https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Sir+WOWASP - User contributions [en]2026-05-13T12:52:54ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Rochester&diff=135611Rochester2012-09-10T17:36:48Z<p>Sir W: Removed Andrea from the local officers</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Mozilla's Content Security Policy Presentation ==<br />
<br />
Here is a copy of a presentation on Mozilla's Content Security Policy which was presented originally at the Rochester Security Summit 2011 and updated for Mercury Networks Security Summit 2012 by Lou Leone<br />
<br />
[[Media:2012 CSP.pptx]]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> Vacant<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> Vacant<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>Mercury Networks Security Symposium May 2012</b> I'll see your cross site scripting and raise you a Content Security Policy by Lou Leone [[Media:https://www.owasp.org/images/9/95/2012_CSP.pptx|PPTX]]<br />
<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=129044Rochester2012-05-04T16:19:42Z<p>Sir W: /* Meeting Dates & Location */</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>Mercury Networks Security Symposium May 2012</b> I'll see your cross site scripting and raise you a Content Security Policy by Lou Leone [[Media:https://www.owasp.org/images/9/95/2012_CSP.pptx|PPTX]]<br />
<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=129043Rochester2012-05-04T16:19:02Z<p>Sir W: Added Lou's presentation at Mercury Networks Security Symposium</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''OWASP at Mercury Network Security Symposium'''<br />
<br />
OWASP will be at the [http://mercurynetworkssecurity.com Mercury Networks Security Symposium] again this year. Come visit us at the <b>[http://maps.google.com/maps?q=Doubletree+Hotel+Rochester,+1111+Jefferson+Road,+Rochester,+NY&hl=en&sll=43.086364,-77.607272&sspn=0.014449,0.018089&oq=Doubletree+hotel+1111+jef&hq=Doubletree+Hotel&hnear=1111+Jefferson+Rd,+Rochester,+New+York+14623&t=m&z=17 Doubletree Hotel, Rochester, NY] on May 3rd, from 7:45am to 12:30pm</b>.<br />
<br />
Our chapter evangelist, Lou Leone, will also give a technical presentation at 8:30: "I'll see your cross site scripting and raise you a Content Security Policy"<br />
<br />
The event is free for IT Professional. Please register for the event at [http://mercurynetworkssecurity.com/Register.html http://mercurynetworkssecurity.com/Register.html]<br />
<br />
See you there!<br />
<br />
'''March Meeting'''<br />
<br />
<b>What:</b> Joint ISSA and OWASP meeting - De-Anonymizing Anonymous<br />
<br />
<b>When:</b> Thursday, March 29th at 5:30pm<br />
<br />
<b>Location:</b> Nixon Peabody LLP - 1300 Clinton Square, Susan B. Anthony 14th Floor Conference Room - Rochester, NY 14604<br />
<br />
<b>Abstract:</b> What do you see when you take the Guy Fawkes mask off? In 2011, Imperva managed to witness an assault by hacktivist group Anonymous including the use of social media for communications and, most importantly, their attack methods. Since Anonymous' targets are highly variable, anyone can fall victim and security professionals need to know how to prepare.<br />
<br />
This talk will give a walk-through the key stages of an Anonymous campaign:<br />
<br />
* Recruitment and communication: We show how Anonymous leverages social networks to recruit its members and pick a target.<br />
* Application attack: We detail and sequence the steps Anonymous hackers deploy to take data and bring down websites.<br />
* DDoS: In this final stage, we shed light on the DDoS techniques deployed to take down websites.<br />
<br />
Finally, we recommend key mitigation steps that organizations need to take if they ever become a target.<br />
<br />
<b>Speaker:</b> Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa also writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva's Application Defense Center. She holds a MSc degree (specializing in information security) from Tel-Aviv University.<br />
<br />
<b>Please RSVP to [mailto:info@rocissa.org info@rocissa.org] by Friday, March 23 so we can get a headcount.</b><br />
<br />
<b>Directions:</b> <br />
<br />
From the East:<br />
<br />
* Take I-490 west towards Rochester<br />
* Take the Clinton Avenue exit<br />
* Clinton Square Building is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, passing Clinton Square Building on the left<br />
* Entrance to parking garage is on left just after Broad Street<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
From the West:<br />
<br />
* Take I-490 East towards Rochester<br />
* Stay in the right lane to cross the Troup-Howell bridge. Take exit 15 for South Ave./Rte. 15<br />
* Turn left at 2nd light<br />
* Turn left at light onto Clinton<br />
* Stay in second lane from the left<br />
* Clinton Square Building (corner of Clinton & Broad) is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, pass Clinton Square Building on the left, and take first driveway on left to enter Clinton Square Parking garage<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>Mercury Networks Security Symposium May 2012</b> I'll see your cross site scripting and raise you a Content Security Policy by Lou Leone [[Media:https://www.owasp.org/images/9/95/2012_CSP.pptx|PPTX]]<br />
<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=File:2012_CSP.pptx&diff=129040File:2012 CSP.pptx2012-05-04T16:14:50Z<p>Sir W: "I'll see your cross site scripting and raise you a Content Security Policy" by Lou Leone</p>
<hr />
<div>"I'll see your cross site scripting and raise you a Content Security Policy" by Lou Leone</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=128460Rochester2012-04-23T17:56:36Z<p>Sir W: Added Mercury Networks Security Symposium</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''OWASP at Mercury Network Security Symposium'''<br />
<br />
OWASP will be at the [http://mercurynetworkssecurity.com Mercury Networks Security Symposium] again this year. Come visit us at the <b>[http://maps.google.com/maps?q=Doubletree+Hotel+Rochester,+1111+Jefferson+Road,+Rochester,+NY&hl=en&sll=43.086364,-77.607272&sspn=0.014449,0.018089&oq=Doubletree+hotel+1111+jef&hq=Doubletree+Hotel&hnear=1111+Jefferson+Rd,+Rochester,+New+York+14623&t=m&z=17 Doubletree Hotel, Rochester, NY] on May 3rd, from 7:45am to 12:30pm</b>.<br />
<br />
Our chapter evangelist, Lou Leone, will also give a technical presentation at 8:30: "I'll see your cross site scripting and raise you a Content Security Policy"<br />
<br />
The event is free for IT Professional. Please register for the event at [http://mercurynetworkssecurity.com/Register.html http://mercurynetworkssecurity.com/Register.html]<br />
<br />
See you there!<br />
<br />
'''March Meeting'''<br />
<br />
<b>What:</b> Joint ISSA and OWASP meeting - De-Anonymizing Anonymous<br />
<br />
<b>When:</b> Thursday, March 29th at 5:30pm<br />
<br />
<b>Location:</b> Nixon Peabody LLP - 1300 Clinton Square, Susan B. Anthony 14th Floor Conference Room - Rochester, NY 14604<br />
<br />
<b>Abstract:</b> What do you see when you take the Guy Fawkes mask off? In 2011, Imperva managed to witness an assault by hacktivist group Anonymous including the use of social media for communications and, most importantly, their attack methods. Since Anonymous' targets are highly variable, anyone can fall victim and security professionals need to know how to prepare.<br />
<br />
This talk will give a walk-through the key stages of an Anonymous campaign:<br />
<br />
* Recruitment and communication: We show how Anonymous leverages social networks to recruit its members and pick a target.<br />
* Application attack: We detail and sequence the steps Anonymous hackers deploy to take data and bring down websites.<br />
* DDoS: In this final stage, we shed light on the DDoS techniques deployed to take down websites.<br />
<br />
Finally, we recommend key mitigation steps that organizations need to take if they ever become a target.<br />
<br />
<b>Speaker:</b> Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa also writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva's Application Defense Center. She holds a MSc degree (specializing in information security) from Tel-Aviv University.<br />
<br />
<b>Please RSVP to [mailto:info@rocissa.org info@rocissa.org] by Friday, March 23 so we can get a headcount.</b><br />
<br />
<b>Directions:</b> <br />
<br />
From the East:<br />
<br />
* Take I-490 west towards Rochester<br />
* Take the Clinton Avenue exit<br />
* Clinton Square Building is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, passing Clinton Square Building on the left<br />
* Entrance to parking garage is on left just after Broad Street<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
From the West:<br />
<br />
* Take I-490 East towards Rochester<br />
* Stay in the right lane to cross the Troup-Howell bridge. Take exit 15 for South Ave./Rte. 15<br />
* Turn left at 2nd light<br />
* Turn left at light onto Clinton<br />
* Stay in second lane from the left<br />
* Clinton Square Building (corner of Clinton & Broad) is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, pass Clinton Square Building on the left, and take first driveway on left to enter Clinton Square Parking garage<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=127688Rochester2012-04-10T21:06:52Z<p>Sir W: Removed survey</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting'''<br />
<br />
<b>What:</b> Joint ISSA and OWASP meeting - De-Anonymizing Anonymous<br />
<br />
<b>When:</b> Thursday, March 29th at 5:30pm<br />
<br />
<b>Location:</b> Nixon Peabody LLP - 1300 Clinton Square, Susan B. Anthony 14th Floor Conference Room - Rochester, NY 14604<br />
<br />
<b>Abstract:</b> What do you see when you take the Guy Fawkes mask off? In 2011, Imperva managed to witness an assault by hacktivist group Anonymous including the use of social media for communications and, most importantly, their attack methods. Since Anonymous' targets are highly variable, anyone can fall victim and security professionals need to know how to prepare.<br />
<br />
This talk will give a walk-through the key stages of an Anonymous campaign:<br />
<br />
* Recruitment and communication: We show how Anonymous leverages social networks to recruit its members and pick a target.<br />
* Application attack: We detail and sequence the steps Anonymous hackers deploy to take data and bring down websites.<br />
* DDoS: In this final stage, we shed light on the DDoS techniques deployed to take down websites.<br />
<br />
Finally, we recommend key mitigation steps that organizations need to take if they ever become a target.<br />
<br />
<b>Speaker:</b> Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa also writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva's Application Defense Center. She holds a MSc degree (specializing in information security) from Tel-Aviv University.<br />
<br />
<b>Please RSVP to [mailto:info@rocissa.org info@rocissa.org] by Friday, March 23 so we can get a headcount.</b><br />
<br />
<b>Directions:</b> <br />
<br />
From the East:<br />
<br />
* Take I-490 west towards Rochester<br />
* Take the Clinton Avenue exit<br />
* Clinton Square Building is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, passing Clinton Square Building on the left<br />
* Entrance to parking garage is on left just after Broad Street<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
From the West:<br />
<br />
* Take I-490 East towards Rochester<br />
* Stay in the right lane to cross the Troup-Howell bridge. Take exit 15 for South Ave./Rte. 15<br />
* Turn left at 2nd light<br />
* Turn left at light onto Clinton<br />
* Stay in second lane from the left<br />
* Clinton Square Building (corner of Clinton & Broad) is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, pass Clinton Square Building on the left, and take first driveway on left to enter Clinton Square Parking garage<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=126812Rochester2012-03-24T14:48:13Z<p>Sir W: /* Local Officers */</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Help Us Improve Our Chapter ==<br />
<br />
We are looking for feedback on how to better our chapter. If you'd like to give us feedback, we have an anonymous survey setup here:<br />
<br />
http://www.surveymonkey.com/s/MTBH3S2<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@owasp.org Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting'''<br />
<br />
<b>What:</b> Joint ISSA and OWASP meeting - De-Anonymizing Anonymous<br />
<br />
<b>When:</b> Thursday, March 29th at 5:30pm<br />
<br />
<b>Location:</b> Nixon Peabody LLP - 1300 Clinton Square, Susan B. Anthony 14th Floor Conference Room - Rochester, NY 14604<br />
<br />
<b>Abstract:</b> What do you see when you take the Guy Fawkes mask off? In 2011, Imperva managed to witness an assault by hacktivist group Anonymous including the use of social media for communications and, most importantly, their attack methods. Since Anonymous' targets are highly variable, anyone can fall victim and security professionals need to know how to prepare.<br />
<br />
This talk will give a walk-through the key stages of an Anonymous campaign:<br />
<br />
* Recruitment and communication: We show how Anonymous leverages social networks to recruit its members and pick a target.<br />
* Application attack: We detail and sequence the steps Anonymous hackers deploy to take data and bring down websites.<br />
* DDoS: In this final stage, we shed light on the DDoS techniques deployed to take down websites.<br />
<br />
Finally, we recommend key mitigation steps that organizations need to take if they ever become a target.<br />
<br />
<b>Speaker:</b> Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa also writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva's Application Defense Center. She holds a MSc degree (specializing in information security) from Tel-Aviv University.<br />
<br />
<b>Please RSVP to [mailto:info@rocissa.org info@rocissa.org] by Friday, March 23 so we can get a headcount.</b><br />
<br />
<b>Directions:</b> <br />
<br />
From the East:<br />
<br />
* Take I-490 west towards Rochester<br />
* Take the Clinton Avenue exit<br />
* Clinton Square Building is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, passing Clinton Square Building on the left<br />
* Entrance to parking garage is on left just after Broad Street<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
From the West:<br />
<br />
* Take I-490 East towards Rochester<br />
* Stay in the right lane to cross the Troup-Howell bridge. Take exit 15 for South Ave./Rte. 15<br />
* Turn left at 2nd light<br />
* Turn left at light onto Clinton<br />
* Stay in second lane from the left<br />
* Clinton Square Building (corner of Clinton & Broad) is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, pass Clinton Square Building on the left, and take first driveway on left to enter Clinton Square Parking garage<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=126811Rochester2012-03-24T14:46:56Z<p>Sir W: Fixed Duane's address</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Help Us Improve Our Chapter ==<br />
<br />
We are looking for feedback on how to better our chapter. If you'd like to give us feedback, we have an anonymous survey setup here:<br />
<br />
http://www.surveymonkey.com/s/MTBH3S2<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@gmail.com Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@gmail.com Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting'''<br />
<br />
<b>What:</b> Joint ISSA and OWASP meeting - De-Anonymizing Anonymous<br />
<br />
<b>When:</b> Thursday, March 29th at 5:30pm<br />
<br />
<b>Location:</b> Nixon Peabody LLP - 1300 Clinton Square, Susan B. Anthony 14th Floor Conference Room - Rochester, NY 14604<br />
<br />
<b>Abstract:</b> What do you see when you take the Guy Fawkes mask off? In 2011, Imperva managed to witness an assault by hacktivist group Anonymous including the use of social media for communications and, most importantly, their attack methods. Since Anonymous' targets are highly variable, anyone can fall victim and security professionals need to know how to prepare.<br />
<br />
This talk will give a walk-through the key stages of an Anonymous campaign:<br />
<br />
* Recruitment and communication: We show how Anonymous leverages social networks to recruit its members and pick a target.<br />
* Application attack: We detail and sequence the steps Anonymous hackers deploy to take data and bring down websites.<br />
* DDoS: In this final stage, we shed light on the DDoS techniques deployed to take down websites.<br />
<br />
Finally, we recommend key mitigation steps that organizations need to take if they ever become a target.<br />
<br />
<b>Speaker:</b> Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa also writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva's Application Defense Center. She holds a MSc degree (specializing in information security) from Tel-Aviv University.<br />
<br />
<b>Please RSVP to [mailto:info@rocissa.org info@rocissa.org] by Friday, March 23 so we can get a headcount.</b><br />
<br />
<b>Directions:</b> <br />
<br />
From the East:<br />
<br />
* Take I-490 west towards Rochester<br />
* Take the Clinton Avenue exit<br />
* Clinton Square Building is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, passing Clinton Square Building on the left<br />
* Entrance to parking garage is on left just after Broad Street<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
From the West:<br />
<br />
* Take I-490 East towards Rochester<br />
* Stay in the right lane to cross the Troup-Howell bridge. Take exit 15 for South Ave./Rte. 15<br />
* Turn left at 2nd light<br />
* Turn left at light onto Clinton<br />
* Stay in second lane from the left<br />
* Clinton Square Building (corner of Clinton & Broad) is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, pass Clinton Square Building on the left, and take first driveway on left to enter Clinton Square Parking garage<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=126482Rochester2012-03-18T23:17:05Z<p>Sir W: Added March meeting</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Help Us Improve Our Chapter ==<br />
<br />
We are looking for feedback on how to better our chapter. If you'd like to give us feedback, we have an anonymous survey setup here:<br />
<br />
http://www.surveymonkey.com/s/MTBH3S2<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@gmail.com Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
</ul><br />
<br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Locations for formal meetings will be announced with the corresponding meeting so please check here or the mailing [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] list for specific meeting location details.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br/><br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting'''<br />
<br />
<b>What:</b> Joint ISSA and OWASP meeting - De-Anonymizing Anonymous<br />
<br />
<b>When:</b> Thursday, March 29th at 5:30pm<br />
<br />
<b>Location:</b> Nixon Peabody LLP - 1300 Clinton Square, Susan B. Anthony 14th Floor Conference Room - Rochester, NY 14604<br />
<br />
<b>Abstract:</b> What do you see when you take the Guy Fawkes mask off? In 2011, Imperva managed to witness an assault by hacktivist group Anonymous including the use of social media for communications and, most importantly, their attack methods. Since Anonymous' targets are highly variable, anyone can fall victim and security professionals need to know how to prepare.<br />
<br />
This talk will give a walk-through the key stages of an Anonymous campaign:<br />
<br />
* Recruitment and communication: We show how Anonymous leverages social networks to recruit its members and pick a target.<br />
* Application attack: We detail and sequence the steps Anonymous hackers deploy to take data and bring down websites.<br />
* DDoS: In this final stage, we shed light on the DDoS techniques deployed to take down websites.<br />
<br />
Finally, we recommend key mitigation steps that organizations need to take if they ever become a target.<br />
<br />
<b>Speaker:</b> Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa also writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva's Application Defense Center. She holds a MSc degree (specializing in information security) from Tel-Aviv University.<br />
<br />
<b>Please RSVP to [mailto:info@rocissa.org info@rocissa.org] by Friday, March 23 so we can get a headcount.</b><br />
<br />
<b>Directions:</b> <br />
<br />
From the East:<br />
<br />
* Take I-490 west towards Rochester<br />
* Take the Clinton Avenue exit<br />
* Clinton Square Building is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, passing Clinton Square Building on the left<br />
* Entrance to parking garage is on left just after Broad Street<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
From the West:<br />
<br />
* Take I-490 East towards Rochester<br />
* Stay in the right lane to cross the Troup-Howell bridge. Take exit 15 for South Ave./Rte. 15<br />
* Turn left at 2nd light<br />
* Turn left at light onto Clinton<br />
* Stay in second lane from the left<br />
* Clinton Square Building (corner of Clinton & Broad) is about two blocks down on left<br />
* Go through Broad Street/Clinton intersection, pass Clinton Square Building on the left, and take first driveway on left to enter Clinton Square Parking garage<br />
* Take garage elevator to lobby; then take lobby elevators to 14th floor<br />
* The meeting will be in Conference Room 14A, the Susan B. Anthony Room<br />
<br />
== Past Events ==<br />
;May 2011 Meeting<br />
Michael Coates webinar on Attack-Aware Applications.<br/><br />
https://owasp.webex.com/owasp/ldr.php?AT=pb&SP=MC&rID=87764002&rKey=14191b8f8c73dabc<br />
<br />
;May 5, 2011<br />
MercuryFest<br />
Speakers: Ralph Durkee, Andrea Cogliati, Duane Peifer<br />
Topic: SSL Man-in-the-Middle and Spoofing Attacks<br />
<br />
;March 2011 Meeting<br />
Topic: Pastebin Scrapping<br/><br />
Speaker: Silas Cutler, Global Crossing, Security Architect<br />
<br />
;January 2011 Meeting<br />
Topic: State of OWASP and the State of Web Application Security<br/><br />
Speaker: Ralph Durkee, Durkee Consulting<br />
<br />
;August Meeting 2010<br />
Topic: Man in the Middle Attacks: SSL Spoofing<br/><br />
Speaker: Duane Peifer, UberGuard Information Security and Ralph Durkee, Durkee Consulting<br />
<br />
;June Meeting 2010<br />
Topic: Client Side Exploits 101<br/><br />
Speaker: JP Bourget, BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
;May Meeting 2010<br />
Topic: New Techniques in Application Intrusion Detection<br/><br />
Speaker: Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
;February Meeting 2010<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>January Meeting 2011</b> State of OWASP and the State of Web Application Security by Ralph Durkee [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.ppt|PPT]] [[Media:Ralph_Durkee_State_of_Web_App_Security_v8.pdf|PDF]]<br/><br />
<br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Duane Peifer [[Media:SSL_Spoofing.ppt|PPT]] [[Media:SSL_Spoofing.pdf|PDF]]<br/><br />
<b>August Meeting 2010</b> Man in the Middle Attacks: SSL Spoofing by Ralph Durkee [[Media:Ralph_Durkee_SSL_MITM_v1.ppt|PPT]] [[Media:Ralph_Durkee_SSL_MITM_v1.pdf|PDF]]<br/><br />
<br />
<b>May Meeting 2010</b> New Techniques in Application Intrusion Detection by Al Huizenga [[Media:OWASP may17-10.pptx|PPTX]] [[Media:OWASP may17-10.pdf|PDF]]<br/><br />
<b>May Meeting 2010</b> Identity Federation and Claim-based Security by Andrea Cogliati [[Media:SAML and Claims-Based Security.pdf|PDF]]<br />
<br />
<b>February Meeting 2010</b> DC AppSec Conference Recap by Ralph Durkee [[Media:OWASP Rochester 2010 Feb.ppt|PPT]]<br />
<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Summit_2011_Attendee/Attendee026&diff=98420Summit 2011 Attendee/Attendee0262011-01-05T19:07:42Z<p>Sir W: Added funding for Ralph Durkee from Rochester chapter</p>
<hr />
<div>{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude><br />
|-<br />
| summit_attendee_name1 = Ralph Durkee<br />
| summit_attendee_email1 = ralph.durkee@owasp.org<br />
| summit_attendee_wiki_username1 = <br />
|-<br />
| summit_attendee_company = [http://www.rd1.net/rdc_home.html Durkee Consulting]<br />
|-<br />
| Project Leadership (less than 6 months old) = <br />
| Project Leadership (more than 6 months old) = <br />
| Release Leadership (less than 6 months old) = <br />
| Release Leadership (more than 6 months old) = <br />
| Project Contribution (less than 6 months old) = <br />
| Project Contribution (more than 6 months old) = <br />
| Release Contribution (less than 6 months old) = <br />
| Release Contribution (more than 6 months old) = <br />
| Committee Membership = Conferences<br />
| Chapter Co-Leadership = Rochester<br />
| Conference Co-Leadership = Rochester Security Summit 08, Rochester Security Summit 09, Rochester Security Summit 10 <br />
|-<br />
| summit_attendee_current_owasp_involvement_name1 = Global Conferences Committee<br />
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/Global_Conferences_Committee<br />
| summit_attendee_current_owasp_involvement_name2 = Rochester, NY Chapter Founder and Vice President<br />
| summit_attendee_current_owasp_involvement_url_2 = http://www.owasp.org/rochester<br />
| summit_attendee_current_owasp_involvement_name3 = <br />
| summit_attendee_current_owasp_involvement_url_3 = <br />
| summit_attendee_current_owasp_involvement_name4 = <br />
| summit_attendee_current_owasp_involvement_url_4 = <br />
| summit_attendee_current_owasp_involvement_name5 = <br />
| summit_attendee_current_owasp_involvement_url_5 = <br />
|-<br />
| summit_attendee_reason_for_summit_participation_name1 = <br />
| summit_attendee_reason_for_summit_participation_url_1 = <br />
| notes_reason_for_participating_issues_to_be_discussed_1 = <br />
| summit_attendee_reason_for_summit_participation_name2 = <br />
| summit_attendee_reason_for_summit_participation_url_2 = <br />
| notes_reason_for_participating_issues_to_be_discussed_2 = <br />
| summit_attendee_reason_for_summit_participation_name3 = <br />
| summit_attendee_reason_for_summit_participation_url_3 = <br />
| notes_reason_for_participating_issues_to_be_discussed_3 = <br />
| summit_attendee_reason_for_summit_participation_name4 = <br />
| summit_attendee_reason_for_summit_participation_url_4 = <br />
| notes_reason_for_participating_issues_to_be_discussed_4 = <br />
| summit_attendee_reason_for_summit_participation_name5 = <br />
| summit_attendee_reason_for_summit_participation_url_5 = <br />
| notes_reason_for_participating_issues_to_be_discussed_5 = <br />
|-<br />
| summit_attendee_owasp_sponsor = N/A<br />
|-<br />
| summit_attendee_summit_time_paid_by_name1 = self<br />
| summit_attendee_summit_time_paid_by_url_1 =<br />
| summit_attendee_summit_time_paid_by_name2 =<br />
| summit_attendee_summit_time_paid_by_url_2 =<br />
|-<br />
| summit_attendee_summit_expenses_paid_by_name1 = $300 from Rochester Chapter<br />
| summit_attendee_summit_expenses_paid_by_url_1 = http://owasp.org/rochester<br />
| summit_attendee_summit_expenses_paid_by_name2 = <br />
| summit_attendee_summit_expenses_paid_by_url_2 = <br />
|-<br />
| reason_for_sponsorship = Active Committee Member<br />
|-<br />
| status = Confirmed, seeking funds<br />
|-<br />
| letter sent to sponsor = <br />
|-<br />
| notes for Kate =<br />
|-<br />
| attendee_name_mask = <!--Please replace DO NOT EDIT this string --> Attendee026<br />
| attendee_home_page = <!--Please replace DO NOT EDIT this string --> Summit_2011_Attendee/Attendee026 <br />
}}</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=83770Rochester2010-05-20T14:33:24Z<p>Sir W: Fixed mail link</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Mykonos Software has been graciously providing meeting space for our formal meetings. Mykonos is located at 220 Kenneth Dr, Rochester, NY (entrance from Lehigh Station Rd or W Henrietta Rd), near 390 and Lehigh Station Road.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''May Meeting'''<br />
<br />
<b>When:</b> May 17th, 6pm<br />
<br />
<b>Where:</b> Mykonos (BlueTie) at 220 Kenneth Dr, Rochester, NY (entrance from Lehigh Station Rd or W Henrietta Rd), near 390 and Lehigh Station Road<br />
<br />
<b>Topic:</b> New Techniques in Application Intrusion Detection<br />
<br />
<b>Speaker:</b> Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
<b>Abstract:</b> Current solutions for securing legacy Web applications rely on a “lock-it-down” approach, similar to how IT security administrators use firewalls to lock down ports and servers. But applications are complicated, and it’s often impractical to create a rule set that tightly filters every app-level input. New alternative approaches to intrusion detection and response at the application layer are emerging. One key trend is to enhance the application code itself with built-in defensive logic. By instrumenting application code with incident detection triggers and dynamic responses, administrators can prevent application abuse before bad users establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance. <br />
<br />
<b>Speaker Bio:</b> Al Huizenga runs product strategy for Mykonos Software, a startup focused on new ways to secure Web applications from abuse. Al has 11 years experience marketing Web-based products and technologies. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.<br />
<br />
'''June Meeting - Joint Meeting with ISSA'''<br />
<br />
<b>When:</b> June 10th, 2010, 6-7:30pm<br />
<br />
<b>Location:</b> BlueTie, 220 Kenneth Drive, Rochester, NY (entrance from W<br />
Henrietta Rd or Lehigh Station Rd)<br />
<br />
Please RSVP at info@rochissa.org by Friday, June 10th<br />
<br />
<b>Title:</b> Client Side Exploits 101<br />
<br />
<b>Speaker:</b> JP Bourget, BS IT, RIT 2005; MS Computer Security and<br />
Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
<b>Abstract:</b> JP will talk about some concepts of client side attacks. An introduction to Metasploit will be given. A case study of how to craft a malicious PDF payload will be demonstrated to introduce some of the key features and abilities of Metasploit and it's plugin's/modules. JP will go over some of the basics of Nmap and then suggest some ideas on how to defend against these types of attacks.<br />
<br />
<b>Speaker's bio:</b> JP has five years experience in computer networking, system administration, and information security. During the day JP is responsible for Network and Security Management for a medium size global company based in the US. JP is also adjunct faculty at Rochester Institute of Technology where he teaches Networking and Security undergraduate classes. JP also performs pen testing and security audits for local companies in Rochester, NY.<br />
<br />
== Past Events ==<br />
<br />
;February Meeting<br />
<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=83769Rochester2010-05-20T14:32:57Z<p>Sir W: Fixed chapter leader</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [andrea.cogliati@owasp.org Andrea Cogliati]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Mykonos Software has been graciously providing meeting space for our formal meetings. Mykonos is located at 220 Kenneth Dr, Rochester, NY (entrance from Lehigh Station Rd or W Henrietta Rd), near 390 and Lehigh Station Road.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Meetings reminders are sent to the OWASP Rochester Announcement distribution list at least one week prior to a meeting.<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''May Meeting'''<br />
<br />
<b>When:</b> May 17th, 6pm<br />
<br />
<b>Where:</b> Mykonos (BlueTie) at 220 Kenneth Dr, Rochester, NY (entrance from Lehigh Station Rd or W Henrietta Rd), near 390 and Lehigh Station Road<br />
<br />
<b>Topic:</b> New Techniques in Application Intrusion Detection<br />
<br />
<b>Speaker:</b> Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
<b>Abstract:</b> Current solutions for securing legacy Web applications rely on a “lock-it-down” approach, similar to how IT security administrators use firewalls to lock down ports and servers. But applications are complicated, and it’s often impractical to create a rule set that tightly filters every app-level input. New alternative approaches to intrusion detection and response at the application layer are emerging. One key trend is to enhance the application code itself with built-in defensive logic. By instrumenting application code with incident detection triggers and dynamic responses, administrators can prevent application abuse before bad users establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance. <br />
<br />
<b>Speaker Bio:</b> Al Huizenga runs product strategy for Mykonos Software, a startup focused on new ways to secure Web applications from abuse. Al has 11 years experience marketing Web-based products and technologies. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.<br />
<br />
'''June Meeting - Joint Meeting with ISSA'''<br />
<br />
<b>When:</b> June 10th, 2010, 6-7:30pm<br />
<br />
<b>Location:</b> BlueTie, 220 Kenneth Drive, Rochester, NY (entrance from W<br />
Henrietta Rd or Lehigh Station Rd)<br />
<br />
Please RSVP at info@rochissa.org by Friday, June 10th<br />
<br />
<b>Title:</b> Client Side Exploits 101<br />
<br />
<b>Speaker:</b> JP Bourget, BS IT, RIT 2005; MS Computer Security and<br />
Information Assurance, RIT 2008; CISSP; MCSE, CSS<br />
<br />
<b>Abstract:</b> JP will talk about some concepts of client side attacks. An introduction to Metasploit will be given. A case study of how to craft a malicious PDF payload will be demonstrated to introduce some of the key features and abilities of Metasploit and it's plugin's/modules. JP will go over some of the basics of Nmap and then suggest some ideas on how to defend against these types of attacks.<br />
<br />
<b>Speaker's bio:</b> JP has five years experience in computer networking, system administration, and information security. During the day JP is responsible for Network and Security Management for a medium size global company based in the US. JP is also adjunct faculty at Rochester Institute of Technology where he teaches Networking and Security undergraduate classes. JP also performs pen testing and security audits for local companies in Rochester, NY.<br />
<br />
== Past Events ==<br />
<br />
;February Meeting<br />
<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=83179Rochester2010-05-10T07:37:45Z<p>Sir W: Added May meeting</p>
<hr />
<div><hr><br />
<br />
== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralph Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Vice President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Treasurer:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Secretary:</b> Appointed by Event Coordinator at each meeting.<br />
*<b>Event Coordinator:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
*<b>Communications and Chapter OWASP Evangelist:</b> [mailto:lou.leone@owasp.org Lou Leone]<br />
*<b>Webmaster:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
*<b>Mail List Administrator:</b> [mailto:duane.peifer@uberguard.com Duane Peifer]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meeting locations determined on a meeting by meeting basis and announced at least one week prior to the meeting.<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
If you or your organization is interested in donating meeting space please contact one of the local officers listed above. The space should be able to accommodate at least 15 people.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''May Meeting'''<br />
<br />
<b>When:</b> May 17th, 6pm<br />
<br />
<b>Where:</b> Mykonos at 220 Kenneth Dr, Rochester, NY (entrance from Lehigh Station Rd or W Henrietta Rd), near 390 and Lehigh Station Road<br />
<br />
<b>Topic:</b> New Techniques in Application Intrusion Detection<br />
<br />
<b>Speaker:</b> Al Huizenga, Director of Product Management, Mykonos Software, Inc.<br />
<br />
<b>Abstract:</b> Current solutions for securing legacy Web applications rely on a “lock-it-down” approach, similar to how IT security administrators use firewalls to lock down ports and servers. But applications are complicated, and it’s often impractical to create a rule set that tightly filters every app-level input. New alternative approaches to intrusion detection and response at the application layer are emerging. One key trend is to enhance the application code itself with built-in defensive logic. By instrumenting application code with incident detection triggers and dynamic responses, administrators can prevent application abuse before bad users establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance. <br />
<br />
<b>Speaker Bio:</b> Al Huizenga runs product strategy for Mykonos Software, a startup focused on new ways to secure Web applications from abuse. Al has 11 years experience marketing Web-based products and technologies. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.<br />
<br />
== Past Events ==<br />
<br />
;February Meeting<br />
<br />
Ralph Durkee presented a recap of the recent AppSec conference in DC.<br/><br />
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security. <br />
<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>October Hackerfest 2009</b> Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]<br />
<br />
<b>September OWASP 2009</b> Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]<br />
<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Global_Conferences_Committee_-_Application_5&diff=76649Global Conferences Committee - Application 52010-01-22T23:09:20Z<p>Sir W: Added endorsement by Andrea Cogliati</p>
<hr />
<div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]] <br />
<br />
----<br />
<br />
{| border="0" align="center" style="width: 100%;"<br />
|-<br />
! align="center" colspan="2" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="white">'''COMMITTEE APPLICATION FORM'''</font><br />
|-<br />
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Applicant's Name''' <br />
| align="left" colspan="1" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | <font color="black">Ralph Durkee<br></font><br />
|-<br />
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Current and past OWASP Roles''' <br />
| align="left" colspan="1" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Founder and former President Rochester, NY Chapter since 2004, Current VP of Rochester Chapter.&nbsp; Co-Chair of Rochester Security Summit joint ISSA/OWASP/ISACA Annual Security Conference&nbsp; www.RochesterSecurity.org<br><br />
|-<br />
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Committee Applying for''' <br />
| align="left" colspan="1" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | OWASP Global Conferences Committee.<br />
|}<br />
<br />
----<br />
<br />
<br> <br />
<br />
----<br />
<br />
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. An incomplete application will not be considered for vote. <br />
<br />
----<br />
<br />
<br> <br />
<br />
----<br />
<br />
{| border="0" align="center" style="width: 100%;"<br />
|-<br />
! align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="white">'''COMMITTEE RECOMMENDATIONS'''</font><br />
|-<br />
! align="center" style="background: white none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black"></font> <br> <br />
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black">'''Who Recommends/Name'''</font> <br />
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black">'''Role in OWASP'''</font> <br />
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black">'''Recommendation Content'''</font><br />
|-<br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''1''' <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Lou Leone<br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Communications and Chapter OWASP Evangelist<br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Ralph has been great to work with at our local OWASP chapter.&nbsp; His passion and enthusiam match the high level of competency he brings to security discussions.<br><br />
|-<br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''2''' <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Duane Peifer<br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Rochester NY Chapter webmaster and communications<br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Ralph is well known as a leader in the security community here in Rochester. His leadership, knowledge, and experience have been crucial to the success of the local OWASP chapter as well as other local security organizations and events.<br><br />
|-<br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''3''' <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Dwayne P. Foley, CISM, CISSP, GIAC (GSEC GCFW)<br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | <br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Ralph is one the most active participants in information security that I know. I had the pleasure of participating in class instruction from Ralph in his roll of a SANS instructor. I have worked closely with Ralph as a peer on complex, large enterprise polices and security issues. I have also had the pleasure to participate with Ralph in the local chapters of several national and global security organizations. I am sure there are many that have grown from Ralph’s leadership even more that will benefit with Ralph as a committee member.<br><br />
|-<br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''4''' <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Andrea Cogliati<br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Rochester NY Chapter President <br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Ralph is a long time information security professional with a deep knowledge of both the technical and the organizational aspects of information security. He has been involved in a variety of different projects and environments, from open-source projects to enterprise application deployment. Ralph founded the Rochester, NY Chapter of OWASP in 2004, and has been part of the Rochester Security Summit board since its first edition in 2006. The Rochester Security Summit has been a growing success in Upstate NY with speakers from all over the country. Ralph's skills and connections in the IT community make him an ideal candidate for the Global Conference Committee. <br><br />
|-<br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''5''' <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | <br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | <br> <br />
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | <br><br />
|}<br />
<br />
----</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=62925Rochester2009-05-28T18:23:21Z<p>Sir W: June meeting</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''June meeting details'''<br />
<br />
June informal meeting at Mac Gregor's will be held on '''June 22nd''', instead of June 15th.<br />
<br />
'''Joint Meeting with LUGOR in September'''<br />
<br />
We'll have a joint meeting with [http://www.lugor.org/ Linux User Group of Rochester] on September 17th from 7pm to 9pm on RIT Campus, room #70-1400.<br />
<br />
Ralph Durkee will deliver a presentation about Apache Web Server and Web App Firewall w Mod_security.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=62236Rochester2009-05-27T15:07:44Z<p>Sir W: Added LUGOR meeting</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralph Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''Joint Meeting with LUGOR in September'''<br />
<br />
We'll have a joint meeting with [http://www.lugor.org/ Linux User Group of Rochester] on September 17th from 7pm to 9pm on RIT Campus, room #70-1400.<br />
<br />
Ralph Durkee will deliver a presentation about Apache Web Server and Web App Firewall w Mod_security.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<b>May OWASP 2009</b> Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]<br />
<br />
<b>May IEEE 2009</b> Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=60162Rochester2009-05-05T14:14:24Z<p>Sir W: /* Meeting Dates & Location */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''May Meeting Details'''<br />
<br />
May meeting will be held on '''May 18th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' Key Management - One Perspective<br />
<br />
'''Abstract:''' Encryption is easy. Key management is hard. Really hard. The difficulty arises not from the complexity of keys and encryption schemes, approaches to them, or their applications, but from the impacts of encrypted data to operational systems and procedures. One perspective on key management provides insight into implementing encrypted data storage in a typical n-tiered system and identifying the impacted concerns with appropriate implementation strategies for mitigating them.<br />
<br />
'''Presenter:''' Lou Leone<br />
<br />
Lou is a Cognitive Science graduate from the University of Rochester. He is founder of Telperion Development Corp. and has provided services for the utility and telecommunications industries and for Rochester’s ever present Kodak and Xerox. He had a brief stint as the VP of Technology for PaeTec Communications, Inc. and is presently the VP of Technology Development for UniteU Technologies Inc. Over years of personally writing vast swaths of absolutely terrible code, he has developed a fine appreciation of the art of software architecture and the beauty of implementation excellence.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=60160Rochester2009-05-05T14:08:00Z<p>Sir W: May meeting details</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''May Meeting Details'''<br />
<br />
March meeting will be held on '''March 18th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' Key Management - One Perspective<br />
<br />
'''Abstract:''' Encryption is easy. Key management is hard. Really hard. The difficulty arises not from the complexity of keys and encryption schemes, approaches to them, or their applications, but from the impacts of encrypted data to operational systems and procedures. One perspective on key management provides insight into implementing encrypted data storage in a typical n-tiered system and identifying the impacted concerns with appropriate implementation strategies for mitigating them.<br />
<br />
'''Presenter:''' Lou Leone<br />
<br />
Lou is a Cognitive Science graduate from the University of Rochester. He is founder of Telperion Development Corp. and has provided services for the utility and telecommunications industries and for Rochester’s ever present Kodak and Xerox. He had a brief stint as the VP of Technology for PaeTec Communications, Inc. and is presently the VP of Technology Development for UniteU Technologies Inc. Over years of personally writing vast swaths of absolutely terrible code, he has developed a fine appreciation of the art of software architecture and the beauty of implementation excellence.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=57530Rochester2009-03-29T22:15:11Z<p>Sir W: Lou's date correction</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting Details'''<br />
<br />
March meeting will be held on '''March 16th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' 2008 Web Security Trends<br />
<br />
'''Abstract:''' The presentation will open with a brief review of the OWASP Top Ten from<br />
2007, followed by a review and comparison of 2007 and 2008 web security<br />
statistics. After this we'll review some recent high profile web site<br />
incidents and a few of the web site flaws personally discovered by Duane in<br />
2008. We'll discuss how these vulnerabilities are easily exploited and how<br />
they are prevented. The presentation will be concluded by some industry web<br />
security predictions for 2009.<br />
<br />
'''Presenter:''' Duane Peifer<br />
<br />
Duane is CTO at UberGuard Information Security, LLC, in Avon, NY, <br />
were he provides UberGuard's customers with technical consulting and <br />
web site security assessments and penetration tests. He holds a B.S. <br />
in Computer Science from Rochester Institute of Technology and has 15 <br />
years of Systems Engineering and Project Management experience. Duane <br />
is also the co-owner of UberScan, LLC, a startup software development <br />
company.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>January 2009</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=57250Rochester2009-03-23T18:40:44Z<p>Sir W: Added January presentation</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting Details'''<br />
<br />
March meeting will be held on '''March 16th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' 2008 Web Security Trends<br />
<br />
'''Abstract:''' The presentation will open with a brief review of the OWASP Top Ten from<br />
2007, followed by a review and comparison of 2007 and 2008 web security<br />
statistics. After this we'll review some recent high profile web site<br />
incidents and a few of the web site flaws personally discovered by Duane in<br />
2008. We'll discuss how these vulnerabilities are easily exploited and how<br />
they are prevented. The presentation will be concluded by some industry web<br />
security predictions for 2009.<br />
<br />
'''Presenter:''' Duane Peifer<br />
<br />
Duane is CTO at UberGuard Information Security, LLC, in Avon, NY, <br />
were he provides UberGuard's customers with technical consulting and <br />
web site security assessments and penetration tests. He holds a B.S. <br />
in Computer Science from Rochester Institute of Technology and has 15 <br />
years of Systems Engineering and Project Management experience. Duane <br />
is also the co-owner of UberScan, LLC, a startup software development <br />
company.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>January 2008</b> Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=File:ParanoidProgrammers.ppt&diff=57249File:ParanoidProgrammers.ppt2009-03-23T18:36:58Z<p>Sir W: </p>
<hr />
<div></div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=56373Rochester2009-03-09T17:47:45Z<p>Sir W: Correcting spell</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting Details'''<br />
<br />
March meeting will be held on '''March 16th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' 2008 Web Security Trends<br />
<br />
'''Abstract:''' The presentation will open with a brief review of the OWASP Top Ten from<br />
2007, followed by a review and comparison of 2007 and 2008 web security<br />
statistics. After this we'll review some recent high profile web site<br />
incidents and a few of the web site flaws personally discovered by Duane in<br />
2008. We'll discuss how these vulnerabilities are easily exploited and how<br />
they are prevented. The presentation will be concluded by some industry web<br />
security predictions for 2009.<br />
<br />
'''Presenter:''' Duane Peifer<br />
<br />
Duane is CTO at UberGuard Information Security, LLC, in Avon, NY, <br />
were he provides UberGuard's customers with technical consulting and <br />
web site security assessments and penetration tests. He holds a B.S. <br />
in Computer Science from Rochester Institute of Technology and has 15 <br />
years of Systems Engineering and Project Management experience. Duane <br />
is also the co-owner of UberScan, LLC, a startup software development <br />
company.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=56372Rochester2009-03-09T17:45:12Z<p>Sir W: Added March meeting</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''March Meeting Details'''<br />
<br />
March meeting will be help on '''March 16th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' 2008 Web Security Trends<br />
<br />
'''Abstract:''' The presentation will open with a brief review of the OWASP Top Ten from<br />
2007, followed by a review and comparison of 2007 and 2008 web security<br />
statistics. After this we'll review some recent high profile web site<br />
incidents and a few of the web site flaws personally discovered by Duane in<br />
2008. We'll discuss how these vulnerabilities are easily exploited and how<br />
they are prevented. The presentation will be concluded by some industry web<br />
security predictions for 2009.<br />
<br />
'''Presenter:''' Duane Peifer<br />
<br />
Duane is CTO at UberGuard Information Security, LLC, in Avon, NY, <br />
were he provides UberGuard's customers with technical consulting and <br />
web site security assessments and penetration tests. He holds a B.S. <br />
in Computer Science from Rochester Institute of Technology and has 15 <br />
years of Systems Engineering and Project Management experience. Duane <br />
is also the co-owner of UberScan, LLC, a startup software development <br />
company.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Category:OWASP_Presentations&diff=51265Category:OWASP Presentations2009-01-15T16:57:19Z<p>Sir W: Added Apple Keynote template</p>
<hr />
<div>== Welcome to the OWASP Presentations Program ==<br />
<br />
In an effort to promote more in-depth work in application security, the OWASP Presentations program is now accepting presentation submissions. Presentations submitted to the OWASP Presentations program will be reviewed by a team of senior application security experts. These reviewers will provide constructive feedback on submissions in the hopes of achieving a publishable quality paper. Papers that are approved by the review team will be published on the OWASP website and will be candidates for presentation at the next OWASP AppSec conference.<br />
<br />
== Submitting a Presentation ==<br />
<br />
To submit a presentation, please use the following [[Media:Presentation_template.ppt | template for Microsoft Powerpoint]] presentations. All submissions should be sent to [mailto:owasp@owasp.org owasp@owasp.org]. By submitting a presentation, you agree to having OWASP publish the presentation on the OWASP website.<br />
<br />
= OWASP Education Presentation Guidelines =<br />
Some guidelines:<br />
* Use the OWASP Education Project [[:Image:Education_Project_Template.zip|Template powerpoint]]<br />
* Provide a summary next to the slides<br />
* Add a descriptive summary and expectations on knowledge<br />
* Only include necessary data<br />
* Slide contents should be self evident<br />
* One slide should cover only one specific topic, avoid overly dense slides<br />
* Max seven words per line, seven lines per slide<br />
* Present information graphically: an image can say more than thousand words<br />
* Don't use all capital letters<br />
* limit your presentation to less than 50 slides - better less than 30 slides (a good presentation will be max. 90 minutes and typical time per slide is 2 minutes). If you need more, split the presentation in parts.<br />
* Support each slide with notes (the part below the slide in PowerPoint). These notes should provide the presenter with enough material (including references) to prepare the presentation without much extra research.<br />
...<br />
<br />
This way presentations can be reused by the [[Education]] Project.<br />
<br />
= Papers =<br />
<br />
<!--<br />
; [http://link Title] (Author)<br />
: Brief description<br />
--><br />
<br />
; [http://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt Advanced SQL Injection] (Victor Chapela)<br />
: Detailed methodology for analyzing applications for SQL injection vulnerabilities.<br />
<br />
; [http://link Title] (Author)<br />
: Brief description<br />
<br />
== Keynote Template ==<br />
<br />
If you want to create a presentation with Apple Keynote using the OWASP design, you can use the [[Media:OWASP_Keynote_Template.zip|Keynote '08 template]].</div>Sir Whttps://wiki.owasp.org/index.php?title=File:OWASP_Keynote_Template.zip&diff=51264File:OWASP Keynote Template.zip2009-01-15T16:52:41Z<p>Sir W: OWASP Presentation template for Apple Keynote '08</p>
<hr />
<div>OWASP Presentation template for Apple Keynote '08</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=50936Rochester2009-01-12T16:42:30Z<p>Sir W: Added Aaron Witt to January meeting's speakers</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''January Meeting Details'''<br />
<br />
January meeting has been postponed to '''January 26th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' Paranoid Programming Practices<br />
<br />
"It’s not a matter of whether you’re paranoid or not. It’s a matter of whether you’re paranoid enough."<br />
- Unknown. (He wouldn’t give me his name…)<br />
<br />
'''Abstract:''' This presentation provides an overview of Policy Frameworks and their importance to formalizing secure programming practices within a software development organization. It also covers the primary elements of Secure Programming Practices including discussions on attackers, tenants, architectures, and principles. This presentation is focused towards OWASP and Payment Card Industries’ Data Security Specification (PCI DSS) audiences and concludes with a review of the “Top 10” vulnerabilities along OWASP classifications.<br />
<br />
'''Presenters:''' Lou Leone and Aaron Witt<br />
<br />
Lou Leone is a Cognitive Science graduate from the University of Rochester. He is founder of Telperion Development Corp. and has provided services for the utility and telecommunications industries and for Rochester’s ever present Kodak and Xerox. He had a brief stint as the VP of Technology for PaeTec Communications, Inc. and is presently the VP of Technology Development for UniteU Technologies Inc. Over years of personally writing vast swaths of absolutely terrible code, he has developed a fine appreciation of the art of software architecture and the beauty of implementation excellence.<br />
<br />
Aaron Witt graduated from the University of Illinois with a degree in Computer Science. He worked at Xerox for 11 years as a software engineer and architect and is currently employed at UniteU Technologies Inc. His interests include creating secure, identity-aware applications, workflow-based systems, and design patterns. When not fixing Lou’s terrible code, he also enjoys woodworking and herding cats.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=50587Rochester2009-01-09T16:10:06Z<p>Sir W: January meeting</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''January Meeting Details'''<br />
<br />
January meeting has been postponed to '''January 26th, 6pm''' at Bryant & Stratton College.<br />
<br />
'''Title:''' Paranoid Programming Practices<br />
<br />
"It’s not a matter of whether you’re paranoid or not. It’s a matter of whether you’re paranoid enough."<br />
- Unknown. (He wouldn’t give me his name…)<br />
<br />
'''Abstract:''' This presentation provides an overview of Policy Frameworks and their importance to formalizing secure programming practices within a software development organization. It also covers the primary elements of Secure Programming Practices including discussions on attackers, tenants, architectures, and principles. This presentation is focused towards OWASP and Payment Card Industries’ Data Security Specification (PCI DSS) audiences and concludes with a review of the “Top 10” vulnerabilities along OWASP classifications.<br />
<br />
'''Presenter:''' Lou Leone<br />
<br />
Lou Leone is a Cognitive Science graduate from the University of Rochester. He is founder of Telperion Development Corp. and has provided services for the utility and telecommunications industries and for Rochester’s ever present Kodak and Xerox. He had a brief stint as the VP of Technology for PaeTec Communications, Inc. and is presently the VP of Technology Development for UniteU Technologies Inc. Over years of personally writing vast swaths of absolutely terrible code, he has developed a fine appreciation of the art of software architecture and the beauty of implementation excellence.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=47099Rochester2008-11-28T21:26:43Z<p>Sir W: November meeting</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''November Meeting Details'''<br />
<br />
November meeting has been postponed to December 1st, 6pm at Bryant & Stratton College. We'll have a brief discussion around the news from the OWASP Worldwide Summit and a video from OWASP NYC AppSec conference: "Web Intrusion Detection with ModSecurity" by Ivan Ristic.<br />
<br />
'''FREE PIZZA, courtesy of Durkee Consulting, Inc.'''<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=46405Rochester2008-11-14T13:45:39Z<p>Sir W: Changed Future Events to Past Events</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''November Meeting Details'''<br />
<br />
November meeting has been postponed to December 1st, 6pm at Bryant & Stratton College.<br />
<br />
== Past Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=46404Rochester2008-11-14T13:45:16Z<p>Sir W: November meeting</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''November Meeting Details'''<br />
<br />
November meeting has been postponed to December 1st, 6pm at Bryant & Stratton College.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_on_the_Move&diff=45649OWASP on the Move2008-11-03T17:43:39Z<p>Sir W: Added Rochester Security Summit</p>
<hr />
<div>This program allows local chapters or application security conferences to have OWASP presenters on site.<br />
<br />
This program allows 3 parties to find each other:<br />
<br />
* Local chapters or application security events that want to attract an OWASP speaker<br />
* OWASP speakers to entertain OWASP presentations and that want to see the world<br />
* OWASP sponsors that want to support spreading the OWASP message<br />
<br />
Owasp on the Move (OotM) is an OWASP project. Visit the project [[:Category:OWASP_on_the_Move_Project|page]] to see what the future holds for OotM.<br />
<br />
==Application Process ==<br />
The way it works is really easy.<br />
<br />
* Upfront the event organizer sends the OotM request (event details, who to cover, etc...) to [[Contact|Kate]]<br />
* If within the rules (see below) it will be rapidly approved by Kate<br />
* The event organizer updates the OotM section below to track the application<br />
* After the event is performed the speaker, who made the travel/lodging expenses, e-mails a scan of the receipts to Kate<br />
* Kate re-imburses up to the approved budget and informs the event organizer<br />
* The event organizer updates the OotM section below<br />
That's it!<br />
<br />
==OWASP On the Move Rules:==<br />
<br />
The following rules apply for the OotM project:<br />
<br />
*The normal maximum amount per speaker is 500 USD<br />
*Only in special circumstances the maximum amount per speaker can be raised to a maximum of $1000 USD<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any individual per year (*see 'further funding' below)<br />
*There is a proposed limit of 1,000 USD on the amount of $ provided to any event per year(*see 'further funding' below)<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any chapter per year(*see 'further funding' below)<br />
*The program will run for 1 year or 30,000 USD (whichever comes first) and then will be reviewed for the value and ROI for OWASP and its community;<br />
<br />
<br />
So, a chapter can use the sponsorship 4 times a year, with the max of 2 speakers sponsored by OotM for one single event.<br />
<br />
<br />
*Further funding: for active chapters or speakers who have reach the proposed financial limits, further funding is possible but will depend on available budget, since priority would be given to chapters below these thresholds<br />
<br />
== Current demand ==<br />
Add your demand here:<br />
<br />
== Current offerings ==<br />
If you want to (re)do an OWASP related presentation, propose them here with your availability boundaries (timing/geographical)<br />
* Marc Curphey will happily speak about the WebAppSec industry, SDLC etc. around Europe. You can see him in action at [http://video.hitb.org/2006.html HITB with John Viega] (big download)<br />
* [mailto:thesp0nge@owasp.org Paolo Perego] is available to talk about [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Orizon project], safe coding and code review issues around Europe in the near October-December.<br />
* [mailto:marc.m.morana@gmail.org Marco Morana] is available to talk about [http://iac.dtic.mil/iatac/download/security.pdf Software Security Frameworks]and Secure Code Reviews [https://www.cmpevents.com/CSI33/a.asp?option=G&V=3&id=443342 see 07 CSI conference as reference] in USA around November-December and in Europe around January-February.<br />
* [mailto:sebastien.gioria@owasp.fr S&eacute;bastien Gioria] is available to talk about WebAppSec, educational purpose on AppSec in French or at least in english around France/Europe/Canada from middle of March 08. You can find some Talk on the [http://www.owasp.fr Owasp France Chapter]<br />
* you?<br />
<br />
== Upcoming OWASP on the Move Events ==<br />
<br />
== Past OWASP on the Move Events ==<br />
<br />
* 30th Oct 2008: [[Rochester]] Marco Morana presented at [http://rochestersecurity.org Rochester Security Summit 2008] about Risk Management in the SDLC.<br />
* 8th Sep 2007: [[Belgium]] Mark Curphey, pdp (Architect), Simon Roses Femerling and David Kierznowski presented as part of the OWASP Day worldwide conference.<br />
* 14th July 2007: [[Turkey]] Dinis joined the first Turkey Mini-Conference<br />
* 22nd June 2007: [[Belgium]] Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).<br />
<br />
== Sponsors ==<br />
Currently the OotM is sponsored by banners on the OWASP home page. <br />
<br />
We are looking for sponsors that specifically want to sponsor the OotM project.<br />
<br />
Past local sponsors were:<br />
* F5 Networks in [[Belgium]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_on_the_Move&diff=45648OWASP on the Move2008-11-03T17:26:09Z<p>Sir W: Removed Rochester Security Summit</p>
<hr />
<div>This program allows local chapters or application security conferences to have OWASP presenters on site.<br />
<br />
This program allows 3 parties to find each other:<br />
<br />
* Local chapters or application security events that want to attract an OWASP speaker<br />
* OWASP speakers to entertain OWASP presentations and that want to see the world<br />
* OWASP sponsors that want to support spreading the OWASP message<br />
<br />
Owasp on the Move (OotM) is an OWASP project. Visit the project [[:Category:OWASP_on_the_Move_Project|page]] to see what the future holds for OotM.<br />
<br />
==Application Process ==<br />
The way it works is really easy.<br />
<br />
* Upfront the event organizer sends the OotM request (event details, who to cover, etc...) to [[Contact|Kate]]<br />
* If within the rules (see below) it will be rapidly approved by Kate<br />
* The event organizer updates the OotM section below to track the application<br />
* After the event is performed the speaker, who made the travel/lodging expenses, e-mails a scan of the receipts to Kate<br />
* Kate re-imburses up to the approved budget and informs the event organizer<br />
* The event organizer updates the OotM section below<br />
That's it!<br />
<br />
==OWASP On the Move Rules:==<br />
<br />
The following rules apply for the OotM project:<br />
<br />
*The normal maximum amount per speaker is 500 USD<br />
*Only in special circumstances the maximum amount per speaker can be raised to a maximum of $1000 USD<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any individual per year (*see 'further funding' below)<br />
*There is a proposed limit of 1,000 USD on the amount of $ provided to any event per year(*see 'further funding' below)<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any chapter per year(*see 'further funding' below)<br />
*The program will run for 1 year or 30,000 USD (whichever comes first) and then will be reviewed for the value and ROI for OWASP and its community;<br />
<br />
<br />
So, a chapter can use the sponsorship 4 times a year, with the max of 2 speakers sponsored by OotM for one single event.<br />
<br />
<br />
*Further funding: for active chapters or speakers who have reach the proposed financial limits, further funding is possible but will depend on available budget, since priority would be given to chapters below these thresholds<br />
<br />
== Current demand ==<br />
Add your demand here:<br />
<br />
== Current offerings ==<br />
If you want to (re)do an OWASP related presentation, propose them here with your availability boundaries (timing/geographical)<br />
* Marc Curphey will happily speak about the WebAppSec industry, SDLC etc. around Europe. You can see him in action at [http://video.hitb.org/2006.html HITB with John Viega] (big download)<br />
* [mailto:thesp0nge@owasp.org Paolo Perego] is available to talk about [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Orizon project], safe coding and code review issues around Europe in the near October-December.<br />
* [mailto:marc.m.morana@gmail.org Marco Morana] is available to talk about [http://iac.dtic.mil/iatac/download/security.pdf Software Security Frameworks]and Secure Code Reviews [https://www.cmpevents.com/CSI33/a.asp?option=G&V=3&id=443342 see 07 CSI conference as reference] in USA around November-December and in Europe around January-February.<br />
* [mailto:sebastien.gioria@owasp.fr S&eacute;bastien Gioria] is available to talk about WebAppSec, educational purpose on AppSec in French or at least in english around France/Europe/Canada from middle of March 08. You can find some Talk on the [http://www.owasp.fr Owasp France Chapter]<br />
* you?<br />
<br />
== Upcoming OWASP on the Move Events ==<br />
<br />
== Past OWASP on the Move Events ==<br />
<br />
* 8th Sep 2007: [[Belgium]] Mark Curphey, pdp (Architect), Simon Roses Femerling and David Kierznowski presented as part of the OWASP Day worldwide conference.<br />
* 14th July 2007: [[Turkey]] Dinis joined the first Turkey Mini-Conference<br />
* 22nd June 2007: [[Belgium]] Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).<br />
<br />
== Sponsors ==<br />
Currently the OotM is sponsored by banners on the OWASP home page. <br />
<br />
We are looking for sponsors that specifically want to sponsor the OotM project.<br />
<br />
Past local sponsors were:<br />
* F5 Networks in [[Belgium]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_on_the_Move&diff=45647OWASP on the Move2008-11-03T17:25:32Z<p>Sir W: Removed Rochester Security Summit</p>
<hr />
<div>This program allows local chapters or application security conferences to have OWASP presenters on site.<br />
<br />
This program allows 3 parties to find each other:<br />
<br />
* Local chapters or application security events that want to attract an OWASP speaker<br />
* OWASP speakers to entertain OWASP presentations and that want to see the world<br />
* OWASP sponsors that want to support spreading the OWASP message<br />
<br />
Owasp on the Move (OotM) is an OWASP project. Visit the project [[:Category:OWASP_on_the_Move_Project|page]] to see what the future holds for OotM.<br />
<br />
==Application Process ==<br />
The way it works is really easy.<br />
<br />
* Upfront the event organizer sends the OotM request (event details, who to cover, etc...) to [[Contact|Kate]]<br />
* If within the rules (see below) it will be rapidly approved by Kate<br />
* The event organizer updates the OotM section below to track the application<br />
* After the event is performed the speaker, who made the travel/lodging expenses, e-mails a scan of the receipts to Kate<br />
* Kate re-imburses up to the approved budget and informs the event organizer<br />
* The event organizer updates the OotM section below<br />
That's it!<br />
<br />
==OWASP On the Move Rules:==<br />
<br />
The following rules apply for the OotM project:<br />
<br />
*The normal maximum amount per speaker is 500 USD<br />
*Only in special circumstances the maximum amount per speaker can be raised to a maximum of $1000 USD<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any individual per year (*see 'further funding' below)<br />
*There is a proposed limit of 1,000 USD on the amount of $ provided to any event per year(*see 'further funding' below)<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any chapter per year(*see 'further funding' below)<br />
*The program will run for 1 year or 30,000 USD (whichever comes first) and then will be reviewed for the value and ROI for OWASP and its community;<br />
<br />
<br />
So, a chapter can use the sponsorship 4 times a year, with the max of 2 speakers sponsored by OotM for one single event.<br />
<br />
<br />
*Further funding: for active chapters or speakers who have reach the proposed financial limits, further funding is possible but will depend on available budget, since priority would be given to chapters below these thresholds<br />
<br />
== Current demand ==<br />
Add your demand here:<br />
<br />
== Current offerings ==<br />
If you want to (re)do an OWASP related presentation, propose them here with your availability boundaries (timing/geographical)<br />
* Marc Curphey will happily speak about the WebAppSec industry, SDLC etc. around Europe. You can see him in action at [http://video.hitb.org/2006.html HITB with John Viega] (big download)<br />
* [mailto:thesp0nge@owasp.org Paolo Perego] is available to talk about [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Orizon project], safe coding and code review issues around Europe in the near October-December.<br />
* [mailto:marc.m.morana@gmail.org Marco Morana] is available to talk about [http://iac.dtic.mil/iatac/download/security.pdf Software Security Frameworks]and Secure Code Reviews [https://www.cmpevents.com/CSI33/a.asp?option=G&V=3&id=443342 see 07 CSI conference as reference] in USA around November-December and in Europe around January-February.<br />
* [mailto:sebastien.gioria@owasp.fr S&eacute;bastien Gioria] is available to talk about WebAppSec, educational purpose on AppSec in French or at least in english around France/Europe/Canada from middle of March 08. You can find some Talk on the [http://www.owasp.fr Owasp France Chapter]<br />
* you?<br />
<br />
== Upcoming OWASP on the Move Events ==<br />
<br />
* October 30, 2008 - [[Rochester]] Marco Morana will speak at [http://rochestersecurity.org Rochester Security Summit] about Software Security Framework<br />
<br />
== Past OWASP on the Move Events ==<br />
<br />
* 8th Sep 2007: [[Belgium]] Mark Curphey, pdp (Architect), Simon Roses Femerling and David Kierznowski presented as part of the OWASP Day worldwide conference.<br />
* 14th July 2007: [[Turkey]] Dinis joined the first Turkey Mini-Conference<br />
* 22nd June 2007: [[Belgium]] Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).<br />
<br />
== Sponsors ==<br />
Currently the OotM is sponsored by banners on the OWASP home page. <br />
<br />
We are looking for sponsors that specifically want to sponsor the OotM project.<br />
<br />
Past local sponsors were:<br />
* F5 Networks in [[Belgium]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=44877Rochester2008-10-27T21:00:09Z<p>Sir W: /* Local Officers */</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
<paypal>Rochester</paypal><br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andrea.cogliati@owasp.org Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''September Meeting Details'''<br />
<br />
September meeting will be held on '''Monday September 22nd, 6pm at Bryant & Stratton College''' and will feature a videoconference with '''Jeff Williams''', world famous webappsec guru, on verb tampering, EASPI library and the future of OWASP. '''You can't miss this one!'''<br />
<br />
'''Presenter:''' Jeff Williams<br />
<br />
'''Topic:''' Verb tampering and ESAPI<br />
<br />
'''Bio:''' Jeff Williams is one of the major contributors in webappsec community. He has written many whitepapers, spoken at many conferences including Secure Software Summit, OWASP conferences, ISSA InfoSec Conference, NSA High Confidence Software and Systems Conference (HCSS), JavaOne, National Computer Security Conference (NCSC), etc, worked on several projects and written many tools available at OWASP (including creating the OWASP Top 10, WebGoat, Stinger, Secure Software Contract Annex, Honeycomb Project and the Enterprise Security API). Jeff has done a lot of work in promoting awareness of web application security. He's CEO of Aspect Security and also volunteers as chairs of OWASP Foundation. You can find more about him on [http://myappsecurity.blogspot.com/2007/03/reflection-on-jeff-williams.html his blog].<br />
<br />
<br />
'''Abstract:''' The ESAPI is a free and open collection of all the security methods that a developer needs to build a secure web application. You can just use the interfaces and build your own implementation using your company's infrastructure. Or, you can use the reference implementation as a starting point. In concept, the API is language independent. However, the first deliverables from the project are a Java API and a Java reference implementation. Efforts to build ESAPI in .NET and PHP are already underway. Unfortunately, the available platforms, frameworks, and toolkits (Java EE, Struts, Spring, etc...) simply do not provide enough protection. This leaves developers with responsibility for designing and building security mechanisms. This reinventing the wheel for every application leads to wasted time and massive security holes.<br />
The cost savings through reduced development time, and the increased security due to using heavily analyzed and carefully designed security methods provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques. This API is designed to automatically take care of many aspects of application security, making these issues invisible to the developers.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Working_Session_OWASP_Strategic_Planning&diff=44307Working Session OWASP Strategic Planning2008-10-21T18:07:10Z<p>Sir W: /* Working Session Participants */</p>
<hr />
<div>{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Strategic Planning'''<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|Discuss and prepare the OWASP Strategic Planing. <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:jeff.williams(at)owasp.org Jeff Williams], [mailto:dinis.cruz(at)owasp.org Dinis Cruz], [mailto:dave.wichers(at)owasp.org Dave Wichers], [mailto:seba@owasp.org Sebastien Deleersnyder], [mailto:tomb(at)owasp.org Tom Brennan]. <br />
| style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>TBD<br />
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/admin/ws-strategic-planning/logout Subscription Page]<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"><br />
* Discuss OWASP Past, Present and Future,<br />
* Projects organization and rating,<br />
* Global Community Outreach (PR Issues, Pro Bono opportunities) <br />
* Procedures for OWASP Standardization,<br />
* Discuss OWASP Governance,<br />
* Discuss Chapter Governance.<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] <br />
| style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 4 & 7, 2008 <br>Time TBD<br />
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees" or "Everybody is a Participant" - TBD<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
<br />
{|style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES''' <br />
|-<br />
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions <br />
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group''' <br />
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"| <br />
| style="width:46%; background:#C2C2C2" align="center"|Action Plan for 2009.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"| <br />
| style="width:46%; background:#C2C2C2" align="center"|Strategies and recommendations for current OWASP projects.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|}<br />
== Working Session Participants ==<br />
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS''' <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:18%; background:#cccccc" align="center"|'''Name'''<br />
| style="width:15%; background:#cccccc" align="center"|'''Company'''<br />
| style="width:60%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|1 <br />
| style="width:18%; background:#cccccc" align="center"|Kate & Paulo<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Foundation<br />
| style="width:60%; background:#cccccc" align="center"|Employees <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|2<br />
| style="width:18%; background:#cccccc" align="center"|David Campbell<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Denver<br />
| style="width:60%; background:#cccccc" align="center"|Chapter governance, etc<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|3<br />
| style="width:18%; background:#cccccc" align="center"|Matteo Meucci<br />
| style="width:15%; background:#cccccc" align="center"|OWASP-Italy<br />
| style="width:15%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|4<br />
| style="width:18%; background:#cccccc" align="center"|Steve Antoniewicz<br />
| style="width:15%; background:#cccccc" align="center"|OWASP NYC<br />
| style="width:60%; background:#cccccc" align="center"|Partnerships<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|5<br />
| style="width:18%; background:#cccccc" align="center"|Andrea Cogliati<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY<br />
| style="width:60%; background:#cccccc" align="center"|Interested in reaching out academia<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|6<br />
| style="width:18%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"| <br />
| style="width:60%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|7<br />
| style="width:18%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:60%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|8<br />
| style="width:18%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:60%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|9<br />
| style="width:18%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:60%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|10<br />
| style="width:18%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:60%; background:#cccccc" align="center"|<br />
|}<br />
If needed add here more lines.<br />
<br />
[[Category:OWASP_Working_Session]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_Working_Session_Enterprise_Security_API_Project&diff=44306OWASP Working Session Enterprise Security API Project2008-10-21T18:04:58Z<p>Sir W: /* Working Session Participants */</p>
<hr />
<div>{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Enterprise Security API Project '''<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|In this working session we will consider all aspects of the Enterprise Security API project. The goal of the project is to simplify security for developers to make secure code more likely. To achieve this goal we define clean intuitive APIs for standard security functionality. Ideally, these APIs will cover common security controls across web applications, web services, and even rich client applications. This working session will review the state of the project, discuss technical issues, discuss "marketing" of the project, prioritize project work items, and browbeat attendees into joining the project and making the world a safer place.<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<br />
[[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]]<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams'''] <br />
| style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:arshan.dabirsiaghi(at)aspectsecurity.com '''Arshan Dabirsiaghi''']<br />
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-esapi '''Subscription Page''']<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"><br />
Introduce everyone to the idea and cost-benefits of an ESAPI. <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] <br />
| style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5, 2008 <br>1:00 PM<br />
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees" <br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
<br />
{|style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="left"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES''' <br />
|-<br />
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions <br />
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group''' <br />
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|A volunteer to lead the 'marketing' campaign for ESAPI. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Prioritized list of marketing ideas for the ESAPI concept. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Prioritized list of ideas for improving the API. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|}<br />
== Working Session Participants ==<br />
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS''' <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|'''Name'''<br />
| style="width:15%; background:#cccccc" align="center"|'''Company'''<br />
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|1<br />
| style="width:15%; background:#cccccc" align="center"|Matt Tesauro<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Live CD Project Lead<br />
| style="width:63%; background:#cccccc" align="center"|Curious about how various "ports" should be handled (lang != Java) <br> Run them as separate projects or sub-projects. How are they synchronized, if at all? What state are they in? How bad will the browbeating be?<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|2<br />
| style="width:15%; background:#cccccc" align="center"|Andrea Cogliati<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY<br />
| style="width:63%; background:#cccccc" align="center"|Interested in porting to other platforms (Ruby&Rails) and in integration issues with existing framework (Struts, Spring, ...)<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|3<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|4<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|5<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|6<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"| <br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|7<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|8<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|9<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|10<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|}<br />
If needed add here more lines.<br />
<br />
[[Category:OWASP_Working_Session]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_Working_Session_Top_10_2009&diff=44305OWASP Working Session Top 10 20092008-10-21T18:03:48Z<p>Sir W: /* Working Session Participants */</p>
<hr />
<div>{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Top 10 2009'''<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|Aims to provide a key awareness document for web application security.<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:dave.wichers(at)owasp.org '''Dave Wichers''']<br />
| style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams''']<br />
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-topten '''Subscription Page''']<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"><br />
* Discuss current Top10 structure and objectives,<br />
* Identify which information sources will be considered for analysis, Eg:<br />
** MITRE<br />
** Compromise DB's (Attrition, WASC etc) and bias due to reporting<br />
** Anonomised penetration test results and the difficulty in obtaining<br />
* Define methodology to collect attacks statistics,<br />
* Define prioritisation approach<br />
** Agree weighting between current or emerging threats<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] <br />
| style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5 & 7, 2008<br>Time TBD<br />
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees"<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
<br />
{|style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="left"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.<br />
<br />
Potential Resources:<br />
<br />
* [http://cve.mitre.org/cve/ MITRE's Common Vulnerability Enumeration (CVE) Database]<br />
<br />
* The [http://www.webappsec.org/projects/whid/whid.shtml WASC Web Hacking Incidents Database]<br />
<br />
* The [http://www.webappsec.org/projects/statistics/ 2007 WASC Web Application Security Statistics Report]<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES''' <br />
|-<br />
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions <br />
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group''' <br />
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"| <br />
| style="width:46%; background:#C2C2C2" align="center"|The sources of input for the 2009 Top 10 will be identified.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"| <br />
| style="width:46%; background:#C2C2C2" align="center"|The ordering scheme for the Top 10 will be determined.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Discussion of whether the existing document structure should be maintained or adjusted.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|}<br />
== Working Session Participants ==<br />
(Add your name by editing this table. On the right, just above this frame, you have the option to edit)<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS''' <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|'''Name'''<br />
| style="width:15%; background:#cccccc" align="center"|'''Company'''<br />
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|1<br />
| style="width:15%; background:#cccccc" align="center"|Paolo Perego<br />
| style="width:15%; background:#cccccc" align="center"|Spike Reply<br />
| style="width:63%; background:#cccccc" align="center"|As penetration tester it woud be great to me to participating in writing the new Top 10. As code reviewer and Orizon project leader it would be very interesting in scouting dynamic threats in order to add some dynamic feature to my tool.<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|2<br />
| style="width:15%; background:#cccccc" align="center"|David Campbell<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Denver<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|3<br />
| style="width:15%; background:#cccccc" align="center"|Robert Mann<br />
| style="width:15%; background:#cccccc" align="center"|RBS / ABN AMRO<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|4<br />
| style="width:15%; background:#cccccc" align="center"|Troy Leach<br />
| style="width:15%; background:#cccccc" align="center"|[https://www.pcisecuritystandards.org/ PCI Security Standards Council]<br />
| style="width:63%; background:#cccccc" align="center"|Technical Director<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|5<br />
| style="width:15%; background:#cccccc" align="center"|Eoin Keary<br />
| style="width:15%; background:#cccccc" align="center"|Ernst & Young. Long time OWASP member (Code and Testing guides)<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|6<br />
| style="width:15%; background:#cccccc" align="center"| Matteo Meucci<br />
| style="width:15%; background:#cccccc" align="center"| Minded Security<br />
| style="width:63%; background:#cccccc" align="center"| I'd like to discuss about a new way to create the Top10 from the OWASP Community<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|7<br />
| style="width:15%; background:#cccccc" align="center"|Giorgio Fedon<br />
| style="width:15%; background:#cccccc" align="center"|Minded Security<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|8<br />
| style="width:15%; background:#cccccc" align="center"|Andrea Cogliati<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY<br />
| style="width:63%; background:#cccccc" align="center"|I volunteered as a technical writer<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|9<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|10<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|}<br />
If needed add here more lines.<br />
<br />
[[Category:OWASP_Working_Session]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_Working_Session_-_PASSWD_Metrics_and_Vulnerabilities&diff=44304OWASP Working Session - PASSWD Metrics and Vulnerabilities2008-10-21T18:02:33Z<p>Sir W: /* Working Session Participants */</p>
<hr />
<div>{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''PASSWD Metrics and Vulnerabilities'''<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|how to create a model that will help in predicting and monitoring the security of an application.<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<br />
[[:OWASP Top Ten Project]]<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:Lucilla.Mancini(at)business-e.it '''Lucilla Mancini'''] <br />
| style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:name(at)name '''TBD''']<br />
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/ws-arca-metrics-vulnerabilities '''Subscription Page''']<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"><br />
* Create a structured model that uses metrics for improving application security while reducing costs<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] <br />
| style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 4, 2008 <br>Time TBD<br />
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Everybody is a Participant" <br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{|style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|post-it's, White bond paper sheets<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="left"|<br />
If you have participated in any translation in any place other project (OWASP or non OWASP) bring your experiences. If you don't have experience, but just one or two good ideas, you are very welcome as well.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES''' <br />
|-<br />
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions <br />
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group''' <br />
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Fill in here. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Fill in here. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|}<br />
== Working Session Participants ==<br />
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS''' <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|'''Name'''<br />
| style="width:15%; background:#cccccc" align="center"|'''Company'''<br />
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|1<br />
| style="width:15%; background:#cccccc" align="center"|Massimo Biagiotti<br />
| style="width:15%; background:#cccccc" align="center"|E-Business<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|2<br />
| style="width:15%; background:#cccccc" align="center"|Andrea Cogliati<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY<br />
| style="width:63%; background:#cccccc" align="center"|General interest toward Application Security metrics<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|3<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|4<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|5<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|6<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"| <br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|7<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|8<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|9<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|10<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|}<br />
If needed add here more lines.<br />
<br />
[[Category:OWASP_Working_Session]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_EU_Summit_2008--PRESS&diff=44289OWASP EU Summit 2008--PRESS2008-10-21T15:32:51Z<p>Sir W: Italian Browser Security PR added</p>
<hr />
<div>[[:OWASP EU Summit 2008|'''Please click here to return to the OWASP EU Summit Portugal 2008 main page''']].<br />
<br />
== Press Releases ==<br />
<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PRESS RELEASE IDENTIFICATION''' <br />
|-<br />
| style="width:16%; background:#7B8ABD" align="center"|'''Subject/Date'''<br />
| colspan="7" style="width:84%; background:#b3b3b3" align="left"|<font color="black">'''October 13th, 2008/OWASP European Summit''' <br />
|-<br />
| style="width:16%; background:#7B8ABD" align="center"|'''Language Versions '''<br />
| style="width:12%; background:#cccccc" align="center"|'''English'''<br>Click [[OWASP EU Summit 2008 PR English|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Portugal'''<br>Please click [https://www.owasp.org/images/f/f2/PRESS_RELEASE_PT.pdf here] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Brazil'''<br>Please click [http://convisosec.com/PublicDocuments/OWASP/owaspeusummitpressreleasebr.pdf here] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Spanish'''<br>Click [[OWASP EU Summit 2008 ES Spanish|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''French'''<br>Click [[OWASP EU Summit 2008 PR French|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Turkish'''<br>Click [[OWASP EU Summit 2008 TR Turkish|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Italian'''<br>Click [[OWASP EU Summit 2008 PR Italian|here]] to see.<br />
|-<br />
| style="width:16%; background:#7B8ABD" align="center"|'''Subject/Date'''<br />
| colspan="7" style="width:84%; background:#b3b3b3" align="left"|<font color="black">'''October 15th, 2008/OWASP teams up with browser developers to increase security on the web''' <br />
|-<br />
| style="width:14%; background:#7B8ABD" align="center"|'''Language Versions '''<br />
| style="width:12%; background:#cccccc" align="center"|'''English'''<br>Click [[OWASP EU Summit 2008 PR Browser|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Portugal'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Brazil'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Spanish'''<br />
| style="width:12%; background:#cccccc" align="center"|'''French'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Turkish'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Italian''' <br/> Click [[OWASP EU Summit 2008 PR Browser Italian|here]] to see<br />
|}<br />
<br />
== Press registration ==<br />
<br />
Press registration is open to any member of the broadcast, print and Internet media who can prove they work for an organization or publication that covers computer security on a regular basis. At the conference we will provide a press room with Internet access and electrical outlets for laptop computers. If you need a separate room for filming interviews, please request it in advance in the comments section. Let us know if there are any other special needs such as speakers you want to interview when you arrive or other items such as computer access to file stories or a fax machine.<br />
<br />
<br />
We welcome anyone to apply for press credentials but reserve the right to deny you a pass. As such, please be prepared to show us copies of your articles either at your publication's Web site or on the publication's masthead should we request it.<br />
<br />
<br />
At the show, please be able to present a business card, and government issued picture id, article on your organization's masthead and contact information for your assignment editor should we need it to validate your credentials before issuing you a pass.<br />
<br />
<br />
Press registration may be granted for the conference and working sessions seminars only. There are no press passes available for Training.<br />
<br />
<br />
Please make a point to pre-register. Should you attempt to attain credentials on-site, we cannot guarantee you will qualify and must bring all information in the above paragraph.<br />
<br />
To register please ask [mailto:kate.hartmann(at)owasp.org Kate Hartmann] for a password and use: [http://guest.cvent.com/i.aspx?4W,M3,35818773-e14b-4d8e-8db8-5e14a6285a3d http://www.owasp.org/images/7/7f/Register.gif]<br />
<br />
== Media Resources for Working Sessions ==<br />
The following text is being provided by the chairs from each of the [[OWASP EU Summit 2008#WORKING_SESSIONS_-_November_4th_.26_5th_.28Tue.2C_Wed.29]]. It explains why the working session is important, why it matters to the industry and what might be the beneficial outcomes. We hope to have public/industry information from all the working sessions here in due course for advanced publicity purposes.<br />
<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Documentation Projects<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | The working session on OWASP Documentation Projects is a great chance to understand how the set of OWASP related documents can be used as a toolset to promote security on software development and management. The outcomes from PCI DSS v.1.2 and other standards that will come form the market, shows how important is to understand the importance of protection measures on coding and how these actions will come back in high quality products that can reach the market in a more adequate fashion.<br />
<br />
The outcomes will promote OWASP documents in the market and to be part of it will make the difference for your company, your career and your personal contribution for the security community.<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Documentation_Projects]]<br />
|-<br />
|}<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Tools Projects<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" |<br />
The working session for OWASP Tools will address standards for Tool development at OWASP. This is will include standards for documentation, supporting tools via Books, How-Tos, Webcasts, Podcasts. We will also dive deep into the OWASP Project Assessment. <br />
<br />
This session is for toolmakers who want to make better tools. <br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Tools_Projects]]<br />
|-<br />
|}<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP .NET Project<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | OWASP secures .NET web applications and services. This working session will promote the OWASP .NET initiative, and discuss the roadmap for OWASP .NET for 2009. Additional objectives include discussing vulnerability research, application review and guidance for .NET and Mono (Open Source .NET) projects.<br />
Are we protecting .NET/Mono developers? Is there adequate security guidance and vulnerability research for technology platforms, frameworks, community software, including:<br />
* ASP.NET Data Services<br />
* ASP.NET MVC<br />
* Sharepoint<br />
* Silverlight<br />
* Community Server<br />
* Wikipedia Search (Mono)<br />
* DekiWiki (Mono)<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP Working Session - .NET Project]]<br />
|-<br />
|}<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Education Project<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | <br />
There is plenty of knowledge available inside the OWASP community, spread via the wiki, Conferences, chapter meetings and not to forget the books.<br />
<br />
Another important way to distribute the available knowledge is though education! <br />
<br />
The Summit Working Session on Education will cover important aspects such as:<br />
* How to improve knowledge transfer from OWASP projects towards the community,<br />
* How to create training material (lessons, classes, courses) from OWASP project material?<br />
* How to set up an OWASP education baseline,<br />
* How to setup an OWASP Boot Camp,<br />
* How to connect to organisation to promote OWASP education content: e.g. universities, other non-profit (or profit?) education organisations,<br />
* How to organize the OWASP / Conference trainings to make them the best in the world?<br />
* Can we integrate this into OWASP certification projects?<br />
* How to setup an OWASP Boot Camp?<br />
<br />
This working session is the ideal opportunity to build further on the shoulders of giants and spread OWASP's solutions through the education project!<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_Education_Project]]<br />
|-<br />
|}<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Awards<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | <br />
Governments, businesses and people rely on the Internet - the Internet has almost become something we cannot live without. But the Internet suffers from one terrible flaw: it's insecure. It's insecure because we've<br />
rushed into creating a global network of computers without making sure we knew what we were<br />
doing. The Open Web Application Security Project (OWASP) is a global open community dedicated to<br />
enabling organisations to develop, purchase, and maintain applications that can be trusted. All of the<br />
OWASP tools, documents, forums, and chapters are free and open to anyone interested in<br />
improving application security.<br />
<br />
There are people and groups working in this area who are doing battle for all of us every day, yet many are<br />
unknown outside their own specialist areas. The proposed OWASP Awards could be used to thank and recognise outstanding contributions,<br />
identify those who are raising security awareness and highlight those supporting security initiatives such as <br />
promoting better practices.<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Awards]]<br />
|-<br />
|}<br />
<br />
== Media Resources for Training Courses ==<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | Flash Security Training<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | <br />
<br />
Flash security is hot. Just look at the hysteria around 'ClickJacking'.There are 2 Flash related security trainings at the summit covering Flash Security: [[OWASP_EU_Summit_2008_Training#Flash_Player_Security|Flash Player Security]] and [[OWASP_EU_Summit_2008_Training#Auditing_Flash_Applications|Auditing Flash Applications]]. These courses and the [[:Category:OWASP Flash Security Project|OWASP Flash Security project]] aim to share a knowledge base in order to raise awareness around the subject of Flash applications security.<br />
<br />
The courses provide an overview of the Flash Player security model and common architectures for Flash deployment. <br />
The course is targeted at people who need to understand the fundamentals of Flash Player security and how it will affect their website such as CSOs, web designers, Flash authors, web-site auditors and web architects. <br />
The goal of the course is to provide the student with the enough information to architect and audit a secure Flash deployment. <br />
<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Training Page || style="background:#C2C2C2" | [[OWASP_EU_Summit_2008_Training]]<br />
|-<br />
|}</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_EU_Summit_2008_PR_Browser_Italian&diff=44288OWASP EU Summit 2008 PR Browser Italian2008-10-21T15:31:23Z<p>Sir W: Italian Browser Security Press Release</p>
<hr />
<div>= Press Release: Workshop sulla sicurezza dei browser =<br />
<br />
'''Press Release: OWASP incontra gli sviluppatori di browser per migliorare la sicurezza del web'''<br />
<br />
''Algarve/Portogallo - 4-7 Novembre 2008''<br />
<br />
'''OWASP invita gli sviluppatori di web browser a prendere parte al proprio Summit in Portogallo'''<br />
<br />
OWASP, Open Web Application Security Project, incontra i gruppi di sviluppatori di browser per incrementare la sicurezza del World Wide Web. Tutti i team di sviluppo di browser sono stati invitati a prendere parte all’OWASP European Summit che si terrà a Novembre in Portogallo.<br />
<br />
Il Summit ospiterà il workshop Intrinsic Security Working Group sulla Sicurezza dei Browser che raccoglierà insieme gli esperti mondiali di sicurezza e i gruppi di sviluppo dei browser allo scopo di facilitare l’introduzione di caratteristiche di sicurezza all’interno dei browser che tutti i nostri clienti utilizzano oltre al miglioramento delle specifiche e degli standard a cui noi ci affidiamo.<br />
<br />
Il Workshop sulla Sicurezza dei Browser ha l’obiettivo di produrre una lista dei desideri e un elenco di argomenti sul linguaggio HTML e sulla sicurezza dei browser da proporre al World Wide Web Consortium.<br />
<br />
Per maggiori informazioni sull’OWASP EU Summit, consultare il sito web del Summit all’indirizzo: http://www.owasp.org/index.php/OWASP_EU_Summit_2008<br />
<br />
Contatto:<br/> <br />
Kate Hartmann<br/><br />
OWASP Operations Director<br/><br />
9175 Guilford Road, Suite 300<br/><br />
Columbia, MD 21046, USA<br/><br />
Telefono: +1-301-575-0189<br/><br />
Fax: +1-301-604-8033<br/><br />
Email: kate.hartmann@owasp.org<br/></div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_EU_Summit_2008--PRESS&diff=44285OWASP EU Summit 2008--PRESS2008-10-21T15:15:59Z<p>Sir W: Italian PR added</p>
<hr />
<div>[[:OWASP EU Summit 2008|'''Please click here to return to the OWASP EU Summit Portugal 2008 main page''']].<br />
<br />
== Press Releases ==<br />
<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PRESS RELEASE IDENTIFICATION''' <br />
|-<br />
| style="width:16%; background:#7B8ABD" align="center"|'''Subject/Date'''<br />
| colspan="7" style="width:84%; background:#b3b3b3" align="left"|<font color="black">'''October 13th, 2008/OWASP European Summit''' <br />
|-<br />
| style="width:16%; background:#7B8ABD" align="center"|'''Language Versions '''<br />
| style="width:12%; background:#cccccc" align="center"|'''English'''<br>Click [[OWASP EU Summit 2008 PR English|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Portugal'''<br>Please click [https://www.owasp.org/images/f/f2/PRESS_RELEASE_PT.pdf here] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Brazil'''<br>Please click [http://convisosec.com/PublicDocuments/OWASP/owaspeusummitpressreleasebr.pdf here] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Spanish'''<br>Click [[OWASP EU Summit 2008 ES Spanish|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''French'''<br>Click [[OWASP EU Summit 2008 PR French|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Turkish'''<br>Click [[OWASP EU Summit 2008 TR Turkish|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Italian'''<br>Click [[OWASP_EU_Summit_2008_PR_Italian|here]] to see.<br />
|-<br />
| style="width:16%; background:#7B8ABD" align="center"|'''Subject/Date'''<br />
| colspan="7" style="width:84%; background:#b3b3b3" align="left"|<font color="black">'''October 15th, 2008/OWASP teams up with browser developers to increase security on the web''' <br />
|-<br />
| style="width:14%; background:#7B8ABD" align="center"|'''Language Versions '''<br />
| style="width:12%; background:#cccccc" align="center"|'''English'''<br>Click [[OWASP EU Summit 2008 PR Browser|here]] to see.<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Portugal'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Portuguese/Brazil'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Spanish'''<br />
| style="width:12%; background:#cccccc" align="center"|'''French'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Turkish'''<br />
| style="width:12%; background:#cccccc" align="center"|'''Italian'''<br />
|}<br />
<br />
== Press registration ==<br />
<br />
Press registration is open to any member of the broadcast, print and Internet media who can prove they work for an organization or publication that covers computer security on a regular basis. At the conference we will provide a press room with Internet access and electrical outlets for laptop computers. If you need a separate room for filming interviews, please request it in advance in the comments section. Let us know if there are any other special needs such as speakers you want to interview when you arrive or other items such as computer access to file stories or a fax machine.<br />
<br />
<br />
We welcome anyone to apply for press credentials but reserve the right to deny you a pass. As such, please be prepared to show us copies of your articles either at your publication's Web site or on the publication's masthead should we request it.<br />
<br />
<br />
At the show, please be able to present a business card, and government issued picture id, article on your organization's masthead and contact information for your assignment editor should we need it to validate your credentials before issuing you a pass.<br />
<br />
<br />
Press registration may be granted for the conference and working sessions seminars only. There are no press passes available for Training.<br />
<br />
<br />
Please make a point to pre-register. Should you attempt to attain credentials on-site, we cannot guarantee you will qualify and must bring all information in the above paragraph.<br />
<br />
To register please ask [mailto:kate.hartmann(at)owasp.org Kate Hartmann] for a password and use: [http://guest.cvent.com/i.aspx?4W,M3,35818773-e14b-4d8e-8db8-5e14a6285a3d http://www.owasp.org/images/7/7f/Register.gif]<br />
<br />
== Media Resources for Working Sessions ==<br />
The following text is being provided by the chairs from each of the [[OWASP EU Summit 2008#WORKING_SESSIONS_-_November_4th_.26_5th_.28Tue.2C_Wed.29]]. It explains why the working session is important, why it matters to the industry and what might be the beneficial outcomes. We hope to have public/industry information from all the working sessions here in due course for advanced publicity purposes.<br />
<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Documentation Projects<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | The working session on OWASP Documentation Projects is a great chance to understand how the set of OWASP related documents can be used as a toolset to promote security on software development and management. The outcomes from PCI DSS v.1.2 and other standards that will come form the market, shows how important is to understand the importance of protection measures on coding and how these actions will come back in high quality products that can reach the market in a more adequate fashion.<br />
<br />
The outcomes will promote OWASP documents in the market and to be part of it will make the difference for your company, your career and your personal contribution for the security community.<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Documentation_Projects]]<br />
|-<br />
|}<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Tools Projects<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" |<br />
The working session for OWASP Tools will address standards for Tool development at OWASP. This is will include standards for documentation, supporting tools via Books, How-Tos, Webcasts, Podcasts. We will also dive deep into the OWASP Project Assessment. <br />
<br />
This session is for toolmakers who want to make better tools. <br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Tools_Projects]]<br />
|-<br />
|}<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP .NET Project<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | OWASP secures .NET web applications and services. This working session will promote the OWASP .NET initiative, and discuss the roadmap for OWASP .NET for 2009. Additional objectives include discussing vulnerability research, application review and guidance for .NET and Mono (Open Source .NET) projects.<br />
Are we protecting .NET/Mono developers? Is there adequate security guidance and vulnerability research for technology platforms, frameworks, community software, including:<br />
* ASP.NET Data Services<br />
* ASP.NET MVC<br />
* Sharepoint<br />
* Silverlight<br />
* Community Server<br />
* Wikipedia Search (Mono)<br />
* DekiWiki (Mono)<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP Working Session - .NET Project]]<br />
|-<br />
|}<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Education Project<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | <br />
There is plenty of knowledge available inside the OWASP community, spread via the wiki, Conferences, chapter meetings and not to forget the books.<br />
<br />
Another important way to distribute the available knowledge is though education! <br />
<br />
The Summit Working Session on Education will cover important aspects such as:<br />
* How to improve knowledge transfer from OWASP projects towards the community,<br />
* How to create training material (lessons, classes, courses) from OWASP project material?<br />
* How to set up an OWASP education baseline,<br />
* How to setup an OWASP Boot Camp,<br />
* How to connect to organisation to promote OWASP education content: e.g. universities, other non-profit (or profit?) education organisations,<br />
* How to organize the OWASP / Conference trainings to make them the best in the world?<br />
* Can we integrate this into OWASP certification projects?<br />
* How to setup an OWASP Boot Camp?<br />
<br />
This working session is the ideal opportunity to build further on the shoulders of giants and spread OWASP's solutions through the education project!<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_Education_Project]]<br />
|-<br />
|}<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Awards<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | <br />
Governments, businesses and people rely on the Internet - the Internet has almost become something we cannot live without. But the Internet suffers from one terrible flaw: it's insecure. It's insecure because we've<br />
rushed into creating a global network of computers without making sure we knew what we were<br />
doing. The Open Web Application Security Project (OWASP) is a global open community dedicated to<br />
enabling organisations to develop, purchase, and maintain applications that can be trusted. All of the<br />
OWASP tools, documents, forums, and chapters are free and open to anyone interested in<br />
improving application security.<br />
<br />
There are people and groups working in this area who are doing battle for all of us every day, yet many are<br />
unknown outside their own specialist areas. The proposed OWASP Awards could be used to thank and recognise outstanding contributions,<br />
identify those who are raising security awareness and highlight those supporting security initiatives such as <br />
promoting better practices.<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Awards]]<br />
|-<br />
|}<br />
<br />
== Media Resources for Training Courses ==<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | Flash Security Training<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | <br />
<br />
Flash security is hot. Just look at the hysteria around 'ClickJacking'.There are 2 Flash related security trainings at the summit covering Flash Security: [[OWASP_EU_Summit_2008_Training#Flash_Player_Security|Flash Player Security]] and [[OWASP_EU_Summit_2008_Training#Auditing_Flash_Applications|Auditing Flash Applications]]. These courses and the [[:Category:OWASP Flash Security Project|OWASP Flash Security project]] aim to share a knowledge base in order to raise awareness around the subject of Flash applications security.<br />
<br />
The courses provide an overview of the Flash Player security model and common architectures for Flash deployment. <br />
The course is targeted at people who need to understand the fundamentals of Flash Player security and how it will affect their website such as CSOs, web designers, Flash authors, web-site auditors and web architects. <br />
The goal of the course is to provide the student with the enough information to architect and audit a secure Flash deployment. <br />
<br />
|-<br />
| style="width:15%; background:#7B8ABD" valign="top" | Training Page || style="background:#C2C2C2" | [[OWASP_EU_Summit_2008_Training]]<br />
|-<br />
|}</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_EU_Summit_2008_PR_Italian&diff=44284OWASP EU Summit 2008 PR Italian2008-10-21T15:10:50Z<p>Sir W: Italian Summit Press Release</p>
<hr />
<div>Definire l'agenda 2009 per la Sicurezza delle Applicazioni Web: OWASP ti invita al proprio Summit in Portogallo http://www.owasp.org/index.php/OWASP_EU_Summit_2008.<br />
<br />
Con l'obiettivo di 'Definire l'agenda WebAppSec per il 2009', il Summit OWASP è un incontro mondiale di leader OWASP e persone chiave dell'industria per presentare e discutere le ultime novità OWASP in fatto di tool, documentazione e trend della sicurezza delle applicazioni. Unisciti a noi in Portogallo fra un paio di settimane! Questa sede ospita una vasta selezioni di corsi di formazione, assieme a un percorso tecnico e ad uno di business che la rendono IL posto dove apprendere tutto quanto riguarda la sicurezza delle applicazioni web e le risorse che OWASP rende oggi disponibili.<br />
<br />
OWASP (Open Web Application Security Project) è una organizzazione no-profit nata con lo scopo di supportare chi lavora nel campo della sicurezza delle applicazioni web nel mondo ed ha già erogato più di 250.000 dollari di fondi per la ricerca. Oltre a più di 40 presentazioni tenute dai leader OWASP e dai destinatari dei fondi, il summit ospiterà numerose sessioni di lavoro destinate a migliorare la collaborazione, raggiungere obiettivi specifici e identificare la rotta per progetti, sedi locali e per l'intera comunità OWASP.<br />
<br />
Per facilitare questo evento, l'OWASP sta investendo 150.000 dollari che saranno usati per coprire le spese di viaggio e alloggio per i leader OWASP, partecipanti attivi e persone chiave nell'industria. Con la loro presenza confermata (vedi la lista a: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA), il summit OWASP garantirà un ambiente rilassato ma professionale dove incontrare, discutere, influenzare e contribuire ai progetti OWASP.<br />
<br />
Il summit OWASP ospiterà inoltre una vasta gamma di corsi di formazione che vanno a coprire un ampio spettro di argomenti riguardanti la sicurezza delle applicazioni web e progetti OWASP.<br />
<br />
Questo incredibile risultato per OWASP è reso possibile solo dalla collaborazione attiva di numerose persone e organizzazioni nel mondo intero. In questo spirito di cooperazione, OWASP invita tutti i suoi membri e chiunque sia interessato, individui e societa', a partecipare a questo emozionante evento. Unisciti a noi e aiutaci a definire l'agenda 2009 per la sicurezza delle applicazioni web!<br />
<br />
Ci sono anche alcune opportunità di sponsorizzazione dell'evento (vedi http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors). Non perdere l'opportunità di associare il tuo marchio a questo evento di rilevanza mondiale!<br />
<br />
Di seguito sono riportati ulteriori dettagli riguardanti il Summit. Per tutte le informazioni in merito e per annunci dell’ultima ora, visita il sito del Summit: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.<br />
<br />
'''Progetti'''<br />
I progetti OWASP selezionati per la presentazione al summit includono nuovi documenti e strumenti innovativi per aiutare gli sviluppatori, architetti software e specialisti della sicurezza a rendere più sicure le applicazioni:<br />
<br />
* Application Security Verification Standard,<br />
* Code review guide, V1.1,<br />
* Ruby on Rails Security Guide v2,<br />
* Securing WebGoat using ModSecurity,<br />
* Testing Guide v3,<br />
* GTK+ GUI for w3af project,<br />
* Access Control Rules Tester,<br />
* AntiSamy .NET,<br />
* Live CD & DVD Project,<br />
* OpenPGP Extensions for HTTP,<br />
* Orizon Project,<br />
* Python Static Analysis,<br />
* WebScarab-NG, <br />
* E molti, molti altri!<br />
<br />
'''Sessioni di lavoro'''<br />
<br />
Anticipando la presenza di persone chiave nell’industria della sicurezza delle applicazioni, le Sessioni di Lavoro copriranno un ampio ventaglio di argomenti, tra i quali:<br />
<br />
* OWASP Top 10 2009, <br />
* Browser Security,<br />
* Web Application Framework Security, <br />
* Enterprise Security API Project, <br />
* Best Practices for OWASP Chapter Leaders, <br />
* OWASP Documentation Projects, <br />
* OWASP Tools Projects, <br />
* OWASP Education Project, <br />
* OWASP Strategic Planning for 2009, <br />
* OWASP Certification,<br />
* OWASP Winter of Code 2009<br />
* Two-way Internationalization of OWASP Content<br />
* E molto altro!<br />
<br />
'''Formazione'''<br />
<br />
I seguenti corsi da 2, 1 o mezza giornata coprono i principali argomenti relativi alla sicurezza delle applicazioni web e ai progetti OWASP:<br />
<br />
* OWASP Top 10 - What Developers Should Know on Web Application Security<br />
* Uncovering WebScarab's Secret Treasures<br />
* Securing WebGoat with ModSecurity <br />
* Secure Programming with Java <br />
* Advanced Web Application Security Testing <br />
* Building Secure Web 2.0 Applications<br />
* Building Secure Web Services<br />
* Building Secure Web Applications with OWASP's Enterprise Security API (ESAPI)<br />
* Classic ASP Security using OWASP tools <br />
* Web Application Assessments<br />
* Hacking Owasp Orizon Project v1.0<br />
* Ajax Security<br />
* Practical Penetration Testing: Think Like an Attacker to Stop Attacks<br />
* Linux Software Exploitation<br />
* Web server/services hardening using SELinux<br />
<br />
<br />
Contatto:<br />
<br />
Kate Hartmann<br/><br />
OWASP Operations Director<br/><br />
9175 Guilford Road, Suite 300<br/><br />
Columbia, MD 21046, USA<br/><br />
Telefono: +1-301-575-0189<br/><br />
Fax: +1-301-604-8033<br/><br />
Email: kate.hartmann@owasp.org<br/></div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=40339Rochester2008-09-17T21:31:50Z<p>Sir W: September meeting details</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''September Meeting Details'''<br />
<br />
September meeting will be held on '''Monday September 22nd, 6pm at Bryant & Stratton College''' and will feature a videoconference with '''Jeff Williams''', world famous webappsec guru, on verb tampering, EASPI library and the future of OWASP. '''You can't miss this one!'''<br />
<br />
'''Presenter:''' Jeff Williams<br />
<br />
'''Topic:''' Verb tampering and ESAPI<br />
<br />
'''Bio:''' Jeff Williams is one of the major contributors in webappsec community. He has written many whitepapers, spoken at many conferences including Secure Software Summit, OWASP conferences, ISSA InfoSec Conference, NSA High Confidence Software and Systems Conference (HCSS), JavaOne, National Computer Security Conference (NCSC), etc, worked on several projects and written many tools available at OWASP (including creating the OWASP Top 10, WebGoat, Stinger, Secure Software Contract Annex, Honeycomb Project and the Enterprise Security API). Jeff has done a lot of work in promoting awareness of web application security. He's CEO of Aspect Security and also volunteers as chairs of OWASP Foundation. You can find more about him on [http://myappsecurity.blogspot.com/2007/03/reflection-on-jeff-williams.html his blog].<br />
<br />
<br />
'''Abstract:''' The ESAPI is a free and open collection of all the security methods that a developer needs to build a secure web application. You can just use the interfaces and build your own implementation using your company's infrastructure. Or, you can use the reference implementation as a starting point. In concept, the API is language independent. However, the first deliverables from the project are a Java API and a Java reference implementation. Efforts to build ESAPI in .NET and PHP are already underway. Unfortunately, the available platforms, frameworks, and toolkits (Java EE, Struts, Spring, etc...) simply do not provide enough protection. This leaves developers with responsibility for designing and building security mechanisms. This reinventing the wheel for every application leads to wasted time and massive security holes.<br />
The cost savings through reduced development time, and the increased security due to using heavily analyzed and carefully designed security methods provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques. This API is designed to automatically take care of many aspects of application security, making these issues invisible to the developers.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=38866Rochester2008-09-08T14:03:02Z<p>Sir W: Added Digital Rochester's Get Connected!</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''September Meeting Details'''<br />
<br />
In September we'll have a presentation by Jeff Williams, OWASP co-founder and world-recognized expert on Web Application Security. His presentation is tentatively scheduled for Monday September 22nd at 6pm at Bryant & Stratton College.<br />
<br />
'''Digital Rochester's Get Connected!'''<br />
<br />
We've been invited by Digital Rochester to be part of their September 9th<br />
networking event. Get Connected! is Digital Rochester's annual event that<br />
gathers a select group of networking and service organizations from around<br />
the region in order to make connections that can benefit the greater<br />
Rochester community. Some are hard-core techies, others more social, many<br />
have a mission that could inspire you to get involved! Come to learn more<br />
about the organizations and to meet some of Rochester's most interesting<br />
professionals as we all Get Connected!<br />
<br />
: <b>Tuesday Sep 9th 5:30pm - 8:00 pm</b> at Village Gate, 2nd floor atrium, 274 North Goodman St ([http://maps.google.com/maps?f=q&hl=en&geocode=&q=274+North+Goodman+St+rochester+ny&sll=37.0625,-95.677068&sspn=51.488837,94.130859&ie=UTF8&z=16&iwloc=addr&om=1 Google Map])<br />
<br />
Over twenty groups will be there to share information about their<br />
organizations and the ways in which people can get involved with some of<br />
their activities. We'll have a table, but as you mix with the crowd, be<br />
sure to help us spread the word about OWASP!<br />
<br />
There's no charge to attend. For more info visit [http://www.digitalrochester.com/details.php Get Connected!] web site.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=35920Rochester2008-08-13T13:46:09Z<p>Sir W: Added September details</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''September Meeting Details'''<br />
<br />
In September we'll have a presentation by Jeff Williams, OWASP co-founder and world-recognized expert on Web Application Security. His presentation is tentatively scheduled for Monday September 22nd at 6pm at Bryant & Stratton College.<br />
<br />
'''August'''<br />
<br />
We won't have any meetings in August. See you in September.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:New York]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=32465Rochester2008-06-26T19:27:34Z<p>Sir W: Corrected RSVP</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''July Meeting Details'''<br />
<br />
In July we'll have a joint meeting with [http://www.rochissa.org/ Rochester ISSA chapter]. <b>This meeting will start at 5:30pm</b> instead of usual 6pm. Please RSVP to [mailto:info@rochissa.org info@rochissa.org] or call 585-319-4853 to speed up admission process.<br />
<br />
* <b>Date</b> July 21, 5:30pm-7:30pm<br />
* <b>Location</b> RG&E - 89 East Avenue, 1st Floor Conference Room - Rochester, NY 14649 - Free parking is in the gated west lot next to the RG&E Building.<br />
* <b>Title</b> Input Validation: The root of all evil<br />
* <b>Abstract</b> A brief definition and overview of input validation. Review of common input validation strategies. Concluding with examples of issues resulting from weak or non-existent input validation, including examples of corrective validation solutions.<br />
* <b>Presenter</b> Duane Peifer<br />
Duane is a Senior Systems Engineer at UberGuard Information Security, LLC, in Avon, NY, were he provides UberGuard's customers with technical consulting and web site security assessments and penetration tests. He holds a B.S. in Computer Science from Rochester Institute of Technology and has 15 years of Systems Engineering and Project Management<br />
experience. Duane is also the co-owner of UberScan, LLC, a startup software development company.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=32464Rochester2008-06-26T19:24:38Z<p>Sir W: Added RSVP</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''July Meeting Details'''<br />
<br />
In July we'll have a joint meeting with [http://www.rochissa.org/ Rochester ISSA chapter]. <b>This meeting will start at 5:30pm</b> instead of usual 6pm. Please RSVP to [mailto:andreac@dollos.it Andrea Cogliati] to speed up admission process.<br />
<br />
* <b>Date</b> July 21, 5:30pm-7:30pm<br />
* <b>Location</b> RG&E - 89 East Avenue, 1st Floor Conference Room - Rochester, NY 14649 - Free parking is in the gated west lot next to the RG&E Building.<br />
* <b>Title</b> Input Validation: The root of all evil<br />
* <b>Abstract</b> A brief definition and overview of input validation. Review of common input validation strategies. Concluding with examples of issues resulting from weak or non-existent input validation, including examples of corrective validation solutions.<br />
* <b>Presenter</b> Duane Peifer<br />
Duane is a Senior Systems Engineer at UberGuard Information Security, LLC, in Avon, NY, were he provides UberGuard's customers with technical consulting and web site security assessments and penetration tests. He holds a B.S. in Computer Science from Rochester Institute of Technology and has 15 years of Systems Engineering and Project Management<br />
experience. Duane is also the co-owner of UberScan, LLC, a startup software development company.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=32463Rochester2008-06-26T19:21:57Z<p>Sir W: July meeting, all info</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''July Meeting Details'''<br />
<br />
In July we'll have a joint meeting with [http://www.rochissa.org/ Rochester ISSA chapter]. <b>This meeting will start at 5:30pm</b> instead of usual 6pm.<br />
<br />
* <b>Date</b> July 21, 5:30pm-7:30pm<br />
* <b>Location</b> RG&E - 89 East Avenue, 1st Floor Conference Room - Rochester, NY 14649 - Free parking is in the gated west lot next to the RG&E Building.<br />
* <b>Title</b> Input Validation: The root of all evil<br />
* <b>Abstract</b> A brief definition and overview of input validation. Review of common input validation strategies. Concluding with examples of issues resulting from weak or non-existent input validation, including examples of corrective validation solutions.<br />
* <b>Presenter</b> Duane Peifer<br />
Duane is a Senior Systems Engineer at UberGuard Information Security, LLC, in Avon, NY, were he provides UberGuard's customers with technical consulting and web site security assessments and penetration tests. He holds a B.S. in Computer Science from Rochester Institute of Technology and has 15 years of Systems Engineering and Project Management<br />
experience. Duane is also the co-owner of UberScan, LLC, a startup software development company.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Sir Whttps://wiki.owasp.org/index.php?title=Rochester&diff=32292Rochester2008-06-24T15:40:58Z<p>Sir W: Added July meeting details</p>
<hr />
<div>== Welcome to the OWASP Rochester Local Chapter ==<br />
<br />
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralf Durkee]<br />
<br />
== Participation ==<br />
<br />
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the [[Chapter Rules]].<br />
<br />
The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announce] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.<br />
<br />
== Local Officers ==<br />
<br />
<ul><br />
*<b>President:</b> [mailto:rd@rd1.net Ralf Durkee]<br />
*<b>Vice President:</b> Chris Karr<br />
*<b>Secretary and Treasurer:</b> [mailto:mailto:stevebuck@sbuck.net Steve Buck]<br />
*<b>Web and Communications:</b> [mailto:andreac@dollos.it Andrea Cogliati]<br />
</ul><br />
<br />
== Meeting Dates & Location ==<br />
<br />
<b>Dates:</b> The third Monday of every month, starting at 6:00 PM.<br />
<br />
<b>Types of events:</b> Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months<br />
<br />
<b>Locations:</b> <br />
<br />
* Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) [http://maps.google.com/maps?f=q&hl=en&q=1225+Jefferson+Rd,+Rochester,+NY&ie=UTF8&om=1&ll=43.087727,-77.600255&spn=0.014856,0.04283 Google Maps]<br />
* Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 [http://maps.google.com/maps?f=q&hl=en&geocode=&time=&date=&ttype=&q=300+Jefferson+Rd+Rochester+NY&sll=43.15549,-77.61601&sspn=0.284013,0.55481&ie=UTF8&om=1&z=16&iwloc=addr Google Maps]<br />
<br />
Formal meeting space is graciously offered by [http://www.bryantstratton.edu/campus/campus.aspx?c=14 Bryant & Stratton College] Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.<br />
<br />
Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.<br />
<br />
'''July Meeting Details'''<br />
<br />
In July we'll have a joint meeting with [http://www.rochissa.org/ Rochester ISSA chapter].<br />
<br />
* <b>Date</b> July 21 at 6pm<br />
* <b>Location</b> TBD<br />
* <b>Title</b> Input Validation: The root of all evil<br />
* <b>Presenter</b> Duane Peifer<br />
* <b>Abstract</b> A brief definition and overview of input validation. Review of common input validation strategies. Concluding with examples of issues resulting from weak or non-existent input validation, including examples of corrective validation solutions.<br />
<br />
== Future Events ==<br />
<br />
; Oct 29-30 2008 - Rochester Security Summit 2008<br />
<br />
: The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.<br />
<br />
Visit [http://www.RochesterSecurity.org/ Rochester Security Summit Site] for details.<br />
<br />
== Past Presentations ==<br />
<br />
<b>May 2008</b> Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt|PPT]]<br />
<br />
<b>January 2008</b> SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]<br />
<br />
<b>September 2007</b> 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]<br />
<br />
<b>October 2006</b> The first of the OWASP top ten: unvalidated input, by Steve Buck.<br />
[http://rd1.net/owasp/2006-10-16_owasp-presentation.ppt PowerPoint]<br />
<br />
<b>April 2006</b> PGP: Encryption for e-mail and web applications, by Ralph Durkee [http://rd1.net/owasp/Apr_OWASP_PGP_Durkee.pdf PDF]<br />
<br />
<b>February 2006</b> Identity Theft, Phishing and Pharming, by Danny Allan [http://rd1.net/owasp/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.pdf PDF]<br />
<br />
<b>February 2006</b> Secure e-mail, by Thomas Bullinger [http://rd1.net/owasp/SecureEmail.pdf PDF]<br />
<br />
<b>January 2006</b> PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran [http://rd1.net/owasp/Rochester_OWASP_PCI_Compliance.pdf PDF]<br />
<br />
<b>September 2005</b> Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.pdf PDF] [http://rd1.net/owasp/DCI-Java-SSL-Certs-2005-09-19.sxi Open Office]<br />
<br />
<b>April 2005</b> Avoiding Backend Exploitation of Mail Forms, by Max Kessler [http://rd1.net/owasp/owasp-mailform-exploitation.ppt PowerPoint] [http://rd1.net/owasp/owasp-mailform-exploitation.sxi Open Office]<br />
<br />
<b>March 2005</b> Bringing Two-Factor Authentication to Web Applications, by Michael Starks [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt PowerPoint] [http://rd1.net/owasp/2005_Mar_OWASP_Two-factor%20Web%20App.ppt Open Office]<br />
<br />
<b>February 2005</b> Insecure Storage, by Chris Karr [http://rd1.net/owasp/Insecure_Storage.ppt PowerPoint]<br />
<br />
<b>January 2005</b> Access Control and Session Mgmnt, by Steve Buck [http://rd1.net/owasp/Jan_OWASP-access-control.ppt PowerPoint] [http://rd1.net/owasp/Jan_OWASP-access-control.sxi Open Office]<br />
<br />
<b>November 2004</b> Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo [http://rd1.net/owasp/Nov_OWASP_20041103.ppt PowerPoint]<br />
<br />
[[Category:OWASP Chapter]]</div>Sir Whttps://wiki.owasp.org/index.php?title=OWASP_on_the_Move&diff=32218OWASP on the Move2008-06-23T20:17:50Z<p>Sir W: Added Rochester Security Summit</p>
<hr />
<div>This new program allows local chapter or application security conferences to have OWASP presenters on site.<br />
<br />
This page will allow 3 parties to find each other:<br />
<br />
* OWASP speakers to entertain OWASP presentations and that want to see the world<br />
* Local chapters or application security events that want to attract an OWASP speaker<br />
* OWASP sponsors that want to support spreading the OWASP message<br />
<br />
Owasp on the Move (OotM) is now also a project. Visit the project [[:Category:OWASP_on_the_Move_Project|page]] to see what the future holds for OotM.<br />
<br />
==OWASP On the Move Rules:==<br />
<br />
The following rules apply for the OotM project:<br />
<br />
<br />
*The normal maximum amount per speaker is 500 USD<br />
*Only in special circumstances the maximum amount per speaker can be raised to a maximum of $1000 USD<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any individual per year (*see 'further funding' below)<br />
*There is a proposed limit of 1,000 USD on the amount of $ provided to any event per year(*see 'further funding' below)<br />
*There is a proposed limit of 2,000 USD on the amount of $ provided to any chapter per year(*see 'further funding' below)<br />
*The program will run for 1 year or 30,000 USD (whichever comes first) and then will be reviewed for the value and ROI for OWASP and its community;<br />
<br />
<br />
So, a chapter can use the sponsorship 4 times a year, with the max of 2 speakers sponsored by OotM for one single event.<br />
<br />
<br />
*Further funding: for active chapters or speakers who have reach the proposed financial limits, further funding is possible but will depend on available budget, since priority would be given to chapters below these thresholds<br />
<br />
== Current demand ==<br />
Add your demand here:<br />
<br />
* [[Helsinki]] is looking for OWASP speakers on the SDLC topic for a mini-conference. Expected timing is sometime in May . Sponsors and potential speakers are requested to contact Antti.<br />
<br />
* [[Edmonton]] is looking for an OWASP speaker on any topic to coincide with the CIPS Edmonton ICE Conference[http://www.iceconference.com/iceSpeakers.aspx]. The talk would be during November 5 - 7, 2007. Looking for a quick reply if possible as we are trying to finalize the conference program very shortly. Keynotes at the conference include Bruce Schneier and Jim Christy, so this could be a great opportunity to showcase OWASP to an interested audience.<br />
<br />
* [[Rochester]] is looking for an OWASP speaker for the [http://rochestersecurity.org Rochester Security Summit] on October 30, 2008.<br />
<br />
== Current offerings ==<br />
If you want to (re)do an OWASP related presentation, propose them here with your availability boundaries (timing/geographical)<br />
* Marc Curphey will happily speak about the WebAppSec industry, SDLC etc. around Europe. You can see him in action at [http://video.hitb.org/2006.html HITB with John Viega] (big download)<br />
* [mailto:thesp0nge@owasp.org Paolo Perego] is available to talk about [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Orizon project], safe coding and code review issues around Europe in the near October-December.<br />
* [mailto:marc.m.morana@gmail.org Marco Morana] is available to talk about [http://iac.dtic.mil/iatac/download/security.pdf Software Security Frameworks]and Secure Code Reviews [https://www.cmpevents.com/CSI33/a.asp?option=G&V=3&id=443342 see 07 CSI conference as reference] in USA around November-December and in Europe around January-February.<br />
* [mailto:sebastien.gioria@owasp.fr S&eacute;bastien Gioria] is available to talk about WebAppSec, educational purpose on AppSec in French or at least in english around France/Europe/Canada from middle of March 08. You can find some Talk on the [http://www.owasp.fr Owasp France Chapter]<br />
* you?<br />
<br />
== Upcoming OWASP on the Move Events ==<br />
<br />
* October 30, 2008 - [[Rochester]] Marco Morana will speak at [http://rochestersecurity.org Rochester Security Summit] about Software Security Framework<br />
<br />
== Past OWASP on the Move Events ==<br />
<br />
* 8th Sep 2007: [[Belgium]] Mark Curphey, pdp (Architect), Simon Roses Femerling and David Kierznowski presented as part of the OWASP Day worldwide conference.<br />
* 14th July 2007: [[Turkey]] Dinis joined the first Turkey Mini-Conference<br />
* 22nd June 2007: [[Belgium]] Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).<br />
<br />
== Sponsors ==<br />
Currently the OotM is sponsored by banners on the OWASP home page. <br />
<br />
We are looking for sponsors that specifically want to sponsor the OotM project.<br />
<br />
Past local sponsors were:<br />
* F5 Networks in [[Belgium]]</div>Sir W