OWASP - User contributions [en]

Portland

2017-02-25T17:49:17Z

TimMorgan: /* Chapter Supporters */

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator].

The Portland OWASP chapter currently aims to hold a chapter meeting once every 2-3 months with additional workshops and miscellaneous other events worked in whenever possible. Our chapter is also experimenting with a new type of workshop/hacking competition that we call [[FLOSSHack]].

=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of [[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [http://lists.owasp.org/mailman/listinfo/owasp-Portland local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 15 to 25 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

=Contact=

Your current Portland chapter board:

*Bhushan Gupta - Chapter Leader
*Ian Melven - Community Outreach
*Sonny Nallamilli - Treasurer

Other volunteers and organizers:

*James Bohem
*Adam Russell <adam . russell {a} owasp . org>
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan <tim . morgan {a} owasp . org> - Founder
*AJ Dexter (aj.dexter 'at' gmail.com) - Founder (now retired)

__NOTOC__

<headertabs/>

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2017 ==
=== Champion Supporters ===
None yet!

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]

=== Patron Supporters ===
None yet!

== 2016 ==

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:Jama-logo.png|x100px|frameless|link=https://www.jamasoftware.com/]]             
[[File:webmd.png|x110px|frameless|link=https://www.webmdhealthservices.com/]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

OWASP Portland Sponsorship Archive

2017-02-25T17:47:53Z

TimMorgan:

Portland

2017-02-25T17:47:35Z

TimMorgan: /* Chapter Supporters */

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator].

The Portland OWASP chapter currently aims to hold a chapter meeting once every 2-3 months with additional workshops and miscellaneous other events worked in whenever possible. Our chapter is also experimenting with a new type of workshop/hacking competition that we call [[FLOSSHack]].

=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of [[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [http://lists.owasp.org/mailman/listinfo/owasp-Portland local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 15 to 25 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

=Contact=

Your current Portland chapter board:

*Bhushan Gupta - Chapter Leader
*Ian Melven - Community Outreach
*Sonny Nallamilli - Treasurer

Other volunteers and organizers:

*James Bohem
*Adam Russell <adam . russell {a} owasp . org>
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan <tim . morgan {a} owasp . org> - Founder
*AJ Dexter (aj.dexter 'at' gmail.com) - Founder (now retired)

__NOTOC__

<headertabs/>

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2016 ==
=== Champion Supporters ===
None yet!

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:Jama-logo.png|x100px|frameless|link=https://www.jamasoftware.com/]]             
[[File:webmd.png|x110px|frameless|link=https://www.webmdhealthservices.com/]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

File:Simple-logo.png

2017-02-25T17:46:51Z

TimMorgan: TimMorgan uploaded a new version of "File:Simple-logo.png"

Portland

2017-02-25T17:29:27Z

TimMorgan: /* Contact */

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator].

The Portland OWASP chapter currently aims to hold a chapter meeting once every 2-3 months with additional workshops and miscellaneous other events worked in whenever possible. Our chapter is also experimenting with a new type of workshop/hacking competition that we call [[FLOSSHack]].

=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of [[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [http://lists.owasp.org/mailman/listinfo/owasp-Portland local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 15 to 25 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

=Contact=

Your current Portland chapter board:

*Bhushan Gupta - Chapter Leader
*Ian Melven - Community Outreach
*Sonny Nallamilli - Treasurer

Other volunteers and organizers:

*James Bohem
*Adam Russell <adam . russell {a} owasp . org>
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan <tim . morgan {a} owasp . org> - Founder
*AJ Dexter (aj.dexter 'at' gmail.com) - Founder (now retired)

__NOTOC__

<headertabs/>

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2016 ==
=== Champion Supporters ===
None yet!

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:Jama-logo.png|x100px|frameless|link=https://www.jamasoftware.com/]]             
[[File:webmd.png|x110px|frameless|link=https://www.webmdhealthservices.com/]]

== 2015 ==

=== Signature Supporters ===
[[File:Newrelic-logo.png|x100px|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:blindspot-logo.png|x90px|frameless|left|link=https://blindspotsecurity.com/]]
[[File:Jive.png|x100px|frameless|right|link=https://www.jivesoftware.com/]]
[[File:Jama-logo.png|x100px|frameless|center|link=https://www.jamasoftware.com/]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

Portland

2017-02-25T17:28:09Z

TimMorgan: /* Contact */

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator].

The Portland OWASP chapter currently aims to hold a chapter meeting once every 2-3 months with additional workshops and miscellaneous other events worked in whenever possible. Our chapter is also experimenting with a new type of workshop/hacking competition that we call [[FLOSSHack]].

=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of [[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [http://lists.owasp.org/mailman/listinfo/owasp-Portland local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 15 to 25 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

=Contact=

Your current Portland chapter board:

*Bhushan Gupta - Chapter Leader
*Ian Melven - Community Outreach
*Sonny Nallamilli - Treasurer

Other volunteers and organizers:

*James Bohem
*Adam Russell <adam . russell {a} owasp . org>
*Matthew Lapworth
*Timothy D. Morgan <tim . morgan {a} owasp . org> - Founder
*AJ Dexter (aj.dexter 'at' gmail.com) - Founder (now retired)

__NOTOC__

<headertabs/>

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2016 ==
=== Champion Supporters ===
None yet!

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:Jama-logo.png|x100px|frameless|link=https://www.jamasoftware.com/]]             
[[File:webmd.png|x110px|frameless|link=https://www.webmdhealthservices.com/]]

== 2015 ==

=== Signature Supporters ===
[[File:Newrelic-logo.png|x100px|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:blindspot-logo.png|x90px|frameless|left|link=https://blindspotsecurity.com/]]
[[File:Jive.png|x100px|frameless|right|link=https://www.jivesoftware.com/]]
[[File:Jama-logo.png|x100px|frameless|center|link=https://www.jamasoftware.com/]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

Portland

2017-02-25T16:53:08Z

TimMorgan: /* Contact */

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator].

The Portland OWASP chapter currently aims to hold a chapter meeting once every 2-3 months with additional workshops and miscellaneous other events worked in whenever possible. Our chapter is also experimenting with a new type of workshop/hacking competition that we call [[FLOSSHack]].

=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of [[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [http://lists.owasp.org/mailman/listinfo/owasp-Portland local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 15 to 25 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

=Contact=

Your current Portland chapter board:

*Bhushan Gupta - Chapter Leader
*Ian Melven - Community Outreach
*Sonny N - Treasurer

Other volunteers and organizers:

*James Bohem
*Adam Russell <adam . russell {a} owasp . org>
*Matthew Lapworth
*Timothy D. Morgan <tim . morgan {a} owasp . org> - Founder
*AJ Dexter (aj.dexter 'at' gmail.com) - Founder (now retired)

__NOTOC__

<headertabs/>

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2016 ==
=== Champion Supporters ===
None yet!

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:Jama-logo.png|x100px|frameless|link=https://www.jamasoftware.com/]]             
[[File:webmd.png|x110px|frameless|link=https://www.webmdhealthservices.com/]]

== 2015 ==

=== Signature Supporters ===
[[File:Newrelic-logo.png|x100px|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:blindspot-logo.png|x90px|frameless|left|link=https://blindspotsecurity.com/]]
[[File:Jive.png|x100px|frameless|right|link=https://www.jivesoftware.com/]]
[[File:Jama-logo.png|x100px|frameless|center|link=https://www.jamasoftware.com/]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

Portland

2016-11-16T16:27:13Z

TimMorgan:

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator].

The Portland OWASP chapter currently aims to hold a chapter meeting once every 2-3 months with additional workshops and miscellaneous other events worked in whenever possible. Our chapter is also experimenting with a new type of workshop/hacking competition that we call [[FLOSSHack]].

=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of [[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [http://lists.owasp.org/mailman/listinfo/owasp-Portland local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 15 to 25 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

=Contact=

Your Portland chapter organizers:

*Timothy D. Morgan <tim . morgan {a} owasp . org> - Leader / Organizer
*Bhushan Gupta - Organizer
*James Bohem - Community Outreach
*Adam Russell <adam . russell {a} owasp . org> - Organizer (on hiatus)
*Matthew Lapworth - Organizer (on hiatus)
*AJ Dexter (aj.dexter 'at' gmail.com) - Founder (now retired)

__NOTOC__

<headertabs/>

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2016 ==
=== Champion Supporters ===
None yet!

=== Signature Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:Jama-logo.png|x100px|frameless|link=https://www.jamasoftware.com/]]             
[[File:webmd.png|x110px|frameless|link=https://www.webmdhealthservices.com/]]

== 2015 ==

=== Signature Supporters ===
[[File:Newrelic-logo.png|x100px|link=https://newrelic.com/]]

=== Patron Supporters ===
[[File:blindspot-logo.png|x90px|frameless|left|link=https://blindspotsecurity.com/]]
[[File:Jive.png|x100px|frameless|right|link=https://www.jivesoftware.com/]]
[[File:Jama-logo.png|x100px|frameless|center|link=https://www.jamasoftware.com/]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

OWASP Portland 2016 Training Day

2016-11-02T02:20:09Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;"|Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

''All classes are completely sold out. :-\ ''

''Most of our seats sold out within 48 hours. Something to keep in mind next time we hold one of these events!''

OWASP Portland 2016 Training Day

2016-11-02T02:19:54Z

TimMorgan: /* Lunch Ideas */

OWASP Portland 2016 Training Day

2016-11-02T02:19:27Z

TimMorgan: /* How to Register */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;"|Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a *large* number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

''All classes are completely sold out. :-\ ''

''Most of our seats sold out within 48 hours. Something to keep in mind next time we hold one of these events!''

OWASP Portland 2016 Training Day

2016-11-02T02:16:45Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;"|Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a *large* number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-11-02T02:16:31Z

TimMorgan: /* Details */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;"|Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a *large* number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-29T01:30:33Z

TimMorgan: /* Schedule */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;"|Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-28T22:30:12Z

TimMorgan: /* Schedule */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-28T22:30:01Z

TimMorgan: /* Details */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-28T22:27:02Z

TimMorgan: /* Sponsors */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

Testing for Padding Oracle (OTG-CRYPST-002)

2016-10-21T15:45:35Z

TimMorgan: /* Tools */ alphabetized tools, added Bletchley

{{Template:OWASP Testing Guide v4}}

== Summary ==
 
A padding oracle is a function of an application which decrypts encrypted data provided by the client, e.g. internal session state stored on the client, and leaks the state of the validity of the padding after decryption. The existence of a padding oracle allows an attacker to decrypt encrypted data and encrypt arbitrary data without knowledge of the key used for these cryptographic operations. This can lead to leakage of sensible data or to privilege escalation vulnerabilities, if integrity of the encrypted data is assumed by the application.

 
Block ciphers encrypt data only in blocks of certain sizes. Block sizes used by common ciphers are 8 and 16 bytes. Data where the size doesn't match a multiple of the block size of the used cipher has to be padded in a specific manner so the decryptor is able to strip the padding. A commonly used padding scheme is PKCS#7. It fills the remaining bytes with the value of the padding length.

'''Example:'''

If the padding has the length of 5 bytes, the byte value 0x05 is repeated five times after the plain text.

An error condition is present if the padding doesn't match the syntax of the used padding scheme. A padding oracle is present if an application leaks this specific padding error condition for encrypted data provided by the client. This can happen by exposing exceptions (e.g. BadPaddingException in Java) directly, by subtle differences in the responses sent to the client or by another side-channel like timing behavior.

Certain modes of operation of cryptography allow bit-flipping attacks, where flipping of a bit in the cipher text causes that the bit is also flipped in the plain text. Flipping a bit in the n-th block of CBC encrypted data causes that the same bit in the (n+1)-th block is flipped in the decrypted data. The n-th block of the decrypted cipher text is garbaged by this manipulation.

The padding oracle attack enables an attacker to decrypt encrypted data without knowledge of the encryption key and used cipher by sending skillful manipulated cipher texts to the padding oracle and observing of the results returned by it. This causes loss of confidentiality of the encrypted data. E.g. in the case of session data stored on the client side the attacker can gain information about the internal state and structure of the application.

A padding oracle attack also enables an attacker to encrypt arbitrary plain texts without knowledge of the used key and cipher. If the application assumes that integrity and authenticity of the decrypted data is given, an attacker could be able to manipulate internal session state and possibly gain higher privileges.

==How to Test==
=== Black Box Testing ===
'''Testing for padding oracle vulnerabilities:''' 
First the possible input points for padding oracles must be identified. Generally the following conditions must be met:

# The data is encrypted. Good candidates are values which appear to be random.
# A block cipher is used. The length of the decoded (Base64 is used often) cipher text is a multiple of common cipher block sizes like 8 or 16 bytes. Different cipher texts (e.g. gathered by different sessions or manipulation of session state) share a common divisor in the length.

'''Example:'''

<nowiki>Dg6W8OiWMIdVokIDH15T/A==</nowiki> results after Base64 decoding in 0e 0e 96 f0 e8 96 30 87 55 a2 42 03 1f 5e 53 fc. This seems to be random and 16 byte long.

If such an input value candidate is identified, the behavior of the application to bit-wise tampering of the encrypted value should be verified. Normally this Base64 encoded value will include the initialization vector (IV) prepended to the cipher text. Given a plaintext ''<tt>p</tt>'' and a cipher with a block size ''<tt>n</tt>'', the number of blocks will be ''<tt>b = ceil( length(b) / n)</tt>''. The length of the encrypted string will be ''<tt>y=(b+1)*n</tt>'' due to the initialization vector. To verify the presence of the oracle, decode the string, flip the last bit of the second-to-last block ''<tt>b-1</tt>'' (the least significant bit of the byte at ''<tt>y-n-1</tt>''), re-encode and send. Next, decode the original string, flip the last bit of the block ''<tt>b-2</tt>'' (the least significant bit of the byte at ''<tt>y-2*n-1</tt>''), re-encode and send.

If it is known that the encrypted string is a single block (the IV is stored on the server or the application is using a bad practice hardcoded IV), several bit flips must be performed in turn. An alternative approach could be to prepend a random block, and flip bits in order to make the last byte of the added block take all possible values (0 to 255).

The tests and the base value should at least cause three different states while and after decryption:

* Cipher text gets decrypted, resulting data is correct.
* Cipher text gets decrypted, resulting data is garbled and causes some exception or error handling in the application logic.
* Cipher text decryption fails due to padding errors.

Compare the responses carefully. Search especially for exceptions and messages which state that something is wrong with the padding. If such messages appear, the application contains a padding oracle. If the three different states described above are observable implicitly (different error messages, timing side-channels), there is a high probability that there is a padding oracle present at this point. Try to perform the padding oracle attack to ensure this.

'''Examples:'''
* ASP.NET throws "System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed." if padding of a decrypted cipher text is broken.
* In Java a javax.crypto.BadPaddingException is thrown in this case.
* Decryption errors or similar can be possible padding oracles.

'''Result Expected:''' 
A secure implementation will check for integrity and cause only two responses: ok and failed. There are no side channels which can be used to determine internal error states.

=== Grey Box Testing===
'''Testing for padding oracle vulnerabilities:''' 
Verify that all places where encrypted data from the client, that should only be known by the server, is decrypted. The following conditions should be met by such code:

# The integrity of the cipher text should be verified by a secure mechanism, like HMAC or authenticated cipher operation modes like GCM or CCM.
# All error states while decryption and further processing are handled uniformly.

==Tools==
* Bletchley - [https://code.blindspotsecurity.com/trac/bletchley https://code.blindspotsecurity.com/trac/bletchley]
* PadBuster - [https://github.com/GDSSecurity/PadBuster https://github.com/GDSSecurity/PadBuster]
* Padding Oracle Exploitation Tool (POET) - [http://netifera.com/research/ http://netifera.com/research/]
* Poracle - [https://github.com/iagox86/Poracle https://github.com/iagox86/Poracle]
* python-paddingoracle - [https://github.com/mwielgoszewski/python-paddingoracle https://github.com/mwielgoszewski/python-paddingoracle]

 
'''Examples''' 
* Visualization of the decryption process - [http://erlend.oftedal.no/blog/poet/ http://erlend.oftedal.no/blog/poet/]

== References ==
'''Whitepapers''' 
* Wikipedia - Padding oracle attack - [http://en.wikipedia.org/wiki/Padding_oracle_attack http://en.wikipedia.org/wiki/Padding_oracle_attack]
* Juliano Rizzo, Thai Duong, "Practical Padding Oracle Attacks" - [http://www.usenix.org/event/woot10/tech/full_papers/Rizzo.pdf http://www.usenix.org/event/woot10/tech/full_papers/Rizzo.pdf]

OWASP Portland 2016 Training Day

2016-10-15T16:12:33Z

TimMorgan: /* Cyber Hygiene - Critical Security Controls */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura'' 
''Assistant: Anthony Gold'' 
With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-13T23:36:13Z

TimMorgan: /* Schedule */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-12T18:48:03Z

TimMorgan: /* Sponsors */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              [[File:OHSU.png|link=https://www.ohsu.edu/xd/education/schools/school-of-medicine/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

File:OHSU.png

2016-10-12T18:46:47Z

TimMorgan:

OWASP Portland 2016 Training Day

2016-10-12T18:43:56Z

TimMorgan: /* Communications Security in Modern Software */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://www.ohsu.edu/xd/education/schools/school-of-medicine/ OHSU School of Medicine]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-12T18:41:52Z

TimMorgan: /* Courses */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
''Sponsored by [https://ohsu.edu/ OHSU]'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-12T15:30:51Z

TimMorgan: /* Applied Physical Attacks on Embedded Systems, Introductory Version */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick'' 
''Assistant: Scott Davis'' 
This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-12T03:23:22Z

TimMorgan: /* Communications Security in Modern Software */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell'' 
''Assistant: Sonny'' 
Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-11T22:12:29Z

TimMorgan: /* How to Register */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell''

Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
'''Please visit the registration page here to sign up: https://owasp-portland-training-2016.eventbrite.com/ '''

Each student can attend one morning session and/or one afternoon session. Be sure to sign up soon, these courses are likely to fill up fast!

OWASP Portland 2016 Training Day

2016-10-11T16:50:20Z

TimMorgan: /* Fuzzing: Introduction & Practice */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Communications Security in Modern Software===
''Instructor: Adam Russell''

Securing communications over untrusted networks is a critical
component to any modern application's security. However, far too
often developers and operations personnel become tripped up by the
many pitfalls of implementation in this area, which often leads to
complete failures to secure data on the wire. In this course we
discuss how attackers can gain access to other users' communication
through a variety of techniques and cover the strategies for
preventing this. The course covers specific topics ranging from the
SSL/TLS certificate authority system, to secure web session management
and mobile communications security. A hands-on exercise is included
in the course which helps students empirically test SSL/TLS certificate
validation in a realistic scenario.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T17:09:13Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
''Instructor: Brian Ventura''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
''Instructor: Timothy D. Morgan'' 
''Assistant: Bhushan Gupta'' 
''Sponsored by [https://newrelic.com/ New Relic]''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
''Instructor: Joe Fitzpatrick''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
''Instructor: Adam Russell''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T16:12:15Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]

=== Morning Refreshments Sponsors ===
[[File:github.png|link=https://github.com/]]              [[File:pnsqc.png|link=http://pnsqc.org/]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png|link=https://github.com/]]

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T16:09:40Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]              [[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              [[File:github.png]]

[[File:summit.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

File:Newrelic.png

2016-09-30T16:08:24Z

TimMorgan: TimMorgan uploaded a new version of "File:Newrelic.png"

File:Github.png

2016-09-30T16:07:38Z

TimMorgan: TimMorgan uploaded a new version of "File:Github.png"

File:Summit.png

2016-09-30T16:07:12Z

TimMorgan: TimMorgan uploaded a new version of "File:Summit.png"

File:Simple.png

2016-09-30T16:06:49Z

TimMorgan: TimMorgan uploaded a new version of "File:Simple.png"

File:Pnsqc.png

2016-09-30T16:06:32Z

TimMorgan: TimMorgan uploaded a new version of "File:Pnsqc.png"

OWASP Portland 2016 Training Day

2016-09-30T16:01:15Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=
The following sponsors have made this event possible.

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]              [[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]              [[File:github.png]]

[[File:summit.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T16:00:19Z

TimMorgan: /* General Sponsors */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]              [[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]              [[File:github.png]]

[[File:summit.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:59:52Z

TimMorgan: /* Morning Refreshments Sponsors */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]              [[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:58:31Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org'''

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]

[[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:57:39Z

TimMorgan: /* Courses */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]

[[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:57:28Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]

[[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:56:55Z

TimMorgan:

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org

=== Mixer Sponsors===

''None Yet!''

=== Training Session Sponsors ===
[[File:newrelic.png]]

=== Morning Refreshments Sponsors ===
[[File:github.png]]

[[File:pnsqc.png]]

=== General Sponsors ===

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:53:02Z

TimMorgan: /* Courses */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each. The four courses offered are as follows:

== Morning Session ==
===Cyber Hygiene - Critical Security Controls===
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

===Introduction to Injection Vulnerabilities===
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

== Afternoon Session ==

===Applied Physical Attacks on Embedded Systems, Introductory Version===
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

===Fuzzing: Introduction & Practice===
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

=Sponsors=

Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org

== Mixer Sponsors==

''None Yet!''

== Training Session Sponsors ==
[[File:newrelic.png]]

== Morning Refreshments Sponsors ==
[[File:github.png]]

[[File:pnsqc.png]]

== General Sponsors ==

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 in PSU's Smith Memorial Student Union Building at 1825 SW Broadway, Portland, OR 97201. Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

OWASP Portland 2016 Training Day

2016-09-30T15:50:25Z

TimMorgan: /* Sponsors */

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community.

=Courses=
Four courses will be offered in 2 separate tracks. A full schedule has yet to be determined, but the courses offered will likely be as follows:

==Applied Physical Attacks on Embedded Systems, Introductory Version==
'''Instructor: Joe Fitzpatrick'''

This workshop introduces several different relatively accessible interfaces
on embedded systems. Attendees will get hands-on experience with UART, SPI,
and JTAG interfaces on a MIPS-based wifi router. After a brief
architectural overview of each interface, hands-on labs will guide through
the process understanding, observing, interacting with, and exploiting the
interface to potentially access a root shell on the target.

==Introduction to Injection Vulnerabilities==
'''Instructor: Timothy D. Morgan'''

Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

==Fuzzing: Introduction & Practice==
'''Instructor: Adam Russell'''

The training starts with the theory of fuzzing. No prior
knowledge is assumed. Each fuzzing topic and technique utilizes interesting
case studies and scenarios to highlight the use-cases of fuzzing and their
practicality. The training utilizes practical sessions (e.g. fuzzing image
formats, web application data flow, etc) to gain hands-on experience with
fuzzing tools. This training will equip participants with the necessary
skills and knowledge to conduct basic fuzzing of products.

==Cyber Hygiene - Critical Security Controls==
'''Instructor: Brian Ventura'''

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

=Sponsors=

Interested in becoming a sponsor? Please contact: tim ''DOT'' morgan ''AT'' owasp.org

== Mixer Sponsors==

''None Yet!''

== Training Session Sponsors ==
[[File:newrelic.png]]

== Morning Refreshments Sponsors ==
[[File:github.png]]

[[File:pnsqc.png]]

== General Sponsors ==

[[File:simple.png]]

[[File:summit.png]]

[[File:github.png]]

=Details=
The training day will be held on Wednesday, November 2 in PSU's Smith Memorial Student Union Building at 1825 SW Broadway, Portland, OR 97201. Later in the evening, a social mixer will also be held at TODO.

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room TBD: Introduction to Injection Vulnerabilities
| style="padding: 0.5em;"|Room TBD: Cyber Hygiene - Critical Security Controls
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room TBD: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room TBD: Fuzzing: Introduction & Practice
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer
|}

=How to Register=
TODO

File:Pnsqc.png

2016-09-30T15:49:20Z

TimMorgan:

File:Newrelic.png

2016-09-30T15:35:45Z

TimMorgan: TimMorgan uploaded a new version of "File:Newrelic.png"

File:Github.png

2016-09-30T15:34:35Z

TimMorgan: TimMorgan uploaded a new version of "File:Github.png"

File:Summit.png

2016-09-30T15:34:21Z

TimMorgan: TimMorgan uploaded a new version of "File:Summit.png"

File:Simple.png

2016-09-30T15:34:02Z

TimMorgan: TimMorgan uploaded a new version of "File:Simple.png"