sacramento meeting will be on Thursday August 30th at 6pm. The topic of this meeting will be Hack-Proof Your Service-Oriented Architecture (SOA). This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Fortify Software.

Please use the online RSVP form below or contact Mpetteys at caiso.com by 8/10/07 if you plan to attend.

[http://fs2.formsite.com/mpetteys/form467368333/index.html RSVP Form]

TOPIC

With the advent of web services and the prevalence of SOA platforms, the need for securing externally accessible interfaces has become a significant consideration. Inherently, web services externalize interfaces to facilitate the communication between business components which then leaves them vulnerable to security breaches. Much attention has been given to securing the protocols that govern SOA, authentication and authorization for accessing web services, and cryptography, but little attention has been devoted to securing the software itself. During this meeting we will examine the role of SOA platforms, demonstrate commonly used hacker techniques on web services and discuss how exploitation can be avoided given the right tools and emphasis on software security. Additionally, we will discuss tips that IT professionals can use to remediate SOA security problems.

SPEAKER BIO: TBD

LOCATION INFORMATION:

Upon arriving at the main entrance, please ask for Robert Grill,
office:916-636-4392, cell:916-997-9892

EDS Medi-Cal
3125 Prospect Park Drive
Rancho Cordova, CA 95670

[http://maps.google.com/maps?f=q&hl=en&geocode=&q=%3D3125+Prospect+Park+Drive,Rancho+Cordova,+CA+95670&sll=37.0625,-95.677068&sspn=51.443116,107.753906&ie=UTF8&ll=38.58885,-121.275437&spn=0.006256,0.013154&z=16&om=1 Directions To EDS]

== Local News ==
We have rescheduled the next meeting to August 30th 2007. Please contact the [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

OWASP Sacramento is requesting comments on future topics using the following URL. [http://www.yellowguppy.com/~mpetteys/sacowaspsurvey1.html OWASP Sacrament Topic Survey]

OWASP Sacramento is planning a public presentation in late Augues 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

'''OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)'''

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide
the latest OWASP related information. Enjoy!

Sacramento

2007-07-23T19:26:23Z

Mpetteys: /* Local News */