OWASP - User contributions [en]

Minneapolis St Paul

2007-10-15T15:48:01Z

Robert.sullivan: /* Book Giveaway: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Fredrick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Fredrick Lee ==
Fredrick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: 
'''Securing Software through Static Analysis''' 
by Brian Chess and Jacob West. 
Thanks to Ray Kaplan for yet another book: 
'''SOA in Practice - The art of distributed system design'''
 by Nicolai Josuttis O'Reilly - 2007
 There will be a drawing for any books. You must be present but you do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-15T15:46:28Z

Robert.sullivan: /* Book Giveaway: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Fredrick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Fredrick Lee ==
Fredrick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: 
Securing Software through Static Analysis 
by Brian Chess and Jacob West. 
Thanks to Ray Kaplan for yet another book: 
SOA in Practice - The art of distributed system design
 by Nicolai Josuttis O'Reilly - 2007
 There will be a drawing for any books. You must be present but you do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-11T02:39:28Z

Robert.sullivan: /* Speaker Bios: Fredrick Lee */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Fredrick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Fredrick Lee ==
Fredrick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-11T02:38:13Z

Robert.sullivan: /* Agenda October 16 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Fredrick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Fredrick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-11T02:37:14Z

Robert.sullivan: /* Speaker Bios: Fredrick Lee */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Fredrick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:39:37Z

Robert.sullivan: /* Agenda October 16 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff) 
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Frederick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:38:34Z

Robert.sullivan: /* Upcoming Events: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Frederick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference 
Add your event here, Wiki registration is required. 
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:38:15Z

Robert.sullivan: /* Upcoming Events: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Frederick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference
Add your event here, Wiki registration is required.
Approval of a new Chapter Leader, the passing of the password.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:36:07Z

Robert.sullivan: /* Upcoming Events: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Frederick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference
Add your event here, Wiki registration is required.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:35:30Z

Robert.sullivan: /* Book Giveaway: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Frederick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Thanks to Fortify for supplying a copy of the new book: Securing Software through Static Analysis by Brian Chess and Jacob West. If you have an extra copy of a good security book please bring it. There will be a drawing for any books. You do not need to provide your contact information to win.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:30:20Z

Robert.sullivan: /* Speaker Bios */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios : Andre Gironda ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site.
== Speaker Bios: Frederick Lee ==
Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:28:58Z

Robert.sullivan: /* Speaker Bios */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)
6:20pm - Continuous Testing (Andre Gironda) 
7:05pm – Java Open Review OWASP project (Frederick Lee) 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis) 
7:55pm - Upcoming Events

=== Continuous Testing: Andre Gironda ===
Continuous testing presents methodologies and tools that developers,
quality engineers, and security professionals can all share and use
effectively to their own unique approach. The tools presented are
cross-discipline, meaning they can be utilized by a developer as a
development tool, by a qa-tester as a quality assurance tool, and by a
vulnerability assessor as a security assurance tool. Whether you're
trying to build better code faster, demonstrate the power of automated
testing using a data-driven test framework, or find security-related
defects - Continuous testing has something for you.
=== Java Open Review: OWASP & Fortify ===
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
- Evaluate which open source projects offer an acceptable level of security
- Compare competing open source software solutions based on their security
- Measure internal development efforts against open source counterparts

== Speaker Bios ==
Andre Gironda is an independent security researcher involved mostly in
web application security projects. His recent contributions include
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
local OWASP events on topics ranging from automated scanning tools to
problems with trusting the same-origin policy. Andre has worked for a
number of companies in security-qa-developer or network testing roles,
including labs deep within Cisco Systems and many years in an
operations role at a major online auction site

Frederick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.

Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.

== Location: ==

Metropolitan State University, Minneapolis
MEC Building, 2nd floor, Room M2800.

Check the .pdf map to see which building is the MEC building.
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.

== Directions: ==
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.

Map here:
http://www.metrostate.edu/bldgservices/location.html#mpls

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Upcoming Events: ==
OWASP Nov 12-15 at eBay in San Jose
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-10-06T03:25:47Z

Robert.sullivan: /* Agenda October 16 */

Minneapolis St Paul

2007-09-21T22:08:28Z

Robert.sullivan: /* Book Giveaway: */

Minneapolis St Paul

2007-09-21T21:46:55Z

Robert.sullivan: /* Agenda October 16 */

Minneapolis St Paul

2007-09-21T21:45:36Z

Robert.sullivan: /* Topic Speaker */

Minneapolis St Paul

2007-09-21T21:44:51Z

Robert.sullivan: /* Speaker Bios */

Minneapolis St Paul

2007-08-20T04:23:38Z

Robert.sullivan: /* Location: */

Minneapolis St Paul

2007-08-20T04:19:41Z

Robert.sullivan: /* Directions: */

Minneapolis St Paul

2007-08-20T04:18:48Z

Robert.sullivan: /* Location: */

Minneapolis St Paul

2007-08-20T04:11:28Z

Robert.sullivan:

Minneapolis St Paul

2007-08-20T04:10:58Z

Robert.sullivan: /* Speaker 1 */

Minneapolis St Paul

2007-08-20T04:10:01Z

Robert.sullivan: /* Agenda October 16 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda October 16 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - OWASP Topuc 
6:40pm – Web Security Topic, possibly a technology talk by a vendor 
7:15pm - Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information. 

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use. 

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007] 

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Milan, Italy. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

Google Map Directions [http://maps.google.com/maps?f=q&hl=en&q=2277+W+MN-36+Service+Rd,+St+Paul,+Ramsey,+Minnesota+55113,+United+States&sll=45.011356,-93.179512&sspn=0.009284,0.012918&ie=UTF8&cd=1&z=16&om=1 here]

*ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-08-20T04:07:49Z

Robert.sullivan: /* Local News */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm - Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information. 

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use. 

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007] 

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Milan, Italy. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

Google Map Directions [http://maps.google.com/maps?f=q&hl=en&q=2277+W+MN-36+Service+Rd,+St+Paul,+Ramsey,+Minnesota+55113,+United+States&sll=45.011356,-93.179512&sspn=0.009284,0.012918&ie=UTF8&cd=1&z=16&om=1 here]

*ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T04:10:02Z

Robert.sullivan: /* Gunnar Peterson Top Ten Web Services Security Issues */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm - Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information. 

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use. 

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007] 

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Milan, Italy. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

Google Map Directions [http://maps.google.com/maps?f=q&hl=en&q=2277+n+36+service+dr,+st+paul,+mn here]

*ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

OWASP Community

2007-06-14T04:05:05Z

Robert.sullivan: /* Events */

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''June 26 (11:30hr) - [[Austin|Austin chapter meeting]]''' - Running Web Application Scans

'''June 22 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''June 21 (19:00h) - [[Denver]]''' - Anti-DNS Pinning Attacks / Calculating Return on Security Investment (ROSI)

'''June 19 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''June 15 (17:00hr) - [[Spain|Spain chapter meeting]]'''

'''June 13 (18:30hr) - [[Kansas City|Kansas City chapter meeting]]'''

'''June 12 (18:00hr) - [[New York|NY/NJ Metro chapter meeting]]'''

'''Jun 5 (19:00h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Jun 5 (17:30h) - [[Houston | Houston Chapter Meeting]]'''

'''May 29 (9:00h) - [[http://www.owasp.org/index.php/Italy#May_29th.2C_2007_-_Seminar:_.22Software_Security.22 Italy@Firenze Tecnologia]]'''

'''May 29 (11:30h) - [[Austin | Austin Chapter Meeting]]''' - Bullet Proof UI - A programmer's guide to the complete idiot".

'''May 29 (18:00h) - [[Ottawa | Ottawa Chapter Meeting]]'''

'''May 22 (18:30h) - [[New Zealand|1st New Zealand chapter Meeting]]'''

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 6 (11:00h) - [[Turkey|Turkey chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (11:00h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 24 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 18 (17:00h) - [[San Francisco City Chapter Meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

OWASP Community

2007-06-14T04:02:55Z

Robert.sullivan: /* Events */

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''June 26 (11:30hr) - [[Austin|Austin chapter meeting]]''' - Running Web Application Scans

'''June 22 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''June 21 (19:00h) - [[Denver]]''' - Anti-DNS Pinning Attacks / Calculating Return on Security Investment (ROSI)

'''June 19 (18:00h) - [[Minneapolis St Paul - Top 10 and Web Services Top 10]]'''

'''June 15 (17:00hr) - [[Spain|Spain chapter meeting]]'''

'''June 13 (18:30hr) - [[Kansas City|Kansas City chapter meeting]]'''

'''June 12 (18:00hr) - [[New York|NY/NJ Metro chapter meeting]]'''

'''Jun 5 (19:00h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Jun 5 (17:30h) - [[Houston | Houston Chapter Meeting]]'''

'''May 29 (9:00h) - [[http://www.owasp.org/index.php/Italy#May_29th.2C_2007_-_Seminar:_.22Software_Security.22 Italy@Firenze Tecnologia]]'''

'''May 29 (11:30h) - [[Austin | Austin Chapter Meeting]]''' - Bullet Proof UI - A programmer's guide to the complete idiot".

'''May 29 (18:00h) - [[Ottawa | Ottawa Chapter Meeting]]'''

'''May 22 (18:30h) - [[New Zealand|1st New Zealand chapter Meeting]]'''

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 6 (11:00h) - [[Turkey|Turkey chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (11:00h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 24 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 18 (17:00h) - [[San Francisco City Chapter Meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

OWASP Community

2007-06-14T04:00:08Z

Robert.sullivan: /* Events */

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''June 26 (11:30hr) - [[Austin|Austin chapter meeting]]''' - Running Web Application Scans

'''June 22 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''June 21 (19:00h) - [[Denver]]''' - Anti-DNS Pinning Attacks / Calculating Return on Security Investment (ROSI)
'''June 19 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''June 15 (17:00hr) - [[Spain|Spain chapter meeting]]'''

'''June 13 (18:30hr) - [[Kansas City|Kansas City chapter meeting]]'''

'''June 12 (18:00hr) - [[New York|NY/NJ Metro chapter meeting]]'''

'''Jun 5 (19:00h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Jun 5 (17:30h) - [[Houston | Houston Chapter Meeting]]'''

'''May 29 (9:00h) - [[http://www.owasp.org/index.php/Italy#May_29th.2C_2007_-_Seminar:_.22Software_Security.22 Italy@Firenze Tecnologia]]'''

'''May 29 (11:30h) - [[Austin | Austin Chapter Meeting]]''' - Bullet Proof UI - A programmer's guide to the complete idiot".

'''May 29 (18:00h) - [[Ottawa | Ottawa Chapter Meeting]]'''

'''May 22 (18:30h) - [[New Zealand|1st New Zealand chapter Meeting]]'''

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 6 (11:00h) - [[Turkey|Turkey chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (11:00h) - [[San Antonio|San Antonio chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 24 (18:00h) - [[Minneapolis St Paul|Minneapolis St Paul chapter meeting]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 18 (17:00h) - [[San Francisco City Chapter Meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

Minneapolis St Paul

2007-06-14T03:47:06Z

Robert.sullivan: /* Agenda June 19 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm - Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information. 

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use. 

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007] 

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Madrid. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

Google Map Directions [http://maps.google.com/maps?f=q&hl=en&q=2277+n+36+service+dr,+st+paul,+mn here]

*ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T03:40:53Z

Robert.sullivan: /* Directions: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information. 

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use. 

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007] 

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Madrid. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

Google Map Directions [http://maps.google.com/maps?f=q&hl=en&q=2277+n+36+service+dr,+st+paul,+mn here]

*ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T03:32:14Z

Robert.sullivan: /* Sam Buchanan OWASP Top 10 2007 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information. 

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use. 

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007] 

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Madrid. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T03:31:31Z

Robert.sullivan: /* Gunnar Peterson Top Ten Web Services Security Issues */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information.

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use.

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007]

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Gunnar Peterson Top Ten Web Services Security Issues ===
Gunnar has compiled a list of ten Web Services security issues. This comes from his recent, practical experience and feedback from students that have attended his Web Services Security seminars. This session will give you practical advice and a clear sense of which issues are the most important. 

Gunnar has also just returned from OWASP Helsinki and the OWASP Conference in Madrid. This is a great chance to find out what is happening in web security in Europe. 

Gunnar Peterson is a Managing Principal at Arctec Group.
He is Editor for the "Build Security In" software security column for IEEE Security & Privacy Journal. Gunnar is a primary and contributing author for DHS/CERT Build Security In portal on Web Services Security, Identity, and Risk Management. He is also the Project Lead for the OWASP XML Security Gateway Evaluation Criteria Project. Gunnar is an Associate Editor for Information Security Bulletin and a Contributor to the Web Application Firewall Evaluation Criteria.

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T03:26:12Z

Robert.sullivan: /* Sam Buchanan OWASP Top 10 2007 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information.

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use.

The Top 10 can be found here:
[http://www.owasp.org/index.php/Top_10_2007]

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T03:25:28Z

Robert.sullivan: /* Sam Buchanan OWASP Top 10 for 2007 */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda June 19 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits. 
6:10pm - "OWASP Top 10” (Sam Buchanan) 
6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson) 
7:15pm Book Review (any volunteers?) 
7:30pm - Book Giveaway: (we still need one) 
7:35pm - Upcoming Events

== Speaker Bios ==
=== Sam Buchanan OWASP Top 10 2007 ===
OWASP Top Ten 2007
This totally re-written edition lists the most serious web application vulnerabilities, discusses how to protect against them, and provides links to more information.

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.
Sam has been using the OWASP Top 10 as a training and awareness tool in his organization. Join us to find out how you can put it to use.

The Top 10 can be found here:
[[http://www.owasp.org/index.php/Top_10_2007]]

Sam Buchanan is a Web Application Developer for Minnesota State Colleges & Universities (MNSCU). He has presented the OWASP Top 10 before and is a charter member of the Twin Cities Chapter.

===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-06-14T03:22:36Z

Robert.sullivan: /* Agenda June 19 */

Minneapolis St Paul

2007-06-14T03:21:54Z

Robert.sullivan: /* Agenda June 19 */

Minneapolis St Paul

2007-06-14T03:21:29Z

Robert.sullivan: /* Agenda June 19 */

Minneapolis St Paul

2007-06-14T03:20:34Z

Robert.sullivan: /* Agenda April 24 */

Minneapolis St Paul

2007-06-14T03:19:02Z

Robert.sullivan: /* Local News */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, June 19, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda April 24 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Update on OWASP project (your name here)

6:20pm - "Why We Make Bad Security Choices, The Psychology of Security" (Joe Teff)

7:10pm - "OWASP XML Security Gateway Evaluation Criteria" (Muthu Meyyappan)

7:30pm - Book Review "Hacker's Challenge 3", (Bob S., all)

7:45pm - Book Giveaway: Building SOAs with Windows Communication Foundation

7:57pm - Upcoming Events: Secure 360 May 17-18 St. Paul

== Speaker Bios ==
=== Joe Teff The Psychology of Security ===
Joe Teff is a security group manager at Wells Fargo and a charter member of OWASP-Twin Cities. His knowledge and experience cover a broad range of security domains.

"The Psychology of Security"
Can you duck out of the way of an oncoming baseball?
Do you have the ability to duck that which is not yet coming?
Does your instinct ever conflict with your reasoning?
Are you equally willing to risk a loss of $100 as a gain of $100?

Joe will discuss this topic based on a recent draft article by Bruce Schneier.
===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-04-23T03:25:46Z

Robert.sullivan: /* Location: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, April 24, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda April 24 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Update on OWASP project (your name here)

6:20pm - "Why We Make Bad Security Choices, The Psychology of Security" (Joe Teff)

7:10pm - "OWASP XML Security Gateway Evaluation Criteria" (Muthu Meyyappan)

7:30pm - Book Review "Hacker's Challenge 3", (Bob S., all)

7:45pm - Book Giveaway: Building SOAs with Windows Communication Foundation

7:57pm - Upcoming Events: Secure 360 May 17-18 St. Paul

== Speaker Bios ==
=== Joe Teff The Psychology of Security ===
Joe Teff is a security group manager at Wells Fargo and a charter member of OWASP-Twin Cities. His knowledge and experience cover a broad range of security domains.

"The Psychology of Security"
Can you duck out of the way of an oncoming baseball?
Do you have the ability to duck that which is not yet coming?
Does your instinct ever conflict with your reasoning?
Are you equally willing to risk a loss of $100 as a gain of $100?

Joe will discuss this topic based on a recent draft article by Bruce Schneier.
===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
Roseville, MN

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-04-23T03:24:56Z

Robert.sullivan: /* Directions: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, April 24, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda April 24 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Update on OWASP project (your name here)

6:20pm - "Why We Make Bad Security Choices, The Psychology of Security" (Joe Teff)

7:10pm - "OWASP XML Security Gateway Evaluation Criteria" (Muthu Meyyappan)

7:30pm - Book Review "Hacker's Challenge 3", (Bob S., all)

7:45pm - Book Giveaway: Building SOAs with Windows Communication Foundation

7:57pm - Upcoming Events: Secure 360 May 17-18 St. Paul

== Speaker Bios ==
=== Joe Teff The Psychology of Security ===
Joe Teff is a security group manager at Wells Fargo and a charter member of OWASP-Twin Cities. His knowledge and experience cover a broad range of security domains.

"The Psychology of Security"
Can you duck out of the way of an oncoming baseball?
Do you have the ability to duck that which is not yet coming?
Does your instinct ever conflict with your reasoning?
Are you equally willing to risk a loss of $100 as a gain of $100?

Joe will discuss this topic based on a recent draft article by Bruce Schneier.
===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
This very close to where 280 meets Hwy 36 in Roseville. The reminder notice will have more detailed instructions.

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1 here]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-04-23T03:22:49Z

Robert.sullivan: /* Directions: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, April 24, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda April 24 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Update on OWASP project (your name here)

6:20pm - "Why We Make Bad Security Choices, The Psychology of Security" (Joe Teff)

7:10pm - "OWASP XML Security Gateway Evaluation Criteria" (Muthu Meyyappan)

7:30pm - Book Review "Hacker's Challenge 3", (Bob S., all)

7:45pm - Book Giveaway: Building SOAs with Windows Communication Foundation

7:57pm - Upcoming Events: Secure 360 May 17-18 St. Paul

== Speaker Bios ==
=== Joe Teff The Psychology of Security ===
Joe Teff is a security group manager at Wells Fargo and a charter member of OWASP-Twin Cities. His knowledge and experience cover a broad range of security domains.

"The Psychology of Security"
Can you duck out of the way of an oncoming baseball?
Do you have the ability to duck that which is not yet coming?
Does your instinct ever conflict with your reasoning?
Are you equally willing to risk a loss of $100 as a gain of $100?

Joe will discuss this topic based on a recent draft article by Bruce Schneier.
===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
This very close to where 280 meets Hwy 36 in Roseville. The reminder notice will have more detailed instructions.

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1]

*EASY ACCESS FROM THE NORTH:
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn Right on Highway 36 Frontage Road to Property.

*EASY ACCESS FROM THE SOUTH
# Take 94 NORTH to Highway 280
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage to the property.

*EASY ACCESS FROM THE EAST:
# Take Highway 36 to I-35W North
# Exit I-35 at Country Road C.
# Go WEST on County Road C to Long Lake Road
# Turn LEFT on Long Lake Road to Highway 36 Frontage Road
# Turn RIGHT on Highway 36 Frontage Road to Property

*EASY ACCESS FROM THE WEST:
# Take I-35W to the Industrial Blvd exit.
# Turn RIGHT onto Industrial Blvd.
# Turn LEFT onto Broadway.
# Turn LEFT on Highway 280.
# Take Highway 280 to Terminal Road exit (left lane).
# Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-04-23T03:14:38Z

Robert.sullivan: /* Directions: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, April 24, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda April 24 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Update on OWASP project (your name here)

6:20pm - "Why We Make Bad Security Choices, The Psychology of Security" (Joe Teff)

7:10pm - "OWASP XML Security Gateway Evaluation Criteria" (Muthu Meyyappan)

7:30pm - Book Review "Hacker's Challenge 3", (Bob S., all)

7:45pm - Book Giveaway: Building SOAs with Windows Communication Foundation

7:57pm - Upcoming Events: Secure 360 May 17-18 St. Paul

== Speaker Bios ==
=== Joe Teff The Psychology of Security ===
Joe Teff is a security group manager at Wells Fargo and a charter member of OWASP-Twin Cities. His knowledge and experience cover a broad range of security domains.

"The Psychology of Security"
Can you duck out of the way of an oncoming baseball?
Do you have the ability to duck that which is not yet coming?
Does your instinct ever conflict with your reasoning?
Are you equally willing to risk a loss of $100 as a gain of $100?

Joe will discuss this topic based on a recent draft article by Bruce Schneier.
===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
This very close to where 280 meets Hwy 36 in Roseville. The reminder notice will have more detailed instructions.

== Directions: ==
Mapquest Directions [http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1]

EASY ACCESS FROM THE NORTH:
1. Exit I-35 at Country Road C.
2. Go WEST on County Road C to Long Lake Road
3. Turn LEFT on Long Lake Road to Highway 36 Frontage Road
4. Turn Right on Highway 36 Frontage Road to Property.

EASY ACCESS FROM THE SOUTH
1. Take 94 NORTH to Highway 280
2. Take Highway 280 to Terminal Road exit (left lane).
3. Turn RIGHT onto Highway 36 Frontage to the property.

EASY ACCESS FROM THE EAST:
1. Take Highway 36 to I-35W North
2. Exit I-35 at Country Road C.
3. Go WEST on County Road C to Long Lake Road
4. Turn LEFT on Long Lake Road to Highway 36 Frontage Road
5. Turn RIGHT on Highway 36 Frontage Road to Property

EASY ACCESS FROM THE WEST:
1. Take I-35W to the Industrial Blvd exit.
2. Turn RIGHT onto Industrial Blvd.
3. Turn LEFT onto Broadway.
4. Turn LEFT on Highway 280.
5. Take Highway 280 to Terminal Road exit (left lane).
6. Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-04-23T03:12:49Z

Robert.sullivan: /* Directions: */

{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Robert Sullivan |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}

== Local News ==

'''Next meeting: Tuesday, April 24, 6:00pm at Integral Business Solutions, Roseville'''

== Agenda April 24 ==
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Update on OWASP project (your name here)

6:20pm - "Why We Make Bad Security Choices, The Psychology of Security" (Joe Teff)

7:10pm - "OWASP XML Security Gateway Evaluation Criteria" (Muthu Meyyappan)

7:30pm - Book Review "Hacker's Challenge 3", (Bob S., all)

7:45pm - Book Giveaway: Building SOAs with Windows Communication Foundation

7:57pm - Upcoming Events: Secure 360 May 17-18 St. Paul

== Speaker Bios ==
=== Joe Teff The Psychology of Security ===
Joe Teff is a security group manager at Wells Fargo and a charter member of OWASP-Twin Cities. His knowledge and experience cover a broad range of security domains.

"The Psychology of Security"
Can you duck out of the way of an oncoming baseball?
Do you have the ability to duck that which is not yet coming?
Does your instinct ever conflict with your reasoning?
Are you equally willing to risk a loss of $100 as a gain of $100?

Joe will discuss this topic based on a recent draft article by Bruce Schneier.
===Muthu Meyyappan XML===
Muthu Meyyappan is a Sr. Application Security Architect at United Healthcare

He will describe a new OWASP Project: XML Security Gateway Evaluation Criteria Project

This OWASP Project defines an open standard for evaluating XML Security Gateways. This criteria will provide the OWASP community a set of standard evaluation criteria to assess the functionality and quality of XML Security Gateways. The main driver for this project is to reduce the confusion and complexity in assessing the strengths and weaknesses of solutions in this the XML Security space, and enlightening the community as to the utility of XML Security Gateways to deliver a number of valuable security services.

The project page is here:
http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project

== Location: ==

Integral Business Solutions
Note: this is a new location
2277 Highway 36 West, Suite 160.
This very close to where 280 meets Hwy 36 in Roseville. The reminder notice will have more detailed instructions.

== Directions: ==
Mapquest Directions here:
http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1

EASY ACCESS FROM THE NORTH:
1. Exit I-35 at Country Road C.
2. Go WEST on County Road C to Long Lake Road
3. Turn LEFT on Long Lake Road to Highway 36 Frontage Road
4. Turn Right on Highway 36 Frontage Road to Property.

EASY ACCESS FROM THE SOUTH
1. Take 94 NORTH to Highway 280
2. Take Highway 280 to Terminal Road exit (left lane).
3. Turn RIGHT onto Highway 36 Frontage to the property.

EASY ACCESS FROM THE EAST:
1. Take Highway 36 to I-35W North
2. Exit I-35 at Country Road C.
3. Go WEST on County Road C to Long Lake Road
4. Turn LEFT on Long Lake Road to Highway 36 Frontage Road
5. Turn RIGHT on Highway 36 Frontage Road to Property

EASY ACCESS FROM THE WEST:
1. Take I-35W to the Industrial Blvd exit.
2. Turn RIGHT onto Industrial Blvd.
3. Turn LEFT onto Broadway.
4. Turn LEFT on Highway 280.
5. Take Highway 280 to Terminal Road exit (left lane).
6. Turn RIGHT onto Highway 36 Frontage Road to the property.

== Book Giveaway: ==

Please bring a copy of a good security book that you can contribute. There will be a drawing for any books.

== Food: ==

The food is provided by Integral Business Solutions. Bring an appetite.

[[Category:OWASP Chapter]]

Minneapolis St Paul

2007-04-23T02:49:02Z

Robert.sullivan: /* XML Muthu Meyyappan */

Minneapolis St Paul

2007-04-23T02:48:28Z

Robert.sullivan: /* XML Muthu Meyyappan ===================== */

Minneapolis St Paul

2007-04-23T02:47:58Z

Robert.sullivan: /* Speaker Bios */

Minneapolis St Paul

2007-04-23T02:46:41Z

Robert.sullivan: /* == */

Lesson Plans

2007-04-21T08:09:04Z

Robert.sullivan:

[[WebGoat User Guide Table of Contents]]
__TOC__

The lesson plans included WebGoat 5.0 (1/31/07) include:
{| border=1
|-
|| General || HTTP Basics
|-
|| || HTTP Splitting and Cache Poisining
|-
|| || How to Exploit Thread Safety Problems
|-
|| || How to add a new WebGoat lesson
|-
|| Code Quality || How to Discover Clues in the HTML
|-
|| Unvalidated Parameters || How to Exploit Hidden Fields
|-
|| || How to Exploit Unchecked Email
|-
|| || How to Bypass Client Side JavaScript Validation
|-
|| Broken Access Control || Using an Access Control Matrix
|-
|| || How to Bypass a Path Based Access Control Scheme
|-
|| || How to Perform Cross Site Request Forgery (CSRF)
|-
|| || LAB: Role based Access Control
|-
|| || Remote Admin Access
|-
|| Broken Authentication || Forgot Password
|-
|| || How to Spoof an Authentication Cookie
|-
|| || How to Hijack a Session
|-
|| || Basic Authentication
|-
|| Cross Site Scripting (Xss) || LAB: Cross Site Scripting
|-
|| || How to Perform Stored Cross Site Scripting (XSS)
|-
|| || How to Perform Reflected Cross Site Scripting (XSS)
|-
|| || HTTPOnly Test
|-
|| || How to Perform Cross Site Tracing (XST) Attacks
|-
|| Buffer Overflows || Buffer Overflow
|-
|| Injection Flaws || How to Perform Command Injection
|-
|| || How to Perform Blind SQL Injection
|-
|| || How to Perform Numeric SQL Injection
|-
|| || How to Perform Log Spoofing
|-
|| || How to Perform XPATH Injection
|-
|| || How to Perform String SQL Injection
|-
|| || LAB: SQL Injection
|-
|| || How to Use Database Backdoors
|-
|| Improper Error Handling || How to Bypass a Fail Open Authentication Scheme
|-
|| Insecure Storage || Encoding Basics
|-
|| Denial of Service || Denial of Service From Multiple Logins
|-
|| Insecure Configuration Management || Forced Browsing
|-
|| Web Services || How to Create a SOAP Request
|-
|| || WSDL Scanning
|-
|| || Web Service SAX Injection
|-
|| || Web Service SQL Injection
|-
|| AJAX Security || DOM Injection
|-
|| || XML Injection
|-
|| || JSON Injection
|-
|| || Silent Transactions Attacks
|-
|| Challenge || The Challenge
|-

|-
|}

For each lesson within WebGoat, an overview and objectives are provided. These are accessed through the ''Show Lesson Plan'' button.

[[Image:WebGoat Show Lesson Plan.gif|Figure 3: Show Lesson Plan]]

These lesson plans describe the operation of each aspect of the target application, the areas of interest relating to the security assessment and the type of attack that should be attempted.

[[WebGoat User Guide Table of Contents]]
[[Category:OWASP WebGoat Project]]

Proxy Utilization

2007-04-21T07:24:12Z

Robert.sullivan:

[[WebGoat User Guide Table of Contents]]__TOC__

The features within WebGoat for revealing the workings of the application also need to be supplemented with the assessor’s application assessment proxy of choice.

This enables further analysis and modification of the client-server interaction, and data in transit.

Use and configuration will be unique to each tool, but the basic concepts are as follows:
* The application assessment proxy must sit ''between'' the client browser and the remote server.
* It should allow the display and modification of all HTTP data in transit.

Typically, the tool will either plug directly into the browser, or listen on another local port. When it plugs in directly, a special URL may need to be entered in the browser. When the tool listens on a port, the browser will probably need to be configured to use the proxy. In Microsoft Internet Explorer this can be done from the tool menu by choosing:
# Choose the “Tools/Internet Options” menu item.
# Choose the “Connections” tab
# Hit the “LAN Settings…” button.
# On the Local Area Network Settings dialog check the Proxy server checkbox.
# Uncheck the “bypass proxy server” box
# Enter the address and port where the proxy tool will be listening. The default listening port for WebScarab is 8008.

[[Image:WebGoat LAN Settings.gif |Figure 7: LAN Settings]]

Now, when receiving or sending data from the client browser it is possible to intercept, analyze and modify HTTP requests to test the application for security flaws in the target.

For a tutorial on setting up and running WebScarab see: http://www.owasp.org/index.php/WebScarab_Tutorial

* In using proxies of this kind, a number of capabilities become available to the assessor, including:
* All GET/POST parameters are available for modification, regardless of their hidden status
* Cookies, both persistent and non-persistent may be modified when entering or leaving the browser
* All client-side data validation can be bypassed, as the parameters can be modified immediately before being sent to the server
* Information regarding the caching of data (e.g. Pragma: no-cache) is exposed for analysis
* Server: and other headers are revealed, which may be useful for enumeration of the remote web-server and application-server technologies

[[WebGoat User Guide Table of Contents]]
[[Category:OWASP WebGoat Project]]