https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Mstarks01OWASP - User contributions [en]2026-04-22T16:13:12ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Rochester&diff=19191Rochester2007-06-15T03:17:51Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (nearI-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''June Meeting Details'''<br />
<br />
Please join us for an informal gathering at [http://maps.google.com/maps?f=q&hl=en&q=macgregors+henrietta,+ny&ie=UTF8&om=1&ll=43.171132,-77.614288&spn=0.443687,0.933838&z=10&iwloc=C McGregors] on Monday, June 18 at 6:00 PM. Hope to see you there.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=19190Rochester2007-06-15T03:17:24Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''June Meeting Details'''<br />
<br />
Please join us for an informal gathering at [http://maps.google.com/maps?f=q&hl=en&q=macgregors+henrietta,+ny&ie=UTF8&om=1&ll=43.171132,-77.614288&spn=0.443687,0.933838&z=10&iwloc=C McGregors] on Monday, June 18 at 6:00 PM.<br />
<br />
Hope to see you there.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=17867Rochester2007-04-16T02:37:42Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''April Meeting Details'''<br />
<br />
Details are not yet available, however we will be meeting at our regular time and place.<br />
<br />
Hope to see you there.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=17309Rochester2007-03-17T15:17:19Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''March Meeting Details'''<br />
<br />
Although there will be no OWASP Rochester meeting in March, the Rochester chapter of ISSA will be having a free and open-to-the-public meeting on Monday, March 19 at 5:30 PM. James Kist, CISSP will be presenting on Web Application Security. James will be discussing common problems such as SQL Injection, as well as the not-so-common problems, such as AJAX and AJAX worms.<br />
<br />
Full details, including the location, can be found at: http://www.rochissa.org/#meetings<br />
<br />
Hope to see you there.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=17308Rochester2007-03-17T15:16:22Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''March Meeting Details'''<br />
<br />
Although there will be no OWASP Rochester meeting in March, the Rochester chapter of ISSA will be having a free and open-to-the-public meeting on Monday, March 19 at 5:30 PM. James Kist, CISSP will be presenting on Web Application Security. James will be discussing common problems such as SQL Injection, as well as the not-so-common problems, such as AJAX and AJAX worms.<br />
<br />
Full details, including the location, can be found at: http://www.rochissa.org/#meetings<br />
<br />
Hope to see you there.. Enjoy the break!<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=17179Rochester2007-03-14T00:07:30Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''March Meeting Details'''<br />
<br />
There will be no meeting in March. Enjoy the break!<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=OWASP_Community&diff=16056OWASP Community2007-02-01T02:52:07Z<p>Mstarks01: /* Events */</p>
<hr />
<div>This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.<br />
<br />
Events from previous years are archived here:<br />
* '''[[OWASP Community 2006]]'''<br />
<br />
This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:<br />
<br />
'''Mon ## (##:00h) - [[Article]]'''<br />
<br />
<!--<br />
<br />
CHAPTER LEADS -- please put your schedule here and we'll post a month in advance<br />
<br />
*** OTTAWA: Rough dates ***<br />
'''Mar 7 - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
'''May 9 - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
'''Sept 12 - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
'''Nov 14 - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
<br />
*** BOSTON: Every first Wednesday of the month ***<br />
'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
*** MELBOURNE: First Tuesday of the month ***<br />
'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''Jul 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
*** NETHERLANDS: Second Thursday of the month sometimes ***<br />
'''Sept 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
'''Dec 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
*** ROCHESTER: Every third Monday of the month ***<br />
'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
*** TORONTO: Every second Wednesday of the month<br />
'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
*** VIRGINIA: Every second tuesday of the month ***<br />
'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
'''Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
--><br />
<br />
==Events==<br />
<br />
'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Mar 27 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''<br />
<br />
; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''<br />
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”<br />
<br />
'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''<br />
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”<br />
<br />
'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''<br />
<br />
'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Seattle|Seattle chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''<br />
<br />
'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''<br />
<br />
'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''<br />
<br />
'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''<br />
<br />
'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''<br />
<br />
'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''<br />
<br />
'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''<br />
<br />
'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''<br />
<br />
'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''<br />
<br />
'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''<br />
<br />
'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''<br />
<br />
'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''<br />
<br />
'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''<br />
<br />
'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=16055Rochester2007-02-01T02:32:05Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''February Meeting Details'''<br />
<br />
<b>Date:</b> Monday, February 19, 2007, 6:00 PM<br />
<br />
<b>Time:</b> 6:00 PM<br />
<br />
<b>Intended audience:</b> Technical<br />
<br />
<b>Presenter:</b> Ralph Durkee, CISSP, GSEC, GCIH, GSNA, Principal Security Consultant<br />
<br />
<b>Topic:</b> Hands on Web Application Hacking with the OWASP Web Goat<br />
<br />
<b>Description:</b> We'll continue our exploration from last month and exploit web applications vulnerabilities using the OWASP Web Goat tool, which is designed for training real-world web application hacking techniques. Group participation will be encouraged. All exploits will be done by a trained professional on an off-the-net vulnerable application that you download from OWASP web site so that you can "try this at home", but always with the appropriate permission first, of course.<br />
<br />
<b>Bio:</b> Ralph Durkee: Performing a wide variety of consulting and training projects including software development, systems and networking security throughout his 25+ year career, Ralph is the president and founder of Durkee Consulting, since 1996. His specialty focuses on Internet security consulting and secure systems software development. He helped write a major portion of the Web Application Security training material for the SANS LAMP (Linux Apache MySql PHP) course. Ralph is a recent editor for the Center for Internet Security's Apache, Linux and DNS BIND benchmark. Ralph is a seasoned security consultant and trainer and holds GIAC certifications in GSEC since 2000 then GCIH since 2001 as well as the GSNA and CISSP.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=15352Rochester2007-01-15T03:07:29Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. Note: For January, we will meet the <b>fourth</b> Monday of the month.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''January Meeting Details'''<br />
<br />
<b>Date:</b> Monday, January 22, 2006, 6:00 PM<br />
<br />
<b>Time:</b> 6:00 PM<br />
<br />
<b>Intended audience:</b> Technical<br />
<br />
<b>Presenter:</b> Ralph Durkee, CISSP, GSEC, GCIH, GSNA, Principal Security Consultant<br />
<br />
<b>Topic:</b> Hands on Web Application Hacking with the OWASP Web Goat<br />
<br />
<b>Description:</b> We'll explore and exploit web applications vulnerabilities using the OWASP Web Goat tool designed for training real-world web application hacking techniques. Group participation will be encouraged. All exploits will be done by a trained professional on an off-the-net vulnerable application that you download from OWASP web site so that you can "try this at home", but always with the appropriate permission first, of course.<br />
<br />
<b>Bio:</b> Ralph Durkee: Performing a wide variety of consulting and training projects including software development, systems and networking security throughout his 25+ year career, Ralph is the president and founder of Durkee Consulting, since 1996. His specialty focuses on Internet security consulting and secure systems software development. He helped write a major portion of the Web Application Security training material for the SANS LAMP (Linux Apache MySql PHP) course. Ralph is a recent editor for the Center for Internet Security's Apache, Linux and DNS BIND benchmark. Ralph is a seasoned security consultant and trainer and holds GIAC certifications in GSEC since 2000 then GCIH since 2001 as well as the GSNA and CISSP.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=15351Rochester2007-01-15T02:51:54Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. Note: For January, we will meet the <b>fourth</b> Monday of the month.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''January Meeting Details'''<br />
<br />
<b>Date:</b> Monday, January 22, 2006, 6:00 PM<br />
<br />
<b>Time:</b> 6:00 PM<br />
<br />
<b>Intended audience:</b> Technical<br />
<br />
<b>Presenter:</b> Ralph Durkee, CISSP, GSEC, GCIH, GSNA, Principal Security Consultant<br />
<br />
<b>Topic:</b> Hands on Web Application Hacking with the OWASP Web Goat<br />
<br />
<b>Description:</b> We'll explore and exploit web applications vulnerabilities using the OWASP Web Goat tool designed for training real-world web application hacking techniques. Group participation will be encouraged. All exploits will be done by a trained professional on an off-the-net vulnerable application that you download from OWASP web site so that you can "try this at home", but always with the appropriate permission first, or course.<br />
<br />
<b>Bio:</b> Ralph Durkee: Performing a wide variety of consulting and training projects including software development, systems and networking security throughout his 25+ year career, Ralph is the president and founder of Durkee Consulting, since 1996. His specialty focuses on Internet security consulting and secure systems software development. He helped write a major portion of the Web Application Security training material for the SANS LAMP (Linux Apache MySql PHP) course. Ralph is a recent editor for the Center for Internet Security's Apache, Linux and DNS BIND benchmark. Ralph is a seasoned security consultant and trainer and holds GIAC certifications in GSEC since 2000 then GCIH since 2001 as well as the GSNA and CISSP.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=15350Rochester2007-01-15T02:49:54Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. Note: For January, we will meet the <b>fourth</b> Monday of the month.<br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''January Meeting Details'''<br />
<br />
<b>Date:</b> Monday, January 22, 2006, 6:00 PM<br />
<br />
<b>Time:</b> 6:00 PM<br />
<br />
<b>Intended audience:</b> Technical<br />
<br />
<b>Presenter:</b> Ralph Durkee, CISSP, GSEC, GCIH, GSNA Principal Security Consultant<br />
<br />
<b>Topic:</b> Hands on Web Application Hacking with the OWASP Web Goat<br />
<br />
<b>Description:</b> We'll explore and exploit web applications vulnerabilities using the OWASP Web Goat tool designed for training real-world web application hacking techniques. Group participation will be encouraged. All exploits will be done by a trained professional on an off-the-net vulnerable application that you download from OWASP web site so that you can "try this at home", but always with the appropriate permission first, or course.<br />
<br />
<b>Bio:</b> Ralph Durkee: Performing a wide variety of consulting and training projects including software development, systems and networking security throughout his 25+ year career, Ralph is the president and founder of Durkee Consulting, since 1996. His specialty focuses on Internet security consulting and secure systems software development. He helped write a major portion of the Web Application Security training material for the SANS LAMP (Linux Apache MySql PHP) course. Ralph is a recent editor for the Center for Internet Security's Apache, Linux and DNS BIND benchmark. Ralph is a seasoned security consultant and trainer and holds GIAC certifications in GSEC since 2000 then GCIH since 2001 as well as the GSNA and CISSP.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=13901Rochester2006-12-01T18:05:53Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''For this meeting, we'll be gathering at [http://maps.google.com/maps?hl=en&q=Mcgregor%27s+henrietta+ny&ie=UTF8&oe=UTF-8&filter=0&om=1&z=15&ll=43.093964,-77.652268&spn=0.015074,0.029182 MacGregors' Restaurant] for some food, drink and fun.'''<br />
<br />
'''December Meeting Details'''<br />
<br />
<b>Date:</b> Monday, December 18, 2006, 6:00 PM<br />
<br />
<b>Duration:</b> 6:00 PM Until...<br />
<br />
<b>Intended audience:</b> Everyone<br />
<br />
<b>Topic:</b> The Coming Year<br />
<br />
We'll be forgoing the usual formal presentation this month for a festive gathering at MacGregors' Restaurant. We'll have some food, drink, fun and talk about the coming year.<br />
<br />
<font color="#FF0000"><b>So that we may give the restaurant some advance notice, we are requesting that you [mailto:macgregorsrsvp@michaelstarks.com RSVP] by December 11.</b></font><br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=13900Rochester2006-12-01T18:04:49Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''For this meeting, we'll be meeting at [http://maps.google.com/maps?hl=en&q=Mcgregor%27s+henrietta+ny&ie=UTF8&oe=UTF-8&filter=0&om=1&z=15&ll=43.093964,-77.652268&spn=0.015074,0.029182 MacGregors' Restaurant] for some food, drink and fun.'''<br />
<br />
'''December Meeting Details'''<br />
<br />
<b>Date:</b> Monday, December 18, 2006, 6:00 PM<br />
<br />
<b>Duration:</b> 6:00 PM Until...<br />
<br />
<b>Intended audience:</b> Everyone<br />
<br />
<b>Topic:</b> The Coming Year<br />
<br />
We'll be forgoing the usual formal presentation this month for a festive gathering at MacGregors' Restaurant. We'll have some food, drink, fun and talk about the coming year.<br />
<br />
<font color="#FF0000"><b>So that we may give the restaurant some advance notice, we are requesting that you [mailto:macgregorsrsvp@michaelstarks.com RSVP] by December 11.</b></font><br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11274Rochester2006-10-30T18:50:47Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
For this meeting, we'll be gathering in room 204. Enter the the main Bryant & Stratton entrance door, go up the stairs and turn left down the hallway to room 204. There will also be a signs on the doors.<br />
<br />
'''November Meeting Details'''<br />
<br />
<b>Date: Monday, November 20, 2006, 6:00 PM</b><br />
<br />
<b>Duration: 1 hour 30 minutes</b><br />
<b>Intended audience: Technical, Technical Management</b><br />
<br />
<b>Presentation: Making Source Code Analysis Part of the Security Review Process</b>, by Matt Rose, Fortify Software.<br />
<br />
How do you know if your software applications are secure? Manual audits only cover a small percentage of the source code base and periodic checks only provide a snapshot in time. Source code analysis allows development organizations to manage software security by leveraging well-documented best practices that can be automated. This session will <br />
reveal how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. The session will describe the ins and outs of the technology, including its limitations and newly explored areas. Real life examples from actual engagements will be used throughout.<br />
<br />
<b>Due to limited space, we are requesting that you [mailto:fortifyrsvp@michaelstarks.com RSVP] by Novermber 13.</b><br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11273Rochester2006-10-30T18:23:22Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
For this meeting, we'll be gathering in room 204. Enter the the main Bryant & Stratton entrance door, go up the stairs and turn left down the hallway to room 204. There will also be a signs on the doors.<br />
<br />
'''November Meeting Details'''<br />
<br />
<b>Date: Monday, November 20, 2006, 6:00 PM</b><br />
<br />
<b>Duration: 1 hour 30 minutes</b><br />
<b>Intended audience: Technical, Technical Management</b><br />
<br />
<b>Presentation: Making Source Code Analysis Part of the Security Review Process</b>, by Matt Rose, Fortify Software.<br />
<br />
How do you know if your software applications are secure? Manual audits only cover a small percentage of the source code base and periodic checks only provide a snapshot in time. Source code analysis allows development organizations to manage software security by leveraging well-documented best practices that can be automated. This session will <br />
reveal how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. The session will describe the in's and out's of the technology, including its limitations and newly explored areas. Real life examples from actual engagements will be used throughout.<br />
<br />
<b>Due to limited space, we are requesting that you [mailto:fortifyrsvp@michaelstarks.com RSVP] by Novermber 13.</b><br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11272Rochester2006-10-30T18:18:26Z<p>Mstarks01: /* Participation */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site upates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
For this meeting, we'll be gathering in room 204. Enter the the main Bryant & Stratton entrance door, go up the stairs and turn left down the hallway to room 204. There will also be a signs on the doors.<br />
<br />
'''November Meeting Details'''<br />
<br />
<b>Date: Monday, November 20, 2006, 6:00 PM</b><br />
<br />
<b>Duration: 1 hour 30 minutes</b><br />
<b>Intended audience: Technical, Technical Management</b><br />
<br />
<b>Presentation: Making Source Code Analysis Part of the Security Review Process</b>, by Matt Rose, Fortify Software.<br />
<br />
How do you know if your software applications are secure? Manual audits only cover a small percentage of the source code base and periodic checks only provide a snapshot in time. Source code analysis allows development organizations to manage software security by leveraging well-documented best practices that can be automated. This session will <br />
reveal how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. The session will describe the in's and out's of the technology, including its limitations and newly explored areas. Real life examples from actual engagements will be used throughout.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11271Rochester2006-10-30T18:02:38Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-ny email archives] to see what folks have been talking about. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.<br />
<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
For this meeting, we'll be gathering in room 204. Enter the the main Bryant & Stratton entrance door, go up the stairs and turn left down the hallway to room 204. There will also be a signs on the doors.<br />
<br />
'''November Meeting Details'''<br />
<br />
<b>Date: Monday, November 20, 2006, 6:00 PM</b><br />
<br />
<b>Duration: 1 hour 30 minutes</b><br />
<b>Intended audience: Technical, Technical Management</b><br />
<br />
<b>Presentation: Making Source Code Analysis Part of the Security Review Process</b>, by Matt Rose, Fortify Software.<br />
<br />
How do you know if your software applications are secure? Manual audits only cover a small percentage of the source code base and periodic checks only provide a snapshot in time. Source code analysis allows development organizations to manage software security by leveraging well-documented best practices that can be automated. This session will <br />
reveal how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. The session will describe the in's and out's of the technology, including its limitations and newly explored areas. Real life examples from actual engagements will be used throughout.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11270Rochester2006-10-30T18:01:49Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-ny email archives] to see what folks have been talking about. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.<br />
<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
For this meeting, we'll be gathering in room 204. Enter the the main Bryant & Stratton entrance door, go up the stairs and turn left down the hallway to room 204. There will also be a signs on the doors.<br />
<br />
'''November Meeting Details'''<br />
<br />
<b>Date: Monday, November 20, 2006, 6:00 PM</b><br />
<br />
<b>Duration: 1 hour 30 minutes</b><br />
Intended audience: Technical, Technical Management<br />
<br />
<b>Presentation: Making Source Code Analysis Part of the Security Review Process</b>, by Matt Rose, Fortify Software.<br />
<br />
How do you know if your software applications are secure? Manual audits only cover a small percentage of the source code base and periodic checks only provide a snapshot in time. Source code analysis allows development organizations to manage software security by leveraging well-documented best practices that can be automated. This session will <br />
reveal how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. The session will describe the in's and out's of the technology, including its limitations and newly explored areas. Real life examples from actual engagements will be used throughout.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11265Rochester2006-10-30T17:48:37Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-ny email archives] to see what folks have been talking about. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.<br />
<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
For this meeting, we'll be gathering in room 204. Enter the the main Bryant & Stratton entrance door, go up the stairs and turn left down the hallway to room 204. There will also be a signs on the doors.<br />
<br />
'''November Meeting Details'''<br />
<br />
<b>Date: Monday, November 20, 2006, 6:00 PM</b><br />
<br />
<b>Duration: 1 hour 30 minutes</b><br />
<br />
<b>Presentation: Making Source Code Analysis Part of the Security Review Process</b>, by Matt Rose, Fortify Software.<br />
<br />
How do you know if your software applications are secure? Manual audits only cover a small percentage of the source code base and periodic checks only provide a snapshot in time. Source code analysis allows development organizations to manage software security by leveraging well-documented best practices that can be automated. This session will <br />
reveal how source code analysis can be a powerful tool for software security architects, developers and QA professionals by pinpointing security vulnerabilities throughout an entire code base as an integral part of the development cycle, or as part of software security audits in order to significantly improve application security. The session will describe the in's and out's of the technology, including its limitations and newly explored areas. Real life examples from actual engagements will be used throughout.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11262Rochester2006-10-30T17:26:27Z<p>Mstarks01: /* Past Presentations */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-ny email archives] to see what folks have been talking about. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.<br />
<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006, 6:00 PM</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b> Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=11261Rochester2006-10-30T17:09:53Z<p>Mstarks01: /* Local Officers */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-ny email archives] to see what folks have been talking about. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.<br />
<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006, 6:00 PM</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b> Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10373Rochester2006-10-10T02:40:30Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
Meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006, 6:00 PM</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b> Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10372Rochester2006-10-10T02:32:27Z<p>Mstarks01: /* Meeting Dates & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> Meetings are held the third Monday of every month, starting at 6:00 PM. <br />
<br />
<b>Location:</b> Bryant and Stratton Professional Skills Center, 1225 Jefferson Rd, Rochester, NY 14623 (near I-390)<br />
<br />
Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006, 6:00 PM</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b> Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10371Rochester2006-10-10T02:24:24Z<p>Mstarks01: </p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Dates & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton Professional Skills Center, 1225 Jefferson Rd, Rochester, NY 14623 (near I-390)<br />
<br />
Enter the plaza behind Bill Grays and Tulleys, near the Post Office. Enter the PSC (Professional Skills Center) door which is left of the main entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b> Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10370Rochester2006-10-10T02:21:35Z<p>Mstarks01: /* Meeting Times & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton Professional Skills Center, 1225 Jefferson Rd, Rochester, NY 14623 (near I-390)<br />
<br />
Enter the plaza behind Bill Grays and Tulleys, near the Post Office. Enter the PSC (Professional Skills Center) door which is left of the main entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b> Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10369Rochester2006-10-10T02:20:45Z<p>Mstarks01: /* Meeting Times & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton Professional Skills Center, 1225 Jefferson Rd, Rochester, NY 14623 (near I-390)<br />
<br />
Enter the plaza behind Bill Grays and Tulleys, near the Post Office. Enter the PSC (Professional Skills Center) door which is left of the main entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio:</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10368Rochester2006-10-10T02:20:14Z<p>Mstarks01: /* Meeting Times & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton Professional Skills Center, 1225 Jefferson Rd, Rochester, NY 14623 (near I-390)<br />
<br />
Enter the plaza behind Bill Grays and Tulleys, near the Post Office. Enter the PSC (Professional Skills Center) door which is left of the main entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Bio</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10367Rochester2006-10-10T02:18:11Z<p>Mstarks01: /* Meeting Times & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton Professional Skills Center, 1225 Jefferson Rd, Rochester, NY 14623 (near I-390)<br />
<br />
Enter the plaza behind Bill Grays and Tulleys, near the Post Office. Enter the PSC (Professional Skills Center) door which is left of the main entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10366Rochester2006-10-10T01:31:08Z<p>Mstarks01: </p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton College, 1225 Jefferson Rd, Rochester, NY (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10365Rochester2006-10-10T01:30:37Z<p>Mstarks01: </p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton College, 1225 Jefferson Rd, Rochester, NY (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10364Rochester2006-10-10T01:27:43Z<p>Mstarks01: /* Meeting Times & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. <br />
<br />
<b>Location:</b> Bryant and Stratton College, 1225 Jefferson Rd, Rochester, NY (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Date: Monday, October 16, 2006</b><br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10363Rochester2006-10-10T01:18:01Z<p>Mstarks01: /* Meeting Times & Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10359Rochester2006-10-10T00:32:49Z<p>Mstarks01: </p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
<br />
== Meeting Times & Location ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting Details'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
<br />
== Past Presentations ==<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10350Rochester2006-10-10T00:18:12Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
'''Past Presentations'''<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10348Rochester2006-10-10T00:17:38Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
'''Past Presentations'''<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of Sql Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10347Rochester2006-10-10T00:16:59Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
'''Past Presentations'''<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>January 2005</b> Intro to OWASP by Ralf Durkee. Demonstration of Sql Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10345Rochester2006-10-10T00:13:54Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.<br />
<br />
'''Past Presentations'''<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>January 2005</b> Access Control and Session Management, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>January 2005</b> Intro to OWASP by Ralf Durkee. Demonstration of Sql Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10330Rochester2006-10-09T23:32:03Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
'''October Meeting'''<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=10329Rochester2006-10-09T23:30:17Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
'''October Meeting'''<br />
<br />
Meetings are held the third Monday of every month. Our October meeting will be on Monday, October 16. The meeting location is Bryant and Stratton college, Jefferson Rd, near I-390. [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
<b>Presentation: The first of the OWASP top ten: unvalidated input</b>, by Steve Buck.<br />
<br />
At this meeting we will be discussing the first of the OWASP top ten list: unvalidated input. We will discuss the problems posed by not validating input on the server side. These problems include: forced browsing, command insertion, cross site scripting, buffer overflows, bypassing site security, format string attacks, SQL injection, cookie poisoning, and hidden field manipulation.<br />
<br />
We will cover how to determine if you are vulnerable to one of these attacks, and also how to protect yourself. We will also have a demo of some of these exploits in action. Finally, we will have an open discussion with any questions about the subject matter.<br />
<br />
<b>Biography</b><br />
<br />
Steve Buck is a consultant for Mindex Technologies. He has been working with various web technologies since 1996, involving everything from Perl and C CGIs to J2EE.<br />
<br />
Steve has experience as a UNIX system administrator instructor with a specialty in system security.</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=9895Rochester2006-09-23T00:47:30Z<p>Mstarks01: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
'''October Meeting'''<br />
<br />
Our October meeting will be at Bryant and Stratton on Jefferson Rd, near I-390.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
<b>Presentation:</b> The first of the OWASP top ten: Unvalidated Input, by Steve Buck. Details to follow.</div>Mstarks01https://wiki.owasp.org/index.php?title=Rochester&diff=9894Rochester2006-09-23T00:36:36Z<p>Mstarks01: /* Local Officers */</p>
<hr />
<div>{{Chapter Template|chaptername=Rochester|extra=The chapter leader is [mailto:rd@rd1.net Ralf Durkee]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny|emailarchives=http://lists.owasp.org/pipermail/owasp-rochester-ny}}<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Ralf Durkee<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary:</b> Steve Buck<br />
*<b>Web and Communications:</b> Michael Starks<br />
</ul><br />
<br />
== Local News ==<br />
<br />
'''Next Meeting, Monday, September 18, 2006'''<br />
<br />
Our next meeting will be Monday, September 18, 2006 at 6:00 PM at Bryant and Stratton on Jefferson Rd, near I-390.<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Map]<br />
<br />
<b>Presentation:</b> Securing Apache Web Applications with the Center for Internet Security consensus benchmark by Ralf Durkee<br />
<p><br />
We'll exam specific web application security threats and the configuration recommendations from the Center for Internet Security benchmark and for mod_security. We discuss why and when the controls are appropriate, and how they mitigate risks.<br />
<br><br />
<br><br />
<br />
<b>Bio:</b> Ralf Durkee has over 25 years of experience in Software Development, and Systems Administration and Network Security. Ralph provides security consulting for Web application security and PCI compliance for Rochester area businesses. He's also a local teacher for SANS GSEC Security, certified since 2000, a Certified Incident Handler & Hacker Techniques (GCIH), System and Network Auditor (GSNA) as well a CISSP certified instructor. He has worked as an independent consultant and trainer since 1996, and has served as lead for the development of<br />
several Center for Internet Security Unix/Linux/FreeBSD, BIND and Apache security benchmarks and score tools. He also developed a major portion of the Web Application Security for SANS LAMP track 615.</div>Mstarks01