https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=VideomanOWASP - User contributions [en]2026-05-17T22:30:49ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Minneapolis_St_Paul_2010_Conference&diff=89728OWASP Minneapolis St Paul 2010 Conference2010-09-21T14:40:35Z<p>Videoman: </p>
<hr />
<div>Building on the success of the [[OWASP Minneapolis St Paul 2009 Conference | 2009]] talks, the [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] and [http://www.dc612.org/ DC612 local DEF CON chapter] will be hosting a day of talks on '''Friday, October 8, 2010''' at the [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus.<br />
<br />
<br />
'''See the [[OWASP_Minneapolis_St_Paul_2010_Conference#Agenda | Agenda]].'''<br><br>[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
== Sponsors ==<br />
A '''BIG''' thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.<br />
<br />
A special thank you goes out to Platinum Sponsor '''[http://www.bestbuy.com/ Best Buy]'''.<br />
<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]<br />
<br />
<br />
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!<br />
<br />
[[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AccuvantLogoNEW.jpg||120px|link=http://www.accuvant.com/]]<br />
<br />
<br />
== How to Sponsor ==<br />
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor this event. Sponsorship of the October 8, 2010 day of talks includes literature inclusion in attendee bags (up to 2 items), prominent display of your sponsor banner in the presentation room, and recognition for sponsorship of the event on this page, event mailings, and printed event materials.<br />
<br />
'''Sponsorship of day of talks:''' $500<br />
<br />
'''Sponsorship of day of talks plus have your logo on our chapter homepage for a year:''' $750<br />
<br />
Show your support for OWASP MSP as we get ready as hosts for OWASP AppSec USA 2011 in Minneapolis in September 2011!<br />
<br />
<br />
Click the following ''Donate'' button to submit your sponsorship.<br />
<br />
'''SPONSOR OWASP MSP'''<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
<br />
== Agenda ==<br />
<br />
'''Date:''' October 8, 2010<br />
<br />
'''Location:''' [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus<br><br>2017 Buford Avenue<br>St. Paul, MN 55108<br />
<br />
<br />
[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
{| border="0" width="80%"<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 8:00 AM - 8:30 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 8:30 AM - 9:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Adam Baso''', OWASP MSP President<br />
<br />
'''Lorna Alamri''', OWASP MSP Vice President <br />
<br />
'''David Bryan''', DC612 President<br />
<br />
'''Topic:''' Opening Remarks <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:00 AM - 9:50 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andre &quot;Dre&quot; Gironda''' <br />
<br />
'''Topic:''' Application Assessments Reloaded<br />
<br />
Trying to integrate Business Software Assurance into Enterprise Risk Management and Information Security Management programs has had issues over the years. Penetration testing was announced dead over a year ago, but it's still the number one choice of application security professionals when starting out. Can the activities from penetration testing be re-used and turned into something innovative?<br />
<br />
Tools (especially application scanners and secure static analysis tools) have error rates so high, they are useless in the hands of newcomers (even for peripheral security testing). Some organizations have built entire applications around or on top of existing appsec tools. Others are looking to use other kinds of tools, such as process/methodology/workflow tools, to enhance their classic penetration testing tools.<br />
<br />
Even the testing/inspection methodologies themselves are outdated and we're finding that they are challenging or repetitive in many environments. How do current appsec tools and testing/inspection methods work in the cloud? If we re-run the same kinds of tests during dev-test, software quality, and application security cycles, aren't we wasting valuable time and effort?<br />
<br />
This presentation will provide discussion around how to solve many of these and other challenges in application security. The focus will be on web applications that use common technologies (HTTP, SQL, Classic XML/HTML, Javascript, Flash) but also updated to today's standards (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).<br />
<br />
'''Bio:''' Andre got his start on Unix-TCP/IP hacking before the September that never ended. Bored of embedded platform research by the time the dot-Bomb happened, he joined the largest online auction company and worked as an appsec consultant for many years. He is known for his quirky mailing list posts and blog comments - and at one time wrote for [http://www.tssci-security.com/ tssci-security.com].<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:50 AM - 10:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:00 AM - 10:50 AM <br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andrew Becherer''' <br />
<br />
Senior Security Consultant, [https://www.isecpartners.com/ iSEC Partners]<br />
<br />
'''Topic:''' Attacking Kerberos and the New Hadoop Security Design<br />
<br />
The Kerberos protocol provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure network or application. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step.<br />
<br />
The Hadoop project's Hadoop Distributed File System and MapReduce engine comprise a robust, open source distributed computing platform. Hadoop is in use at many of the world's largest online media companies including Facebook, Fox Interactive Media, LinkedIn, Powerset (now part of Microsoft), and Twitter. Hadoop is entering the enterprise as evidenced by Hadoop World 2009 presentations from Booz Allen Hamilton and JP Morgan Chase. Hadoop has also been elevated to the "cloud" and made available as a service by Amazon and Sun. What the heck is it? Can it be secure? What do I do if I discover it on a network I am testing?<br />
<br />
When Hadoop development began in 2004 no effort was expended on creating a secure distributed computing environment. In 2009 discussion about Hadoop security reached a boiling point. The developers behind Hadoop decided they needed to get some of that "security" stuff. After a thorough application of Kerberos, Hadoop is now secure, or is it?<br />
<br />
This talk will provide an introduction to Kerberos attack scenarios, describe the new Hadoop security model and Kerberos's (limited) role in it. This talk aims to determine whether Hadoop was made any more secure through the application of Kerberos.<br />
<br />
'''Bio:''' Andrew Becherer is a Senior Security Consultant with iSEC Partners, a strategic digital security organization. His focus is web application and mobile application security. Prior to joining iSEC Partners, he was a Senior Consultant with Booz Allen Hamilton. Mr. Becherer spent several years as a Risk and Credit Analyst in the financial services industry. His experience in the software security field - consulting financial, non-profit and defense sectors - has provided him experience with a wide range of technologies.<br />
<br />
Mr. Becherer has lectured on a number of topics including emerging cloud computing threat models, virtualization, network security tools and embedded Linux development. At the Black Hat Briefings USA 2009, Andrew, along with researchers Alex Stamos and Nathan Wilcox, presented on the topic "Cloud Computing Models and Vulnerabilities:Raining on the Trendy New Parade." Andrew's research on this topic focused on the effect of elasticity and virtualization on the Linux pseudorandom number generator (PRNG). At Black Hat USA 2008, he was a Microsoft Defend the Flag (DTF) instructor and, he is a recurring speaker at the Linuxfest Northwest conference. In addition to his educational outreach work with user groups, he is a member of several nationally recognized organizations. These organizations include the Association of Computing Machinery (ACM), FBI InfraGard, and the Open Web Application Security Project (OWASP).<br />
<br />
Mr. Becherer received a B.S. in Computing and Software Systems from the University of Washington, Tacoma, and holds a B.A. in Sociology from the University of Kentucky. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:50 AM - 11:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 11:00 AM - 12:00 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Joe Teff''' <br />
<br />
Vice President - Manager Security Code Review, [https://www.wellsfargo.com/ Wells Fargo]<br />
<br />
Board Member, [[Minneapolis St Paul | OWASP MSP]]<br />
<br />
'''Topic:''' Can you implement a static analysis program using the OWASP Code Review Guide? <br />
<br />
Many companies are looking at implementing a static analysis program. This discussion will look at the [[OWASP_Code_Review_Project | OWASP Code Review Guide]] and the role it can play in developing a static analysis program. There are many decisions that need to be considered in building a program. We will look at these decisions and discuss the the options available.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 12:00 PM - 1:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Lunch<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 2:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Jason Rouse'''<br />
<br />
Principal Consultant, [https://www.cigital.com/ Cigital]<br />
<br />
'''Topic:''' Mobile Security <br />
<br />
Mobile applications enable millions of users to be more productive, have more fun, and interact with their world in more ways than ever before. We're approaching mobile applications with many of the same tried-and-true approaches that we've used in more traditional software, but what are the dangers? Mobile architectures run the gamut from simple web-based applications optimized for mobile displays to custom-built handset-specific applications that can interact directly with the mobile operating system. This talk will explore the hybrid mobile/web application approach, and discuss the threads binding it together - information protection and convergence. Mobile devices are unique in that they offer one of the most potentially hostile environments imaginable - privacy, compliance, and capture protection top the charts as the three most difficult issues facing mobile applications and those who use them. This talk will dive into specifics on what are today "mobile-only" threats; that is, those issues such as location-based services or text messages, and discover how they can be compromised, and how security practitioners can protect them and the back-end applications that service them.<br />
<br />
'''Bio:''' Jason Rouse brings over a decade of hands-on security experience while plying his craft at many of the leading companies in the world. He is currently responsible for many activities at Cigital including leading the mobile and wireless security practice, performing security architecture assessments, and being a trusted advisor to some of the world's largest development organizations. Jason is passionate about security, splitting his time between running Cigital's mobile and wireless practice and leading cutting-edge security projects around the world. At Cigital, in addition to his other responsibilities, Jason is also responsible for the creation of durable, actionable artifacts spanning the entire continuum of software security - from development standards to enterprise risk mitigation frameworks for both Fortune 50 customers and beyond. In his spare time he has also chaired the Financial Services Technology Consortium committee on Mobile Security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:20 PM - 2:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Coffee Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 3:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
''' ''' <br />
<br />
'''Topic:''' <br />
<br />
<br />
'''Bio:'''<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:20 PM - 3:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Charles Henderson''' <br />
<br />
Director of Application Security Services, [https://www.trustwave.com/spiderLabs.php Trustwave's SpiderLabs]<br />
<br />
'''Topic:''' TBA<br />
<br />
'''Bio:''' Charles Henderson is the Director of Application Security Services in Trustwave's SpiderLabs. He has been in the information security industry for over fifteen years. His team specializes in application security including application penetration testing, code review, and training in secure<br />
development techniques. The team's clients range from the largest of the Fortune lists to small and midsized companies interested in improving their application security posture. Charles routinely speaks at various conferences around the world (including past Black Hat, SOURCE, IAFCI, OWASP AppSec USA, OWASP AppSec Europe, and Merchant Risk Council events) on various subject matters relating to application security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Closing Remarks<br />
|}<br />
<br />
[[Category:Minnesota]]<br />
<br />
__NOTOC__</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASP_Minneapolis_St_Paul_2010_Conference&diff=89718OWASP Minneapolis St Paul 2010 Conference2010-09-21T06:33:01Z<p>Videoman: </p>
<hr />
<div>Building on the success of the [[OWASP Minneapolis St Paul 2009 Conference | 2009]] talks, the [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] and [http://www.dc612.org/ DC612 local DEF CON chapter] will be hosting a day of talks on '''Friday, October 8, 2010''' at the [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus.<br />
<br />
<br />
'''See the [[OWASP_Minneapolis_St_Paul_2010_Conference#Agenda | Agenda]].'''<br><br>[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
== Sponsors ==<br />
A '''BIG''' thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.<br />
<br />
A special thank you goes out to Platinum Sponsor '''[http://www.bestbuy.com/ Best Buy]'''.<br />
<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]<br />
<br />
<br />
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!<br />
<br />
[[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AccuvantLogoNEW.jpg||120px|link=http://www.accuvant.com/]]<br />
<br />
<br />
== How to Sponsor ==<br />
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor this event. Sponsorship of the October 8, 2010 day of talks includes literature inclusion in attendee bags (up to 2 items), prominent display of your sponsor banner in the presentation room, and recognition for sponsorship of the event on this page, event mailings, and printed event materials.<br />
<br />
'''Sponsorship of day of talks:''' $500<br />
<br />
'''Sponsorship of day of talks plus have your logo on our chapter homepage for a year:''' $750<br />
<br />
Show your support for OWASP MSP as we get ready as hosts for OWASP AppSec USA 2011 in Minneapolis in September 2011!<br />
<br />
<br />
Click the following ''Donate'' button to submit your sponsorship.<br />
<br />
'''SPONSOR OWASP MSP'''<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
<br />
== Agenda ==<br />
<br />
'''Date:''' October 8, 2010<br />
<br />
'''Location:''' [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus<br><br>2017 Buford Avenue<br>St. Paul, MN 55108<br />
<br />
<br />
[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
{| border="0" width="80%"<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 8:00 AM - 8:30 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 8:30 AM - 9:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Adam Baso''', OWASP MSP President<br />
<br />
'''Lorna Alamri''', OWASP MSP Vice President <br />
<br />
'''David Bryan''', DC612 President<br />
<br />
'''Topic:''' Opening Remarks <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:00 AM - 9:50 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andre &quot;Dre&quot; Gironda''' <br />
<br />
'''Topic:''' Application Assessments Reloaded<br />
<br />
Trying to integrate Business Software Assurance into Enterprise Risk Management and Information Security Management programs has had issues over the years. Penetration testing was announced dead over a year ago, but it's still the number one choice of application security professionals when starting out. Can the activities from penetration testing be re-used and turned into something innovative?<br />
<br />
Tools (especially application scanners and secure static analysis tools) have error rates so high, they are useless in the hands of newcomers (even for peripheral security testing). Some organizations have built entire applications around or on top of existing appsec tools. Others are looking to use other kinds of tools, such as process/methodology/workflow tools, to enhance their classic penetration testing tools.<br />
<br />
Even the testing/inspection methodologies themselves are outdated and we're finding that they are challenging or repetitive in many environments. How do current appsec tools and testing/inspection methods work in the cloud? If we re-run the same kinds of tests during dev-test, software quality, and application security cycles, aren't we wasting valuable time and effort?<br />
<br />
This presentation will provide discussion around how to solve many of these and other challenges in application security. The focus will be on web applications that use common technologies (HTTP, SQL, Classic XML/HTML, Javascript, Flash) but also updated to today's standards (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).<br />
<br />
'''Bio:''' Andre got his start on Unix-TCP/IP hacking before the September that never ended. Bored of embedded platform research by the time the dot-Bomb happened, he joined the largest online auction company and worked as an appsec consultant for many years. He is known for his quirky mailing list posts and blog comments - and at one time wrote for [http://www.tssci-security.com/ tssci-security.com].<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:50 AM - 10:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:00 AM - 10:50 AM <br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andrew Becherer''' <br />
<br />
Senior Security Consultant, [https://www.isecpartners.com/ iSEC Partners]<br />
<br />
'''Topic:''' Attacking Kerberos and the New Hadoop Security Design<br />
<br />
The Kerberos protocol provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure network or application. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step.<br />
<br />
The Hadoop project's Hadoop Distributed File System and MapReduce engine comprise a robust, open source distributed computing platform. Hadoop is in use at many of the world's largest online media companies including Facebook, Fox Interactive Media, LinkedIn, Powerset (now part of Microsoft), and Twitter. Hadoop is entering the enterprise as evidenced by Hadoop World 2009 presentations from Booz Allen Hamilton and JP Morgan Chase. Hadoop has also been elevated to the "cloud" and made available as a service by Amazon and Sun. What the heck is it? Can it be secure? What do I do if I discover it on a network I am testing?<br />
<br />
When Hadoop development began in 2004 no effort was expended on creating a secure distributed computing environment. In 2009 discussion about Hadoop security reached a boiling point. The developers behind Hadoop decided they needed to get some of that "security" stuff. After a thorough application of Kerberos, Hadoop is now secure, or is it?<br />
<br />
This talk will provide an introduction to Kerberos attack scenarios, describe the new Hadoop security model and Kerberos's (limited) role in it. This talk aims to determine whether Hadoop was made any more secure through the application of Kerberos.<br />
<br />
'''Bio:''' Andrew Becherer is a Senior Security Consultant with iSEC Partners, a strategic digital security organization. His focus is web application and mobile application security. Prior to joining iSEC Partners, he was a Senior Consultant with Booz Allen Hamilton. Mr. Becherer spent several years as a Risk and Credit Analyst in the financial services industry. His experience in the software security field - consulting financial, non-profit and defense sectors - has provided him experience with a wide range of technologies.<br />
<br />
Mr. Becherer has lectured on a number of topics including emerging cloud computing threat models, virtualization, network security tools and embedded Linux development. At the Black Hat Briefings USA 2009, Andrew, along with researchers Alex Stamos and Nathan Wilcox, presented on the topic "Cloud Computing Models and Vulnerabilities:Raining on the Trendy New Parade." Andrew's research on this topic focused on the effect of elasticity and virtualization on the Linux pseudorandom number generator (PRNG). At Black Hat USA 2008, he was a Microsoft Defend the Flag (DTF) instructor and, he is a recurring speaker at the Linuxfest Northwest conference. In addition to his educational outreach work with user groups, he is a member of several nationally recognized organizations. These organizations include the Association of Computing Machinery (ACM), FBI InfraGard, and the Open Web Application Security Project (OWASP).<br />
<br />
Mr. Becherer received a B.S. in Computing and Software Systems from the University of Washington, Tacoma, and holds a B.A. in Sociology from the University of Kentucky. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:50 AM - 11:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 11:00 AM - 12:00 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Joe Teff''' <br />
<br />
Vice President - Manager Security Code Review, [https://www.wellsfargo.com/ Wells Fargo]<br />
<br />
Board Member, [[Minneapolis St Paul | OWASP MSP]]<br />
<br />
'''Topic:''' Can you implement a static analysis program using the OWASP Code Review Guide? <br />
<br />
Many companies are looking at implementing a static analysis program. This discussion will look at the [[OWASP_Code_Review_Project | OWASP Code Review Guide]] and the role it can play in developing a static analysis program. There are many decisions that need to be considered in building a program. We will look at these decisions and discuss the the options available.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 12:00 PM - 1:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Lunch<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 2:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Jason Rouse'''<br />
<br />
Principal Consultant, [https://www.cigital.com/ Cigital]<br />
<br />
'''Topic:''' Mobile Security <br />
<br />
Mobile applications enable millions of users to be more productive, have more fun, and interact with their world in more ways than ever before. We're approaching mobile applications with many of the same tried-and-true approaches that we've used in more traditional software, but what are the dangers? Mobile architectures run the gamut from simple web-based applications optimized for mobile displays to custom-built handset-specific applications that can interact directly with the mobile operating system. This talk will explore the hybrid mobile/web application approach, and discuss the threads binding it together - information protection and convergence. Mobile devices are unique in that they offer one of the most potentially hostile environments imaginable - privacy, compliance, and capture protection top the charts as the three most difficult issues facing mobile applications and those who use them. This talk will dive into specifics on what are today "mobile-only" threats; that is, those issues such as location-based services or text messages, and discover how they can be compromised, and how security practitioners can protect them and the back-end applications that service them.<br />
<br />
'''Bio:''' Jason Rouse brings over a decade of hands-on security experience while plying his craft at many of the leading companies in the world. He is currently responsible for many activities at Cigital including leading the mobile and wireless security practice, performing security architecture assessments, and being a trusted advisor to some of the world's largest development organizations. Jason is passionate about security, splitting his time between running Cigital's mobile and wireless practice and leading cutting-edge security projects around the world. At Cigital, in addition to his other responsibilities, Jason is also responsible for the creation of durable, actionable artifacts spanning the entire continuum of software security - from development standards to enterprise risk mitigation frameworks for both Fortune 50 customers and beyond. In his spare time he has also chaired the Financial Services Technology Consortium committee on Mobile Security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:20 PM - 2:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Coffee Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 3:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''David M. N. Bryan''' <br />
<br />
[http://www.dc612.org DC612] Organizer & Security Professional for [https://www.trustwave.com/spiderLabs.php Trustwave's SpiderLabs]<br />
<br />
'''Topic:''' Pentesting & Metasploit Fun!<br />
<br />
I've been having a blast using Metasploit, and thought that I would share some of the fun things that i've done with it, and how it can be used to make your life so much easier! This talk will touch on autopwn, sql exploits, meterper, karmetasploit, and hash cracking. Almost everything you would need to break a real network in no time flat.<br />
<br />
'''Bio:''' David has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment & pentest projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he runs the local DEFCON group, DC612, is the president of Twincities Makers group, and participates in the Minneapolis OWASP chapter. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:20 PM - 3:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Charles Henderson''' <br />
<br />
Director of Application Security Services, [https://www.trustwave.com/spiderLabs.php Trustwave's SpiderLabs]<br />
<br />
'''Topic:''' TBA<br />
<br />
'''Bio:''' Charles Henderson is the Director of Application Security Services in Trustwave's SpiderLabs. He has been in the information security industry for over fifteen years. His team specializes in application security including application penetration testing, code review, and training in secure<br />
development techniques. The team's clients range from the largest of the Fortune lists to small and midsized companies interested in improving their application security posture. Charles routinely speaks at various conferences around the world (including past Black Hat, SOURCE, IAFCI, OWASP AppSec USA, OWASP AppSec Europe, and Merchant Risk Council events) on various subject matters relating to application security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Closing Remarks<br />
|}<br />
<br />
[[Category:Minnesota]]<br />
<br />
__NOTOC__</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASP_Minneapolis_St_Paul_2010_Conference&diff=89717OWASP Minneapolis St Paul 2010 Conference2010-09-21T06:31:07Z<p>Videoman: </p>
<hr />
<div>Building on the success of the [[OWASP Minneapolis St Paul 2009 Conference | 2009]] talks, the [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] and [http://www.dc612.org/ DC612 local DEF CON chapter] will be hosting a day of talks on '''Friday, October 8, 2010''' at the [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus.<br />
<br />
<br />
'''See the [[OWASP_Minneapolis_St_Paul_2010_Conference#Agenda | Agenda]].'''<br><br>[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
== Sponsors ==<br />
A '''BIG''' thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.<br />
<br />
A special thank you goes out to Platinum Sponsor '''[http://www.bestbuy.com/ Best Buy]'''.<br />
<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]<br />
<br />
<br />
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!<br />
<br />
[[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AccuvantLogoNEW.jpg||120px|link=http://www.accuvant.com/]]<br />
<br />
<br />
== How to Sponsor ==<br />
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor this event. Sponsorship of the October 8, 2010 day of talks includes literature inclusion in attendee bags (up to 2 items), prominent display of your sponsor banner in the presentation room, and recognition for sponsorship of the event on this page, event mailings, and printed event materials.<br />
<br />
'''Sponsorship of day of talks:''' $500<br />
<br />
'''Sponsorship of day of talks plus have your logo on our chapter homepage for a year:''' $750<br />
<br />
Show your support for OWASP MSP as we get ready as hosts for OWASP AppSec USA 2011 in Minneapolis in September 2011!<br />
<br />
<br />
Click the following ''Donate'' button to submit your sponsorship.<br />
<br />
'''SPONSOR OWASP MSP'''<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
<br />
== Agenda ==<br />
<br />
'''Date:''' October 8, 2010<br />
<br />
'''Location:''' [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus<br><br>2017 Buford Avenue<br>St. Paul, MN 55108<br />
<br />
<br />
[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
{| border="0" width="80%"<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 8:00 AM - 8:30 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 8:30 AM - 9:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Adam Baso''', OWASP MSP President<br />
<br />
'''Lorna Alamri''', OWASP MSP Vice President <br />
<br />
'''David Bryan''', DC612 President<br />
<br />
'''Topic:''' Opening Remarks <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:00 AM - 9:50 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andre &quot;Dre&quot; Gironda''' <br />
<br />
'''Topic:''' Application Assessments Reloaded<br />
<br />
Trying to integrate Business Software Assurance into Enterprise Risk Management and Information Security Management programs has had issues over the years. Penetration testing was announced dead over a year ago, but it's still the number one choice of application security professionals when starting out. Can the activities from penetration testing be re-used and turned into something innovative?<br />
<br />
Tools (especially application scanners and secure static analysis tools) have error rates so high, they are useless in the hands of newcomers (even for peripheral security testing). Some organizations have built entire applications around or on top of existing appsec tools. Others are looking to use other kinds of tools, such as process/methodology/workflow tools, to enhance their classic penetration testing tools.<br />
<br />
Even the testing/inspection methodologies themselves are outdated and we're finding that they are challenging or repetitive in many environments. How do current appsec tools and testing/inspection methods work in the cloud? If we re-run the same kinds of tests during dev-test, software quality, and application security cycles, aren't we wasting valuable time and effort?<br />
<br />
This presentation will provide discussion around how to solve many of these and other challenges in application security. The focus will be on web applications that use common technologies (HTTP, SQL, Classic XML/HTML, Javascript, Flash) but also updated to today's standards (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).<br />
<br />
'''Bio:''' Andre got his start on Unix-TCP/IP hacking before the September that never ended. Bored of embedded platform research by the time the dot-Bomb happened, he joined the largest online auction company and worked as an appsec consultant for many years. He is known for his quirky mailing list posts and blog comments - and at one time wrote for [http://www.tssci-security.com/ tssci-security.com].<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:50 AM - 10:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:00 AM - 10:50 AM <br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andrew Becherer''' <br />
<br />
Senior Security Consultant, [https://www.isecpartners.com/ iSEC Partners]<br />
<br />
'''Topic:''' Attacking Kerberos and the New Hadoop Security Design<br />
<br />
The Kerberos protocol provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure network or application. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step.<br />
<br />
The Hadoop project's Hadoop Distributed File System and MapReduce engine comprise a robust, open source distributed computing platform. Hadoop is in use at many of the world's largest online media companies including Facebook, Fox Interactive Media, LinkedIn, Powerset (now part of Microsoft), and Twitter. Hadoop is entering the enterprise as evidenced by Hadoop World 2009 presentations from Booz Allen Hamilton and JP Morgan Chase. Hadoop has also been elevated to the "cloud" and made available as a service by Amazon and Sun. What the heck is it? Can it be secure? What do I do if I discover it on a network I am testing?<br />
<br />
When Hadoop development began in 2004 no effort was expended on creating a secure distributed computing environment. In 2009 discussion about Hadoop security reached a boiling point. The developers behind Hadoop decided they needed to get some of that "security" stuff. After a thorough application of Kerberos, Hadoop is now secure, or is it?<br />
<br />
This talk will provide an introduction to Kerberos attack scenarios, describe the new Hadoop security model and Kerberos's (limited) role in it. This talk aims to determine whether Hadoop was made any more secure through the application of Kerberos.<br />
<br />
'''Bio:''' Andrew Becherer is a Senior Security Consultant with iSEC Partners, a strategic digital security organization. His focus is web application and mobile application security. Prior to joining iSEC Partners, he was a Senior Consultant with Booz Allen Hamilton. Mr. Becherer spent several years as a Risk and Credit Analyst in the financial services industry. His experience in the software security field - consulting financial, non-profit and defense sectors - has provided him experience with a wide range of technologies.<br />
<br />
Mr. Becherer has lectured on a number of topics including emerging cloud computing threat models, virtualization, network security tools and embedded Linux development. At the Black Hat Briefings USA 2009, Andrew, along with researchers Alex Stamos and Nathan Wilcox, presented on the topic "Cloud Computing Models and Vulnerabilities:Raining on the Trendy New Parade." Andrew's research on this topic focused on the effect of elasticity and virtualization on the Linux pseudorandom number generator (PRNG). At Black Hat USA 2008, he was a Microsoft Defend the Flag (DTF) instructor and, he is a recurring speaker at the Linuxfest Northwest conference. In addition to his educational outreach work with user groups, he is a member of several nationally recognized organizations. These organizations include the Association of Computing Machinery (ACM), FBI InfraGard, and the Open Web Application Security Project (OWASP).<br />
<br />
Mr. Becherer received a B.S. in Computing and Software Systems from the University of Washington, Tacoma, and holds a B.A. in Sociology from the University of Kentucky. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:50 AM - 11:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 11:00 AM - 12:00 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Joe Teff''' <br />
<br />
Vice President - Manager Security Code Review, [https://www.wellsfargo.com/ Wells Fargo]<br />
<br />
Board Member, [[Minneapolis St Paul | OWASP MSP]]<br />
<br />
'''Topic:''' Can you implement a static analysis program using the OWASP Code Review Guide? <br />
<br />
Many companies are looking at implementing a static analysis program. This discussion will look at the [[OWASP_Code_Review_Project | OWASP Code Review Guide]] and the role it can play in developing a static analysis program. There are many decisions that need to be considered in building a program. We will look at these decisions and discuss the the options available.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 12:00 PM - 1:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Lunch<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 2:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Jason Rouse'''<br />
<br />
Principal Consultant, [https://www.cigital.com/ Cigital]<br />
<br />
'''Topic:''' Mobile Security <br />
<br />
Mobile applications enable millions of users to be more productive, have more fun, and interact with their world in more ways than ever before. We're approaching mobile applications with many of the same tried-and-true approaches that we've used in more traditional software, but what are the dangers? Mobile architectures run the gamut from simple web-based applications optimized for mobile displays to custom-built handset-specific applications that can interact directly with the mobile operating system. This talk will explore the hybrid mobile/web application approach, and discuss the threads binding it together - information protection and convergence. Mobile devices are unique in that they offer one of the most potentially hostile environments imaginable - privacy, compliance, and capture protection top the charts as the three most difficult issues facing mobile applications and those who use them. This talk will dive into specifics on what are today "mobile-only" threats; that is, those issues such as location-based services or text messages, and discover how they can be compromised, and how security practitioners can protect them and the back-end applications that service them.<br />
<br />
'''Bio:''' Jason Rouse brings over a decade of hands-on security experience while plying his craft at many of the leading companies in the world. He is currently responsible for many activities at Cigital including leading the mobile and wireless security practice, performing security architecture assessments, and being a trusted advisor to some of the world's largest development organizations. Jason is passionate about security, splitting his time between running Cigital's mobile and wireless practice and leading cutting-edge security projects around the world. At Cigital, in addition to his other responsibilities, Jason is also responsible for the creation of durable, actionable artifacts spanning the entire continuum of software security - from development standards to enterprise risk mitigation frameworks for both Fortune 50 customers and beyond. In his spare time he has also chaired the Financial Services Technology Consortium committee on Mobile Security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:20 PM - 2:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Coffee Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 3:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''David M. N. Bryan''' <br />
Pentester with[https://www.trustwave.com/spiderLabs.php Trustwave's SpiderLabs]<br />
<br />
'''Topic:''' Pentesting & Metasploit Fun!<br />
<br />
I've been having a blast using Metasploit, and thought that I would share some of the fun things that i've done with it, and how it can be used to make your life so much easier! This talk will touch on autopwn, sql exploits, meterper, karmetasploit, and hash cracking. Almost everything you would need to break a real network in no time flat.<br />
<br />
'''Bio:''' David has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment & pentest projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he runs the local DEFCON group, DC612, is the president of Twincities Makers group, and participates in the Minneapolis OWASP chapter. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:20 PM - 3:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Charles Henderson''' <br />
<br />
Director of Application Security Services, [https://www.trustwave.com/spiderLabs.php Trustwave's SpiderLabs]<br />
<br />
'''Topic:''' TBA<br />
<br />
'''Bio:''' Charles Henderson is the Director of Application Security Services in Trustwave's SpiderLabs. He has been in the information security industry for over fifteen years. His team specializes in application security including application penetration testing, code review, and training in secure<br />
development techniques. The team's clients range from the largest of the Fortune lists to small and midsized companies interested in improving their application security posture. Charles routinely speaks at various conferences around the world (including past Black Hat, SOURCE, IAFCI, OWASP AppSec USA, OWASP AppSec Europe, and Merchant Risk Council events) on various subject matters relating to application security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Closing Remarks<br />
|}<br />
<br />
[[Category:Minnesota]]<br />
<br />
__NOTOC__</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASP_Minneapolis_St_Paul_2010_Conference&diff=89716OWASP Minneapolis St Paul 2010 Conference2010-09-21T06:27:37Z<p>Videoman: </p>
<hr />
<div>Building on the success of the [[OWASP Minneapolis St Paul 2009 Conference | 2009]] talks, the [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] and [http://www.dc612.org/ DC612 local DEF CON chapter] will be hosting a day of talks on '''Friday, October 8, 2010''' at the [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus.<br />
<br />
<br />
'''See the [[OWASP_Minneapolis_St_Paul_2010_Conference#Agenda | Agenda]].'''<br><br>[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
== Sponsors ==<br />
A '''BIG''' thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.<br />
<br />
A special thank you goes out to Platinum Sponsor '''[http://www.bestbuy.com/ Best Buy]'''.<br />
<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]<br />
<br />
<br />
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!<br />
<br />
[[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AccuvantLogoNEW.jpg||120px|link=http://www.accuvant.com/]]<br />
<br />
<br />
== How to Sponsor ==<br />
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor this event. Sponsorship of the October 8, 2010 day of talks includes literature inclusion in attendee bags (up to 2 items), prominent display of your sponsor banner in the presentation room, and recognition for sponsorship of the event on this page, event mailings, and printed event materials.<br />
<br />
'''Sponsorship of day of talks:''' $500<br />
<br />
'''Sponsorship of day of talks plus have your logo on our chapter homepage for a year:''' $750<br />
<br />
Show your support for OWASP MSP as we get ready as hosts for OWASP AppSec USA 2011 in Minneapolis in September 2011!<br />
<br />
<br />
Click the following ''Donate'' button to submit your sponsorship.<br />
<br />
'''SPONSOR OWASP MSP'''<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
<br />
== Agenda ==<br />
<br />
'''Date:''' October 8, 2010<br />
<br />
'''Location:''' [http://www1.umn.edu/twincities/maps/StCen/ St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/second.php North Star Ballroom] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus<br><br>2017 Buford Avenue<br>St. Paul, MN 55108<br />
<br />
<br />
[[Image:Registerbutton.png|link=http://dayofsecuritytalks2010.eventbrite.com]]<br><br>''To cover the cost of food and beverages, a payment of $25 per attendee is requested for the day of talks. Credit card (online), check, money order, and "Pay by invoice" (PO) accepted. We place food orders based on the number of registrants.''<br />
<br />
<br />
{| border="0" width="80%"<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 8:00 AM - 8:30 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 8:30 AM - 9:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Adam Baso''', OWASP MSP President<br />
<br />
'''David Bryan''', DC612 President<br />
<br />
'''Lorna Alamri''', OWASP MSP Vice President <br />
<br />
'''Topic:''' Opening Remarks <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:00 AM - 9:50 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andre &quot;Dre&quot; Gironda''' <br />
<br />
'''Topic:''' Application Assessments Reloaded<br />
<br />
Trying to integrate Business Software Assurance into Enterprise Risk Management and Information Security Management programs has had issues over the years. Penetration testing was announced dead over a year ago, but it's still the number one choice of application security professionals when starting out. Can the activities from penetration testing be re-used and turned into something innovative?<br />
<br />
Tools (especially application scanners and secure static analysis tools) have error rates so high, they are useless in the hands of newcomers (even for peripheral security testing). Some organizations have built entire applications around or on top of existing appsec tools. Others are looking to use other kinds of tools, such as process/methodology/workflow tools, to enhance their classic penetration testing tools.<br />
<br />
Even the testing/inspection methodologies themselves are outdated and we're finding that they are challenging or repetitive in many environments. How do current appsec tools and testing/inspection methods work in the cloud? If we re-run the same kinds of tests during dev-test, software quality, and application security cycles, aren't we wasting valuable time and effort?<br />
<br />
This presentation will provide discussion around how to solve many of these and other challenges in application security. The focus will be on web applications that use common technologies (HTTP, SQL, Classic XML/HTML, Javascript, Flash) but also updated to today's standards (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).<br />
<br />
'''Bio:''' Andre got his start on Unix-TCP/IP hacking before the September that never ended. Bored of embedded platform research by the time the dot-Bomb happened, he joined the largest online auction company and worked as an appsec consultant for many years. He is known for his quirky mailing list posts and blog comments - and at one time wrote for [http://www.tssci-security.com/ tssci-security.com].<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 9:50 AM - 10:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:00 AM - 10:50 AM <br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Andrew Becherer''' <br />
<br />
Senior Security Consultant, [https://www.isecpartners.com/ iSEC Partners]<br />
<br />
'''Topic:''' Attacking Kerberos and the New Hadoop Security Design<br />
<br />
The Kerberos protocol provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication. However, simply "adding a dash of Kerberos" does not make a magically secure network or application. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step.<br />
<br />
The Hadoop project's Hadoop Distributed File System and MapReduce engine comprise a robust, open source distributed computing platform. Hadoop is in use at many of the world's largest online media companies including Facebook, Fox Interactive Media, LinkedIn, Powerset (now part of Microsoft), and Twitter. Hadoop is entering the enterprise as evidenced by Hadoop World 2009 presentations from Booz Allen Hamilton and JP Morgan Chase. Hadoop has also been elevated to the "cloud" and made available as a service by Amazon and Sun. What the heck is it? Can it be secure? What do I do if I discover it on a network I am testing?<br />
<br />
When Hadoop development began in 2004 no effort was expended on creating a secure distributed computing environment. In 2009 discussion about Hadoop security reached a boiling point. The developers behind Hadoop decided they needed to get some of that "security" stuff. After a thorough application of Kerberos, Hadoop is now secure, or is it?<br />
<br />
This talk will provide an introduction to Kerberos attack scenarios, describe the new Hadoop security model and Kerberos's (limited) role in it. This talk aims to determine whether Hadoop was made any more secure through the application of Kerberos.<br />
<br />
'''Bio:''' Andrew Becherer is a Senior Security Consultant with iSEC Partners, a strategic digital security organization. His focus is web application and mobile application security. Prior to joining iSEC Partners, he was a Senior Consultant with Booz Allen Hamilton. Mr. Becherer spent several years as a Risk and Credit Analyst in the financial services industry. His experience in the software security field - consulting financial, non-profit and defense sectors - has provided him experience with a wide range of technologies.<br />
<br />
Mr. Becherer has lectured on a number of topics including emerging cloud computing threat models, virtualization, network security tools and embedded Linux development. At the Black Hat Briefings USA 2009, Andrew, along with researchers Alex Stamos and Nathan Wilcox, presented on the topic "Cloud Computing Models and Vulnerabilities:Raining on the Trendy New Parade." Andrew's research on this topic focused on the effect of elasticity and virtualization on the Linux pseudorandom number generator (PRNG). At Black Hat USA 2008, he was a Microsoft Defend the Flag (DTF) instructor and, he is a recurring speaker at the Linuxfest Northwest conference. In addition to his educational outreach work with user groups, he is a member of several nationally recognized organizations. These organizations include the Association of Computing Machinery (ACM), FBI InfraGard, and the Open Web Application Security Project (OWASP).<br />
<br />
Mr. Becherer received a B.S. in Computing and Software Systems from the University of Washington, Tacoma, and holds a B.A. in Sociology from the University of Kentucky. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 10:50 AM - 11:00 AM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 11:00 AM - 12:00 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Joe Teff''' <br />
<br />
Vice President - Manager Security Code Review, [https://www.wellsfargo.com/ Wells Fargo]<br />
<br />
Board Member, [[Minneapolis St Paul | OWASP MSP]]<br />
<br />
'''Topic:''' Can you implement a static analysis program using the OWASP Code Review Guide? <br />
<br />
Many companies are looking at implementing a static analysis program. This discussion will look at the [[OWASP_Code_Review_Project | OWASP Code Review Guide]] and the role it can play in developing a static analysis program. There are many decisions that need to be considered in building a program. We will look at these decisions and discuss the the options available.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 12:00 PM - 1:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Lunch<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 2:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Jason Rouse'''<br />
<br />
Principal Consultant, [https://www.cigital.com/ Cigital]<br />
<br />
'''Topic:''' Mobile Security <br />
<br />
Mobile applications enable millions of users to be more productive, have more fun, and interact with their world in more ways than ever before. We're approaching mobile applications with many of the same tried-and-true approaches that we've used in more traditional software, but what are the dangers? Mobile architectures run the gamut from simple web-based applications optimized for mobile displays to custom-built handset-specific applications that can interact directly with the mobile operating system. This talk will explore the hybrid mobile/web application approach, and discuss the threads binding it together - information protection and convergence. Mobile devices are unique in that they offer one of the most potentially hostile environments imaginable - privacy, compliance, and capture protection top the charts as the three most difficult issues facing mobile applications and those who use them. This talk will dive into specifics on what are today "mobile-only" threats; that is, those issues such as location-based services or text messages, and discover how they can be compromised, and how security practitioners can protect them and the back-end applications that service them.<br />
<br />
'''Bio:''' Jason Rouse brings over a decade of hands-on security experience while plying his craft at many of the leading companies in the world. He is currently responsible for many activities at Cigital including leading the mobile and wireless security practice, performing security architecture assessments, and being a trusted advisor to some of the world's largest development organizations. Jason is passionate about security, splitting his time between running Cigital's mobile and wireless practice and leading cutting-edge security projects around the world. At Cigital, in addition to his other responsibilities, Jason is also responsible for the creation of durable, actionable artifacts spanning the entire continuum of software security - from development standards to enterprise risk mitigation frameworks for both Fortune 50 customers and beyond. In his spare time he has also chaired the Financial Services Technology Consortium committee on Mobile Security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:20 PM - 2:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Coffee Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 3:20 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''David M. N. Bryan''' <br />
<br />
'''Topic:''' Pentesting & Metasploit Fun!<br />
<br />
I've been having a blast using Metasploit, and thought that I would share some of the fun things that i've done with it, and how it can be used to make your life so much easier! This talk will touch on autopwn, sql exploits, meterper, karmetasploit, and hash cracking. Almost everything you would need to break a real network in no time flat.<br />
<br />
'''Bio:''' David has 10 years of computer security experience, including consulting, engineering, and administration. He has performed security assessment & pentest projects in the healthcare, nuclear, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he runs the local DEFCON group, DC612, is the president of Twincities Makers group, and participates in the Minneapolis OWASP chapter. <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:20 PM - 3:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |<br />
'''Charles Henderson''' <br />
<br />
Director of Application Security Services, [https://www.trustwave.com/spiderLabs.php Trustwave SpiderLabs]<br />
<br />
'''Topic:''' TBA<br />
<br />
'''Bio:''' Charles Henderson is the Director of Application Security Services in Trustwave's SpiderLabs. He has been in the information security industry for over fifteen years. His team specializes in application security including application penetration testing, code review, and training in secure<br />
development techniques. The team's clients range from the largest of the Fortune lists to small and midsized companies interested in improving their application security posture. Charles routinely speaks at various conferences around the world (including past Black Hat, SOURCE, IAFCI, OWASP AppSec USA, OWASP AppSec Europe, and Merchant Risk Council events) on various subject matters relating to application security.<br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Closing Remarks<br />
|}<br />
<br />
[[Category:Minnesota]]<br />
<br />
__NOTOC__</div>Videomanhttps://wiki.owasp.org/index.php?title=AppSec_US_2010,_CA&diff=87880AppSec US 2010, CA2010-08-23T21:02:18Z<p>Videoman: /* Welcome to AppSec&nbsp;USA 2010 */</p>
<hr />
<div>__NOTOC__ <br />
<br />
<br>[[Image:Appsec banner.png|468x60px|AppSec USA 2010 Banner]] <br />
<br />
= Welcome to AppSec&nbsp;USA 2010 =<br />
<br />
{| class="FCK__ShowTableBorders" border="0" width="100%" align="center"<br />
|-<br />
| style="background: rgb(238,235,226); color: black" colspan="4" align="left" | <br />
For complete information, please visit [http://www.appsecusa.org AppSec US 2010 Website] <br>Training and Presentation Schedules Available Now! <br />
<br />
Training Days<br>Sept 7-8: [http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=Training_September_7th_.26_8th Schedule of Classes] <br />
<br />
Presentation Schedule<br>Sept 9th: [http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=September_9th Schedule of Talks]<br>Sept 10th:&nbsp;[http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=September_10th Schedule of Talks]<br />
<br />
|}<br />
<br />
{| style="width: 100%" class="FCK__ShowTableBorders"<br />
|-<br />
| style="width: 100%; color: rgb(0,0,0)" | <br />
{| style="width: 100%; background: none transparent scroll repeat 0% 0%; -moz-background-inline-policy: continuous" class="FCK__ShowTableBorders"<br />
|-<br />
| style="width: 95%; color: rgb(0,0,0)" | <br />
'''Latest Updates:''' <br />
<br />
Dr. Chenxi Wang of Forrester Research added as keynote speaker for September 9. <br />
<br />
@chenxiwang tweets at http://twitter.com/chenxiwang.'''<br>'''<br />
<br />
|}<br />
<br />
<!-- Twitter Box --><br />
<br />
| style="border-bottom: rgb(204,204,204) 0px solid; border-left: rgb(204,204,204) 0px solid; width: 100%; color: rgb(0,0,0); font-size: 95%; border-top: rgb(204,204,204) 0px solid; border-right: rgb(204,204,204) 0px solid" | <!-- DON'T REMOVE ME, I'M STRUCTURAL <br />
<br />
{|<br />
|-<br />
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" | <br />
<!--<br />
Use the '''[http://twitter.com/appsec2010 #AppSec2010]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSec2010 Twitter Feed ([http://twitter.com/appsec2010 follow us on Twitter!])''' <twitter>appec2010</twitter>--><br />
| style="width: 110px; color: rgb(0,0,0); font-size: 95%" | <br />
|}<br />
<br />
<!-- End Banner --><br />
<br />
==== Training September 7th &amp; 8th ====<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T1. Web Security Testing - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester. <br />
The course includes a guided penetration test in which the students will execute security test with the help of the instructor.<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | Instructor: Joe Basirico, Security Innovation<br />
|-<br />
| style="background: rgb(242,242,242)" | [[Learn More About the Web Security Testing Class]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|}<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities. <br />
Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | Instructor: Dave Wichers: [[Image:Aspect logo.gif]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [[Learn More about the Building Secure Ajax and Web 2.0 Applications Class]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | <br />
This course will focus on using open source tools to perform web application assessments.&nbsp; The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-‐WTF).&nbsp; <br />
<br />
Day one will take students through the steps and open source tools used to assess application for vulnerabilities.<br><br />
<br />
Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks.&nbsp; The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | <br />
Instructor: Jason Searle: InGuardians [[Image:InGuardians.png|36x39px]]<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T4. Application Security Leadership Essentials - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.<br />
|-<br />
| style="background: rgb(242,242,242)" | Instructor: Jeff Williams: [[Image:Aspect logo.gif]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [[Learn More about the Application Security Leadership Essentials Class]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675<br />
|-<br />
| style="background: rgb(242,242,242)" | This class teaches attendees how to fix security vulnerabilities in existing software. It provides a mix of discussion of project concerns for planning and managing remediation efforts with hands-on coding examples fixing specific vulnerabilities. Attendees will learn how to risk-rank vulnerabilities, estimate remediation tasks, perform coding fixes for vulnerabilities and demonstrate the effectiveness of fixes applied. The focus is on the practical: how to use limited resources to make significant improvements to the security of target applications. Code examples use the OWASP ESAPI Java and Microsoft Web Protection Library. Many classes teach developers how to build secure code from the ground up or teach security analysts how to test applications for security vulnerabilities. This class teaches developers and security analysts how to deal with their existing portfolio of insecure applications. <br />
Instructor: Dan Cornell: [[Image:AppSecDC2009-Sponsor-denim.gif]]<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|}<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T6. Live CD 1-Day - Sept 8th- $675<br />
|-<br />
| style="background: rgb(242,242,242)" | This class will will cover the full range of tools and documentation that OWASP provides under free and open licenses. When the class is complete, students will be familiar with a wide range of tools and techniques to test web applications. <br />
The class will include a DVD of OWASP tools and documentation for testing web applications. Additionally, the DVD will include the OWASP Web Testing Environment. OWASP WTE is a collection of tools and documentation for testing web applications available both as a bootable Live CD and virtual machines. Attendees to this class will receive a customized version of OWASP WTE. It will be provided as a virtual machine which includes the tools, documentation and the applications tested during class. It is a self-contained environment to learn web application testing the students can take from class to further hone their testing skills. <br />
<br />
Students are encouraged to bring a laptop to class. The virtualization software for OWASP WTE runs on Windows, OS X and Linux. Students with a laptop can follow along with the in class demonstrations to get hands on testing experience <br />
<br />
<br>Instructors: Matt Tesauro and Charles Henderson: [[Image:TrustwaveLogo.jpg]]<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|}<br />
<br />
<br><br />
<br />
==== September 9th ====<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
| style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 1 - September 9th, 2010''' <br />
<br><br />
<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | <br><br />
| style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium <br />
| style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom <br />
| style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 07:30-08:30 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Registration and Breakfast + Coffee<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 08:30-08:45 <br />
| style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 08:45-9:30 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Jeff Williams (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 9:30-10:15 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Chenxi Wang (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:15-10:35 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF kick-off (Emerald Bay)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:35-11:20 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | How I met your Girlfriend, ''Samy Kamkar''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | TBD<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 11:20-11:30 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 11:30-12:15 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | State of SSL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Threat Modeling Best Practices, ''Robert Zigweid, IOActive''<br><br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 12:15-13:15 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 13:30-14:15 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Bill Cheswick (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:15-14:25 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:25-15:10 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan, Trustwave's SpiderLabs & Michael Anderson, NetSPI''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:10-15:30 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:30-16:15 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, ''Dan Cornell, Denim Group''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | OWASP State of the Union, ''Tom Brennan, OWASP''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 16:15-16:25 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 16:25-17:10 <br />
| style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz<br />
|}<br />
<br />
==== September 10th ====<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
| style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 2 - September 10th, 2010''' <br />
<br><br />
<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | <br><br />
| style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium <br />
| style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom <br />
| style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 08:00-09:00 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 09:00-09:15 <br />
| style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Announcements (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 09:15-10:00 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: David Rice (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:00-10:10 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF (Emerald Bay)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:10-10:55 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Real Time Application Defenses - The Reality of AppSensor &amp; ESAPI, ''Michael Coates, Mozilla,''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:55-11:15 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 11:15-12:00 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, ''Joe Basirico, Security Innovation''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Session Management Security tips and Tricks, ''Lars Ewe, Cenzic''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, ''Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs''<br><br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 12:00-13:15 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 13:15-14:00 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: HD Moore (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:05-14:50 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | ''Symantec – Edward Bonver''<br>''Principal Software Engineer (moderator)<br>Symantec – Kelly FitzGerald<br>Senior Vulnerability Analyst<br>Microsoft – Katie Moussouris<br>Senior Security Strategist<br>Cigital – John Stephen<br>Senior Director<br>HP, TippingPoint -Daniel Holden<br>Director, DVLabs''<br />
<br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Agile + Security = FAIL, ''Adrian Lane''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:50-15:10 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:10-15:55 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Escalating Privileges through Database Trusts, ''Scott Sutherland and Antti Rantasaari, NetSPI''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Breaking Web Browsers, ''Jeremiah Grossman, WhiteHat Security''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:55-16:05 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 16:05-16:50 <br />
| style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes<br />
|}<br />
<br />
<br><br />
<br />
==== Sponsors ====<br />
<br />
We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our [http://www.appsecusa.org/become-a-sponsor.html List of Sponsorship Opportunities]&nbsp;(or [http://www.owasp.org/images/b/b3/OWASP_sponsorship_Irvine.pdf PDF]). <br />
<br />
Please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] for more information. <br />
<br />
Slots are going fast so contact us to sponsor today! <br />
<br />
<br><br />
<br />
<br><br />
<br />
== Gold Sponsors ==<br />
<br />
[[Image:Ibmneg blurgb.jpg]] [[Image:Fortify logo AppSec Research 2010.png]] &nbsp; &nbsp;[[Image:TrustwaveLogo.jpg]]<br><br />
<br />
== Silver Sponsors ==<br />
<br />
[[Image:Fishnet Logo AppSec.jpg]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Acunetix logo 200.png]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Barracuda Color Logo.jpg]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>[[Image:Cenziclogo.png]] &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; [[Image:Cigital-hor-color.JPG|120x65px]] &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Fujitsu-red-opt-b-150x56.gif|150x56px]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>[[Image:Netspi logo.png]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Whitehat security logo.gif]] &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; [[Image:Imperva Logo.gif]]<br>[[Image:Aspect logo owasp.jpg]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AppSecDC2009-Sponsor-aod.gif]]&nbsp;&nbsp; &nbsp; &nbsp;&nbsp; [[Image:Mavituna.jpg]] <br>[[Image:Sponsors-radware.jpg]] <br />
<br />
== Organizational Sponsors ==<br />
<br />
[[Image:Eccouncil.jpg]] &nbsp; &nbsp;&nbsp; [[Image:ISSA-LA icon.jpg]] <br />
<br />
=== Reception Sponsors ===<br />
<br />
=== Coffee Sponsors ===<br />
<br />
==== REGISTER NOW ====<br />
<br />
Click [http://www.appsecusa.org/register-now.html here]&nbsp; for registration information. <br><br />
<br />
[http://www.appsecusa.org/register-now.html http://www.appsecusa.org/register-now.html] <br />
<br />
<headertabs /><br />
<br />
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_USA]]</div>Videomanhttps://wiki.owasp.org/index.php?title=AppSec_US_2010,_CA&diff=87365AppSec US 2010, CA2010-08-05T23:16:24Z<p>Videoman: </p>
<hr />
<div><br>[[Image:Appsec banner.png|468x60px|AppSec USA 2010 Banner]] <br />
<br />
==== Welcome ====<br />
<br />
{| class="FCK__ShowTableBorders" border="0" width="100%" align="center"<br />
|-<br />
| style="width: 25%; background: rgb(240,230,140)" align="center" | [http://www.appsecusa.org/travel-and-venue.html Travel and Venue] <br />
| style="width: 25%; background: rgb(240,230,140)" align="center" | [http://www.appsecusa.org/become-a-sponsor.html Sponsor Information] <br />
| style="width: 25%; background: rgb(240,230,140)" align="center" | [http://www.appsecusa.org/volunteer-opportunities.html Volunteer Opportunities] <br />
| style="width: 25%; background: rgb(255,215,0)" align="center" | [http://www.appsecusa.org/register-now.html REGISTER NOW]<br />
|-<br />
| style="background: rgb(238,235,226); color: black" colspan="4" align="left" | <br />
<br>For complete information, please visit [http://www.appsecusa.org AppSec US 2010 Website] <br><br />
<br />
|}<br />
<br />
{| style="width: 100%" class="FCK__ShowTableBorders"<br />
|-<br />
| style="width: 100%; color: rgb(0,0,0)" | <br />
{| style="width: 100%; background: none transparent scroll repeat 0% 0%; -moz-background-inline-policy: continuous" class="FCK__ShowTableBorders"<br />
|-<br />
| style="width: 95%; color: rgb(0,0,0)" | <br />
'''Latest Updates:''' <br />
<br />
'''Training and conference agenda available''' <br />
<br />
'''Register now!''' Early-bird rates extended till July 31. <br />
<br />
'''<br>'''<br />
<br />
|}<br />
<br />
<!-- Twitter Box --><br />
<br />
| style="border-bottom: rgb(204,204,204) 0px solid; border-left: rgb(204,204,204) 0px solid; width: 100%; color: rgb(0,0,0); font-size: 95%; border-top: rgb(204,204,204) 0px solid; border-right: rgb(204,204,204) 0px solid" | <!-- DON'T REMOVE ME, I'M STRUCTURAL <br />
<br />
{|<br />
|-<br />
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" | <br />
<!--<br />
Use the '''[http://twitter.com/appsec2010 #AppSec2010]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSec2010 Twitter Feed ([http://twitter.com/appsec2010 follow us on Twitter!])''' <twitter>appec2010</twitter>--><br />
| style="width: 110px; color: rgb(0,0,0); font-size: 95%" | <br />
|}<br />
<br />
<!-- End Banner --><br />
<br />
==== Training September 7th &amp; 8th ====<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T1. Web Security Testing - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester. <br />
The course includes a guided penetration test in which the students will execute security test with the help of the instructor.<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | Instructor: Joe Basirico, Security Innovation<br />
|-<br />
| style="background: rgb(242,242,242)" | [[Learn More About the Web Security Testing Class]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|}<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities. <br />
Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
|-<br />
| style="background: rgb(242,242,242)" | [[Learn More about the Building Secure Ajax and Web 2.0 Applications Class]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | <br />
This course will focus on using open source tools to perform web application assessments.&nbsp; The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-‐WTF).&nbsp; <br />
<br />
Day one will take students through the steps and open source tools used to assess application for vulnerabilities.<br><br />
<br />
Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks.&nbsp; The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | <br />
Instructor: Jason Searle: InGuardians [[Image:InGuardians.png|36x40px]]<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T4. Application Security Leadership Essentials - 2-Days - $1350<br />
|-<br />
| style="background: rgb(242,242,242)" | In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.<br />
|-<br />
| style="background: rgb(242,242,242)" | Instructor: Jeff Williams: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
|-<br />
| style="background: rgb(242,242,242)" | [[Learn More about the Application Security Leadership Essentials Class]]<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675<br />
|-<br />
| style="background: rgb(242,242,242)" | Summary <br />
Instructor: Dan Cornell: [[Image:AppSecDC2009-Sponsor-denim.gif]]<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|}<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
! style="background: rgb(64,88,160); color: white" align="center" | T6. Live CD 1-Day - Sept 8th- $675<br />
|-<br />
| style="background: rgb(242,242,242)" | Summary <br />
Instructor: Matt Tesauro: [[Image:TrustwaveLogo.jpg]]<br />
<br />
|-<br />
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]<br />
|}<br />
<br />
<br><br />
<br />
==== September 9th ====<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
| style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 1 - September 9th, 2010''' <br />
<br><br />
<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | <br><br />
| style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium <br />
| style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom <br />
| style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 07:30-08:30 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Registration and Breakfast + Coffee<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 08:30-08:45 <br />
| style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 08:45-9:30 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Jeff Williams (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 9:30-10:15 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Chenxi Wang (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:15-10:35 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF kick-off (Emerald Bay)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:35-11:20 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | How I met your Girlfriend, ''Samy Kamkar''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Microsoft Security Development Lifecycle for Agile Development, ''Nick Coblentz, AT&amp;T''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 11:20-11:30 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 11:30-12:15 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | State of SSL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Threat Modeling Best Practices, Robert Zigweid, IOActive<br><br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 12:15-13:15 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 13:30-14:15 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Bill Cheswick (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:15-14:25 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:25-15:10 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan, Trustwave's SpiderLabs''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:10-15:30 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:30-16:15 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, ''Dan Cornell, Denim Group''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | OWASP State of the Union, ''Tom Brennan, OWASP''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 16:15-16:25 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 16:25-17:10 <br />
| style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz<br />
|}<br />
<br />
==== September 10th ====<br />
<br />
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
| style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 2 - September 10th, 2010''' <br />
<br><br />
<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | <br><br />
| style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium <br />
| style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom <br />
| style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 08:00-09:00 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 09:00-09:15 <br />
| style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Announcements (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 09:15-10:00 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: David Rice (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:00-10:10 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF (Emerald Bay)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:10-10:55 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Real Time Application Defenses - The Reality of AppSensor &amp; ESAPI, ''Michael Coates, Mozilla,''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 10:55-11:15 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 11:15-12:00 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, ''Ed Adams, Security Innovation''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Session Management Security tips and Tricks, ''Lars Ewe, Cenzic''<br><br />
<br><br />
<br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, ''Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs''<br><br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 12:00-13:15 <br />
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 13:15-14:00 <br />
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: HD Moore (Crystal Cove Auditorium)<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:05-14:50 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Panel Discussion: Vulnerability Lifecycle for Software Vendors, ''Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Agile + Security = FAIL, ''Adrian Lane''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 14:50-15:10 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:10-15:55 <br />
| style="width: 30%; background: rgb(188,133,122)" align="left" | Exploiting Networks through Database Weaknesses, ''Scott Sutherland, NetSPI''<br><br />
| style="width: 30%; background: rgb(188,165,122)" align="left" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br><br />
| style="width: 30%; background: rgb(153,255,153)" align="left" | ''TBD''<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 15:55-16:05 <br />
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF<br />
|-<br />
| style="width: 10%; background: rgb(123,138,189)" | 16:05-16:50 <br />
| style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes<br />
|}<br />
<br />
<br><br />
<br />
==== Sponsors ====<br />
<br />
We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our [http://www.appsecusa.org/become-a-sponsor.html List of Sponsorship Opportunities]&nbsp;(or [http://www.owasp.org/images/b/b3/OWASP_sponsorship_Irvine.pdf PDF]). <br />
<br />
Please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] for more information. <br />
<br />
Slots are going fast so contact us to sponsor today! <br />
<br />
&nbsp;&nbsp; &nbsp; <br />
<br />
{| style="background: none transparent scroll repeat 0% 0%; color: white; -moz-background-inline-policy: continuous" class="FCK__ShowTableBorders" border="0" cellspacing="10" align="center"<br />
|-<br />
| <br />
== Platinum Sponsors ==<br />
<br />
| <br />
| [File:Qualys-468-60.png] <br />
| <br />
| <br />
|-<br />
| &nbsp;<br />
|-<br />
| <br />
== Gold Sponsors ==<br />
<br />
| [[Image:Ibmneg blurgb.jpg]] <br />
| [[Image:Fortify logo AppSec Research 2010.png]] <br />
| <br />
|-<br />
| &nbsp;<br />
|-<br />
| <br />
== Silver Sponsors ==<br />
<br />
| [[Image:Fishnet_Logo_AppSec.jpg]] <br />
| [[Image:Acunetix logo 200.png]] <br />
| [[Image:Barracuda Color Logo.jpg]] <br />
| [[Image:Cenziclogo.png]]<br />
|-<br />
| [[Image:Cigital-hor-color.JPG|120px]] <br />
| [[Image:Fujitsu-red-opt-b-150x56.gif]] <br />
| [[Image:Netspi logo.png]] <br />
| <br />
|-<br />
| <br />
| <br />
| <br />
| <br />
|-<br />
| <br />
| <br />
| <br />
| <br />
|-<br />
| <br />
| <br />
| <br />
| <br />
|-<br />
| &nbsp;<br />
|-<br />
| &nbsp;<br />
|-<br />
| <br />
=== Organizational Sponsors ===<br />
<br />
| [[Image:Isc2 logo.gif|120px]] <br />
| <br />
|-<br />
| &nbsp;<br />
|-<br />
| <br />
=== Reception Sponsors ===<br />
<br />
| <br />
|-<br />
| <br />
=== Coffee Sponsors ===<br />
<br />
| <br />
| <br />
|}<br />
<br />
==== REGISTER NOW ====<br />
<br />
Click [http://www.appsecusa.org/register-now.html here]&nbsp; for registration information. <br><br />
<br />
[http://www.appsecusa.org/register-now.html http://www.appsecusa.org/register-now.html] <br />
<br />
<headertabs /><br />
<br />
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_USA]]</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=80930OWASPMSP Videos2010-04-04T17:02:47Z<p>Videoman: </p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous [http://www.owasp.org/index.php/Minneapolis_St_Paul OWASP Minneapolis/St. Paul (OWASP MSP)] talks and conferences.<br />
<br />
Going forward all of the video content will be on the Vimeo channel at [http://vimeo.com/channels/owaspmsp http://vimeo.com/channels/owaspmsp]<br />
<br />
== OWASP MSP 2010 Videos ==<br />
=== OWASP Chapter meetings ===<br />
February 22, 2010 - Michael Craigue - Enterprise Application Security Practices: Real-world Tips and Techniques [http://www.vimeo.com/groups/owaspmsp/videos/10514707 Vimeo Video Direct Link] <br />
<br />
<br />
== OWASP 2009 Videos ==<br />
=== OWASP MSP Half-Day Conference 2009 Presentations ===<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
=== OWASP MSP 2009 Local Chapter Presentations ===<br />
<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_VIMEO]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (81 minutes) (Vimeo). OWASP (MSP) - 21 September 2009<br />
<br />
;[[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_PDF]]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (Slides .PDF). OWASP (MSP) - 21 September 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP MSP 2008 ==<br />
<br />
=== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ===<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
=== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ===<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=80929OWASPMSP Videos2010-04-04T17:01:12Z<p>Videoman: </p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous [http://www.owasp.org/index.php/Minneapolis_St_Paul OWASP Minneapolis/St. Paul (OWASP MSP)] talks and conferences.<br />
<br />
== OWASP MSP 2010 Videos ==<br />
=== OWASP Chapter meetings ===<br />
February 22, 2010 - Michael Craigue - Enterprise Application Security Practices: Real-world Tips and Techniques [http://www.vimeo.com/groups/owaspmsp/videos/10514707 Vimeo Video Direct Link] <br />
<br />
<br />
== OWASP 2009 Videos ==<br />
=== OWASP MSP Half-Day Conference 2009 Presentations ===<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
=== OWASP MSP 2009 Local Chapter Presentations ===<br />
<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_VIMEO]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (81 minutes) (Vimeo). OWASP (MSP) - 21 September 2009<br />
<br />
;[[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_PDF]]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (Slides .PDF). OWASP (MSP) - 21 September 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP MSP 2008 ==<br />
<br />
=== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ===<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
=== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ===<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=80928OWASPMSP Videos2010-04-04T17:00:44Z<p>Videoman: </p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous [http://www.owasp.org/index.php/Minneapolis_St_Paul OWASP Minneapolis/St. Paul (OWASP MSP)] talks and conferences.<br />
<br />
== OWASP MSP 2010 Videos ==<br />
=== OWASP Chapter meetings ==<br />
February 22, 2010 - Mike Craigue - Enterprise Application Security Practices: Real-world Tips and Techniques [http://www.vimeo.com/groups/owaspmsp/videos/10514707 Vimeo Video Direct Link] <br />
<br />
<br />
== OWASP 2009 Videos ==<br />
=== OWASP MSP Half-Day Conference 2009 Presentations ===<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
=== OWASP MSP 2009 Local Chapter Presentations ===<br />
<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_VIMEO]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (81 minutes) (Vimeo). OWASP (MSP) - 21 September 2009<br />
<br />
;[[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_PDF]]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (Slides .PDF). OWASP (MSP) - 21 September 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP MSP 2008 ==<br />
<br />
=== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ===<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
=== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ===<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=80927OWASPMSP Videos2010-04-04T16:58:53Z<p>Videoman: </p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous [http://www.owasp.org/index.php/Minneapolis_St_Paul OWASP Minneapolis/St. Paul (OWASP MSP)] talks and conferences.<br />
<br />
== OWASP MSP 2010 Videos ==<br />
<br />
<br />
== OWASP 2009 ==<br />
=== OWASP MSP Half-Day Conference 2009 Presentations ===<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
=== OWASP MSP 2009 Local Chapter Presentations ===<br />
<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_VIMEO]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (81 minutes) (Vimeo). OWASP (MSP) - 21 September 2009<br />
<br />
;[[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_PDF]]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (Slides .PDF). OWASP (MSP) - 21 September 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP MSP 2008 ==<br />
<br />
=== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ===<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
=== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ===<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASP_Connections_Committee_-_Application_1&diff=76146OWASP Connections Committee - Application 12010-01-13T02:08:25Z<p>Videoman: </p>
<hr />
<div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE APPLICATION FORM''' <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''<br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">Lorna Alamri<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"| OWASP MSP VP<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP Connection Committee<br />
|}<br />
----<br />
<br />
<br />
----<br />
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. <br />
An incomplete application will not be considered for vote.<br />
----<br />
<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE RECOMMENDATIONS''' <br />
|- <br />
! align="center" style="background:white; color:white"|<font color="black"><br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Who Recommends/Name''' <br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Role in OWASP'''<br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Recommendation Content''' <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''1'''<br />
| style="width:20%; background:#cccccc" align="center"|Yiannis Pavlosoglou<br />
| style="width:20%; background:#cccccc" align="center"|Committee Member/Project Leader<br />
| style="width:57%; background:#cccccc" align="center"|Lorna's commitment and ability to getting info together, people moving and security geeks listening is flawless. Also, she is (by far) the best person to have next to you, while capturing any flag!<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''2'''<br />
| style="width:20%; background:#cccccc" align="center"|Colin Watson<br />
| style="width:20%; background:#cccccc" align="center"|Global Industry Committee<br />
| style="width:57%; background:#cccccc" align="center"|Producing the newsletter says it all. The Connections Committee should not exist without Lorna.<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''3'''<br />
| style="width:20%; background:#cccccc" align="center"|Kuai Hinojosa<br />
| style="width:20%; background:#cccccc" align="center"|Global Education Committee Chair<br />
| style="width:57%; background:#cccccc" align="center"|Lorna is the current VP for the MN Chapter, She was my right hand and the one who made things happen while I was chapter leader for the past two years. She is truly the BEST!!!!<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''4'''<br />
| style="width:20%; background:#cccccc" align="center"|Mark Bristow<br />
| style="width:20%; background:#cccccc" align="center"|Global Conferences Committee Chair<br />
| style="width:57%; background:#cccccc" align="center"|A better fit for this committee I can not think of. Lorna has excellent interpersonal communication skills and the willingness and ability to leverage them quite effectively. She'll do a great job.<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''5'''<br />
| style="width:20%; background:#cccccc" align="center"|David Bryan<br />
| style="width:20%; background:#cccccc" align="center"|Minneapolis OWASP Board Member<br />
| style="width:57%; background:#cccccc" align="center"|Lorna has shown great dedication to both OWASP MSP, and the overall OWASP community. Her support, communications, and drive help to move things along on a daily basis! If anyone can help to move things forward, she can! Lorna Rocks!!!<br />
|}<br />
----</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASP_Connections_Committee_-_Application_1&diff=76145OWASP Connections Committee - Application 12010-01-13T02:07:54Z<p>Videoman: </p>
<hr />
<div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE APPLICATION FORM''' <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''<br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">Lorna Alamri<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"| OWASP MSP VP<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP Connection Committee<br />
|}<br />
----<br />
<br />
<br />
----<br />
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. <br />
An incomplete application will not be considered for vote.<br />
----<br />
<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE RECOMMENDATIONS''' <br />
|- <br />
! align="center" style="background:white; color:white"|<font color="black"><br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Who Recommends/Name''' <br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Role in OWASP'''<br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Recommendation Content''' <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''1'''<br />
| style="width:20%; background:#cccccc" align="center"|Yiannis Pavlosoglou<br />
| style="width:20%; background:#cccccc" align="center"|Committee Member/Project Leader<br />
| style="width:57%; background:#cccccc" align="center"|Lorna's commitment and ability to getting info together, people moving and security geeks listening is flawless. Also, she is (by far) the best person to have next to you, while capturing any flag!<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''2'''<br />
| style="width:20%; background:#cccccc" align="center"|Colin Watson<br />
| style="width:20%; background:#cccccc" align="center"|Global Industry Committee<br />
| style="width:57%; background:#cccccc" align="center"|Producing the newsletter says it all. The Connections Committee should not exist without Lorna.<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''3'''<br />
| style="width:20%; background:#cccccc" align="center"|Kuai Hinojosa<br />
| style="width:20%; background:#cccccc" align="center"|Global Education Committee Chair<br />
| style="width:57%; background:#cccccc" align="center"|Lorna is the current VP for the MN Chapter, She was my right hand and the one who made things happen while I was chapter leader for the past two years. She is truly the BEST!!!!<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''4'''<br />
| style="width:20%; background:#cccccc" align="center"|Mark Bristow<br />
| style="width:20%; background:#cccccc" align="center"|Global Conferences Committee Chair<br />
| style="width:57%; background:#cccccc" align="center"|A better fit for this committee I can not think of. Lorna has excellent interpersonal communication skills and the willingness and ability to leverage them quite effectively. She'll do a great job.<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''5'''<br />
| style="width:20%; background:#cccccc" align="center"|David Bryan<br />
| style="width:20%; background:#cccccc" align="center"|Minneapolis OWASP Board Member<br />
| style="width:57%; background:#cccccc" align="center"|Lorna has shown great dedication to both OWASP MSP, and the overall OWASP community. Her support, communications, and drive help to move things along on a daily basis! I anyone can help to move things forward, she can! Lorna Rocks!!!<br />
|}<br />
----</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=73201OWASPMSP Videos2009-11-13T17:19:02Z<p>Videoman: /* OWASP MSP Videos */</p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous [http://www.owasp.org/index.php/Minneapolis_St_Paul OWASP Minneapolis/St. Paul (OWASP MSP)] talks and conferences.<br />
<br />
== OWASP MSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASP MSP 2009 Local Chapter Presentations ==<br />
<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_VIMEO]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (81 minutes) (Vimeo). OWASP (MSP) - 21 September 2009<br />
<br />
;[[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_PDF]]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (Slides .PDF). OWASP (MSP) - 21 September 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=73200OWASPMSP Videos2009-11-13T17:14:14Z<p>Videoman: /* OWASP MSP 2009 Local Chapter Presentations */</p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous OWASP Minneapolis/St. Paul (OWASP MSP) talks and conferences.<br />
<br />
== OWASP MSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASP MSP 2009 Local Chapter Presentations ==<br />
<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_VIMEO]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (81 minutes) (Vimeo). OWASP (MSP) - 21 September 2009<br />
<br />
;[[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|OWASP_MSP_Ryan_Barnett_The_Web_Hacking_Incidents_Database_WHID_Bi_Annual_Report_2009_January_June_PDF]]<br />
:OWASP Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) (Slides .PDF). OWASP (MSP) - 21 September 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=73199Minneapolis St Paul2009-11-13T17:13:25Z<p>Videoman: /* Meetings and More */</p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091116chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, November 16, 2009 local chapter meeting - '''Matt Tesauro''', Project Lead for the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD] (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, November 16, 2009 - Matt Tesauro<br/>Project Lead for the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD] ===<br />
<br />
'''[http://owaspmsp20091116chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' November 16th, 2009<br />
<br />
'''Location / Venue Sponsor:''' UAW-Ford-MnSCU Training Center, 966 S Mississippi River Blvd, Saint Paul MN 55116 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?hl=en&q=966+S+Mississippi+River+Blvd+Saint+Paul,+MN+55116 Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''Matt Tesauro'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' [http://www.strategicit.org/ Center for Strategic IT & Security] for sponsoring our meeting location. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
'''Speaker Topic:'''<br />
<br />
The OWASP Live CD is a project that collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. The Live CD also contains documentation and an interactive learning environment to enhance users web application security knowledge. This presentation will cover the current state of the OWASP Live CD since the Live CD has recently undergone significant updates and additions. Also, the various methods of using the OWASP Live CD will be covered including virtualized versions. Time permitting, a live demonstration of the OWASP Live CD will be conducted. The OWASP Live CD is a project of the Open Web Application Security Project (OWASP) and is free for commercial or noncommercial use. More information is available at http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project.<br />
<br />
'''Speaker Bio:'''<br />
<br />
Matt Tesauro has worked in web application development and security since 2000. He has worn many different hats, from developer to DBA to System Administrator to Penetration Tester. Matt also taught graduate and undergraduate classes on web application development and XML at Texas A&M University. Currently, he's focused on web application security and developing a Secure SDLC for the Texas Education Agency. Outside work, he is the project lead for the OWASP Live CD, a member of the OWASP Global Tools and Projects Committee, part of the local OWASP chapter's leadership and the membership directory of ISSA of Austin, Texas. Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University. He is also has the CISSP, CEH (Certified Ethical Hacker), RHCE (Red Hat Certified Engineer), and Linux+ certifications.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at [[OWASPMSP_Videos]] and [http://vimeo.com/channels/owaspmsp OWASP MSP Vimeo Channel]<br />
<br />
=== Most Recent Content ===<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) - OWASP (MSP) - 21 September 2009 (81 minutes) [http://vimeo.com/groups/owaspmsp/videos/7093235 Vimeo Video] | [[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|PDF]]<br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=73198Minneapolis St Paul2009-11-13T17:12:43Z<p>Videoman: /* Meetings and More */</p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091116chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, November 16, 2009 local chapter meeting - '''Matt Tesauro''', Project Lead for the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD] (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, November 16, 2009 - Matt Tesauro<br/>Project Lead for the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD] ===<br />
<br />
'''[http://owaspmsp20091116chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' November 16th, 2009<br />
<br />
'''Location / Venue Sponsor:''' UAW-Ford-MnSCU Training Center, 966 S Mississippi River Blvd, Saint Paul MN 55116 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?hl=en&q=966+S+Mississippi+River+Blvd+Saint+Paul,+MN+55116 Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''Matt Tesauro'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' [http://www.strategicit.org/ Center for Strategic IT & Security] for sponsoring our meeting location. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
'''Speaker Topic:'''<br />
<br />
The OWASP Live CD is a project that collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. The Live CD also contains documentation and an interactive learning environment to enhance users web application security knowledge. This presentation will cover the current state of the OWASP Live CD since the Live CD has recently undergone significant updates and additions. Also, the various methods of using the OWASP Live CD will be covered including virtualized versions. Time permitting, a live demonstration of the OWASP Live CD will be conducted. The OWASP Live CD is a project of the Open Web Application Security Project (OWASP) and is free for commercial or noncommercial use. More information is available at http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project.<br />
<br />
'''Speaker Bio:'''<br />
<br />
Matt Tesauro has worked in web application development and security since 2000. He has worn many different hats, from developer to DBA to System Administrator to Penetration Tester. Matt also taught graduate and undergraduate classes on web application development and XML at Texas A&M University. Currently, he's focused on web application security and developing a Secure SDLC for the Texas Education Agency. Outside work, he is the project lead for the OWASP Live CD, a member of the OWASP Global Tools and Projects Committee, part of the local OWASP chapter's leadership and the membership directory of ISSA of Austin, Texas. Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University. He is also has the CISSP, CEH (Certified Ethical Hacker), RHCE (Red Hat Certified Engineer), and Linux+ certifications.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at [[OWASPMSP_Videos]] and [http://vimeo.com/channels/owaspmsp Vimeo OWASP MSP Channel]<br />
<br />
=== Most Recent Content ===<br />
Chris Nickerson - Red Team Testing - 5 October, 2009 (78 Minutes) [http://vimeo.com/groups/owaspmsp/videos/7593801 Vimeo Video Direct Link]<br />
<br />
Ryan Barnett - The Web Hacking Incidents Database (WHID), Bi-Annual Report 2009 (January - June) - OWASP (MSP) - 21 September 2009 (81 minutes) [http://vimeo.com/groups/owaspmsp/videos/7093235 Vimeo Video] | [[Media:The Web Hacking Incidents Database - 2009 Bi-Annual Report.pdf|PDF]]<br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=71645Minneapolis St Paul2009-10-16T23:34:26Z<p>Videoman: /* Most Recent Content */</p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, October 5, 2009 local chapter meeting - '''CHRIS NICKERSON''' (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, October 5, 2009 - CHRIS NICKERSON<br/>of [http://www.trutv.com/video/shows/tiger-team.html Tiger Team] fame ===<br />
<br />
'''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' October 5th, 2009<br />
<br />
'''Location / Venue Sponsor:''' Sogeti USA, 2 Meridian Xing Ste # 670, Richfield MN 55423 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=2+Meridian+Xing,+Richfield,+MN+55423&sll=44.869679,-93.274355&sspn=0.029685,0.090895&ie=UTF8&ll=44.864919,-93.296049&spn=0.007802,0.022724&z=16&iwloc=A Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''CHRIS NICKERSON'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' Sogeti USA for hosting. MN OWASP is currently looking for meeting location suggestions. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at [[OWASPMSP_Videos]]<br />
<br />
=== Most Recent Content ===<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 Ryan Barnett presenting on Web Hacking Incidents Database, Bi-Annual Report for 2009] - September 21, 2009 recording. <br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=71644Minneapolis St Paul2009-10-16T23:33:40Z<p>Videoman: /* Most Recent Content */</p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, October 5, 2009 local chapter meeting - '''CHRIS NICKERSON''' (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, October 5, 2009 - CHRIS NICKERSON<br/>of [http://www.trutv.com/video/shows/tiger-team.html Tiger Team] fame ===<br />
<br />
'''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' October 5th, 2009<br />
<br />
'''Location / Venue Sponsor:''' Sogeti USA, 2 Meridian Xing Ste # 670, Richfield MN 55423 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=2+Meridian+Xing,+Richfield,+MN+55423&sll=44.869679,-93.274355&sspn=0.029685,0.090895&ie=UTF8&ll=44.864919,-93.296049&spn=0.007802,0.022724&z=16&iwloc=A Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''CHRIS NICKERSON'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' Sogeti USA for hosting. MN OWASP is currently looking for meeting location suggestions. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at [[OWASPMSP_Videos]]<br />
<br />
=== Most Recent Content ===<br />
<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 Ryan Barnett presenting on Web Hacking Incidents Database, Bi-Annual Report for 2009] OWASP MSP local meeting, September 21, 2009 recording. <br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=71643Minneapolis St Paul2009-10-16T23:32:43Z<p>Videoman: /* Meetings and More */</p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, October 5, 2009 local chapter meeting - '''CHRIS NICKERSON''' (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, October 5, 2009 - CHRIS NICKERSON<br/>of [http://www.trutv.com/video/shows/tiger-team.html Tiger Team] fame ===<br />
<br />
'''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' October 5th, 2009<br />
<br />
'''Location / Venue Sponsor:''' Sogeti USA, 2 Meridian Xing Ste # 670, Richfield MN 55423 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=2+Meridian+Xing,+Richfield,+MN+55423&sll=44.869679,-93.274355&sspn=0.029685,0.090895&ie=UTF8&ll=44.864919,-93.296049&spn=0.007802,0.022724&z=16&iwloc=A Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''CHRIS NICKERSON'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' Sogeti USA for hosting. MN OWASP is currently looking for meeting location suggestions. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at [[OWASPMSP_Videos]]<br />
<br />
=== Most Recent Content ===<br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=71642Minneapolis St Paul2009-10-16T23:31:20Z<p>Videoman: /* Meetings and More */</p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, October 5, 2009 local chapter meeting - '''CHRIS NICKERSON''' (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, October 5, 2009 - CHRIS NICKERSON<br/>of [http://www.trutv.com/video/shows/tiger-team.html Tiger Team] fame ===<br />
<br />
'''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' October 5th, 2009<br />
<br />
'''Location / Venue Sponsor:''' Sogeti USA, 2 Meridian Xing Ste # 670, Richfield MN 55423 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=2+Meridian+Xing,+Richfield,+MN+55423&sll=44.869679,-93.274355&sspn=0.029685,0.090895&ie=UTF8&ll=44.864919,-93.296049&spn=0.007802,0.022724&z=16&iwloc=A Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''CHRIS NICKERSON'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' Sogeti USA for hosting. MN OWASP is currently looking for meeting location suggestions. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at https://www.owasp.org/index.php/Category:OWASP_Video#Videos<br />
<br />
=== Most Recent Content ===<br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=71641Minneapolis St Paul2009-10-16T23:29:28Z<p>Videoman: </p>
<hr />
<div>__NOTOC__<br />
{{Chapter Template|chaptername=Minneapolis-St. Paul (OWASP MSP)|extra=The chapter president is [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa], the vice president is [mailto:lorna.alamri@owasp.org Lorna Alamri], and the transitional president is [mailto:adam.baso@owasp.org Adam Baso].<br><br>The OWASP Minneapolis-St. Paul (OWASP MSP) chapter held [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br><br>'''Up Next:''' '''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER NOW]''' for the Monday, October 5, 2009 local chapter meeting - '''CHRIS NICKERSON''' (room opens at 5:30 PM Central Time, speaker at 6:30 PM Central Time) - see below for details.<br><br>|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=https://lists.owasp.org/pipermail/owasp-twincities}}<br />
<br />
<br />
== Sponsorship/Membership ==<br />
<paypal>Minneapolis St Paul</paypal><br />
<br />
Or consider the value of [http://www.owasp.org/index.php/Membership Individual, Organization, or Accredited University Supporter membership] to contribute to better application security in the Minneapolis-Saint Paul area, surrounding Twin Cities metropolitan region, greater Minnesota, and the global software community.<br />
<br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
The OWASP MSP chapter is very thankful for<br />
<br />
* generous financial support from [[Membership#Categories_of_Membership_.26_Supporters|Organization Supporter]] and Local Chapter Supporter '''[http://www.bestbuy.com/ Best Buy]'''.<br />
* reliable monthly meeting locations from Local Chapter Supporter '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]'''.<br />
* sustained booth sponsorship, monthly meeting sponsorship, and more from Local Chapter Supporter '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
== Meetings and More ==<br />
<br />
=== Videos ===<br />
<br />
The videos have been moved to their own page now, please see [[OWASPMSP_Videos]] for past talks and conference videos.<br />
<br />
==== Upcoming Meetings and Events ====<br />
<br />
=== Monday, October 5, 2009 - CHRIS NICKERSON<br/>of [http://www.trutv.com/video/shows/tiger-team.html Tiger Team] fame ===<br />
<br />
'''[http://owaspmsp20091005chaptermeeting.eventbrite.com/ REGISTER]'''<br />
<br />
'''Date:''' October 5th, 2009<br />
<br />
'''Location / Venue Sponsor:''' Sogeti USA, 2 Meridian Xing Ste # 670, Richfield MN 55423 <br />
<br />
'''Map and Directions:''' [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=2+Meridian+Xing,+Richfield,+MN+55423&sll=44.869679,-93.274355&sspn=0.029685,0.090895&ie=UTF8&ll=44.864919,-93.296049&spn=0.007802,0.022724&z=16&iwloc=A Google Maps]<br />
<br />
'''Agenda:'''<br />
<br />
'''5:30 PM ''' Room opens for networking<br />
<br />
'''6:00 PM''' Welcome: OWASP chapter updates<br />
<br />
'''6:30 PM''' '''CHRIS NICKERSON'''<br />
<br />
'''8:00 PM''' - Upcoming events reminder and meeting wrap-up<br />
<br />
'''Thank You:''' Sogeti USA for hosting. MN OWASP is currently looking for meeting location suggestions. Please contact Lorna at [mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org] or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP meeting.<br />
<br />
=== Stay Updated ===<br />
<br />
'''[https://lists.owasp.org/mailman/listinfo/owasp-twincities Click here to join the local chapter mailing list]'''<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
'''Share''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&summary=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=Checking%20out%20OWASP%20MSP%20at%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul.]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page&bodytext=Official%20OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20home%20page.%20Video%2C%20audio%2C%20slides%2C%20and%20other%20information%20on%20previous%20and%20upcoming%20chapter%20meetings%2C%20events%2C%20and%20conferences.]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FMinneapolis_St_Paul&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%20Home%20Page]]<br />
<br />
=== Secure360 ===<br />
[http://www.secure360.org/ Secure360] is an annual<br />
conference providing high quality educational sessions and networking<br />
opportunities while working to identify developing trends in risk<br />
management, physical security, governance, audit, information security,<br />
contingency planning and human capital.<br />
<br />
=== DC612 Meetings ===<br />
DC612 meets the 2nd Thursday of the month<br /><br />
http://www.dc612.org/<br />
<br />
==== Video/Audio/Slides/Handouts ====<br />
<br />
Videos of several past meetings are available at https://www.owasp.org/index.php/Category:OWASP_Video#Videos<br />
<br />
=== Most Recent Content ===<br />
<br />
[[OWASP Minneapolis St Paul 2009_Conference | OWASP Minneapolis-St. Paul 2009 Half-day Conference - 24 August 2009]] - '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''<br />
<br />
Robert Sullivan - Open This First: A job-oriented guide to software security resources - OWASP (MSP) - 27 July 2009 (68 minutes) [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 MP3] | [[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|PDF]] | [http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 MP4...please right click and save] | [http://mspsullivan.home.mchsi.com More Material]<br />
<br />
Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym - OWASP (MSP) - 29 June 2009 (55 minutes) [http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 Slidecast] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 MP3] | [[Media:20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx| PPTX]] | [http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 MP4...please right click and save]<br />
<br />
Gunnar Peterson - OWASP Top Ten Web Services - OWASP (MSP) - 27 April 2009 (1 hour, 27 minutes) [http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 MP4...please right click and save] | Slides Forthcoming<br />
<br />
Dan Cornell - Vulnerability Management in an Application Security World - OWASP (MSP) - 16 March 2009 (1 hour, 52 minutes) [http://video.google.com/videoplay?docid=3200887090385342211&hl=en Google Video] | [[Media:VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf|PDF]]<br />
<br />
==== Previous Events ====<br />
<br />
=== OWASP Minneapolis-St. Paul 2009 Half Day Conference - August 24, 2009 ===<br />
<br />
Thanks again for another year to all who joined us for [[OWASP Minneapolis St Paul 2009_Conference | an afternoon of information security presentations on August 24, 2009]] at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. [[OWASP Minneapolis St Paul 2009_Conference | Visit the conference page for a recap]] or '''[http://vimeo.com/channels/owaspmsp watch the video at Vimeo]'''.<br />
<br />
=== OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008 ===<br />
<br />
Thanks to all who joined us on October 21, 2008 for a [[OWASP_Minneapolis_St_Paul_2008_Conference | mini conference in October 2008]] at University of Minnesota's Saint Paul campus. Our first conference was a great success, with around 150 people attending! We were fortunate to have even higher attendance in 2009.<br />
<br />
==== Chapter Leaders/Contacts ====<br />
'''President:''' [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]<br />
<br />
'''Vice President:''' [mailto:lorna.alamri@owasp.org Lorna Alamri]<br />
<br />
'''Transitional President:''' [mailto:adam.baso@owasp.org Adam Baso]<br />
<br />
'''Board Member and Former OWASP MSP President:''' Robert Sullivan<br />
<br />
'''Board Member:''' David Bryan<br />
<br />
'''Board Member:''' Joe T<br />
<headertabs/><br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=71640OWASPMSP Videos2009-10-16T23:09:24Z<p>Videoman: /* OWASPMSP 2009 Local Chapter Presentations */</p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous Minneapolis/St. Paul (OWASPMSP) talks and conferences.<br />
<br />
== OWASPMSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASPMSP 2009 Local Chapter Presentations ==<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 Ryan Barnett presenting on Web Hacking Incidents Database, Bi-Annual Report for 2009] OWASP MSP local meeting, September 21, 2009 recording. <br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=71639OWASPMSP Videos2009-10-16T23:08:51Z<p>Videoman: /* OWASPMSP 2009 Local Chapter Presentations */</p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous Minneapolis/St. Paul (OWASPMSP) talks and conferences.<br />
<br />
== OWASPMSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASPMSP 2009 Local Chapter Presentations ==<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 Ryan Barnett presenting on Web Hacking Incidents Database, Bi-Annual Report for 2009] September 21, 2009 meeting recording. <br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=71638OWASPMSP Videos2009-10-16T23:04:46Z<p>Videoman: /* OWASPMSP 2009 Local Chapter Presentations */</p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous Minneapolis/St. Paul (OWASPMSP) talks and conferences.<br />
<br />
== OWASPMSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASPMSP 2009 Local Chapter Presentations ==<br />
;[http://vimeo.com/groups/owaspmsp/videos/7093235 Ryan Barnett presenting on Web Hacking Incidents Database, Bi-Annual Report for 2009]<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=71637OWASPMSP Videos2009-10-16T23:04:23Z<p>Videoman: /* OWASPMSP 2009 Local Chapter Presentations */</p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous Minneapolis/St. Paul (OWASPMSP) talks and conferences.<br />
<br />
== OWASPMSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASPMSP 2009 Local Chapter Presentations ==<br />
[http://vimeo.com/groups/owaspmsp/videos/7093235 Ryan Barnett presenting on Web Hacking Incidents Database, Bi-Annual Report for 2009]<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=71636Category:OWASP Video2009-10-16T22:56:39Z<p>Videoman: /* Videos */</p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
=== OWASP USA ===<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
=== SnowFROC ===<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP Minneapolis/St. Paul (OWASPMSP) ===<br />
<br />
Presentations from the [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASPMSP) chapter]] events hosted in the Twin Cities area of Minnesota are now on their own page. Please visit [[OWASPMSP_Videos]] page for links to them. Some of the presenters include Pravir Chandra, Bruce Schneier, Jeremiah Grossman, Ryan Barnett, and many others.<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=71635OWASPMSP Videos2009-10-16T22:50:31Z<p>Videoman: </p>
<hr />
<div>=OWASP MSP Videos=<br />
<br />
These are the links to the videos from previous Minneapolis/St. Paul (OWASPMSP) talks and conferences.<br />
<br />
== OWASPMSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASPMSP 2009 Local Chapter Presentations ==<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASPMSP_Videos&diff=71634OWASPMSP Videos2009-10-16T22:49:48Z<p>Videoman: Listing of the videos for the OWASP Minneapolis/St. Paul Chapter meetings and conferences, OWASPMSP.</p>
<hr />
<div>=These are the links to the videos from previous Minneapolis/St. Paul (OWASPMSP) talks and conferences.=<br />
<br />
<br />
== OWASPMSP Half-Day Conference 2009 Presentations ==<br />
'''[http://vimeo.com/channels/owaspmsp Watch the OWASP MSP 2009 Half-Day Conference Videos]''' or '''[[OWASP Minneapolis St Paul 2009_Conference | visit the conference page for the local Minneapolis-Saint Paul OWASP half-day conference in 2009]]'''. Guest speakers were Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
== OWASPMSP 2009 Local Chapter Presentations ==<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
== OWASP Minneapolis-St. Paul Mini-Conference 2008 Presentations ==<br />
<br />
'''[[OWASP Minneapolis St Paul 2009_Conference | See the conference page for presentations from the OWASP MSP mini-conference in 2008]]'''.<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
== OWASP Minneapolis-St. Paul 2008 Local Chapter Presentations ==<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008</div>Videomanhttps://wiki.owasp.org/index.php?title=OWASP_Minneapolis_St_Paul_2009_Conference&diff=68704OWASP Minneapolis St Paul 2009 Conference2009-09-09T21:43:08Z<p>Videoman: /* Agenda */</p>
<hr />
<div>The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. '''Audio, video, and slides to be posted soon.'''<br />
<br />
<br />
== Thank You to Our Sponsors ==<br />
<br />
<br />
<br />
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor future events.<br />
<br />
A big thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.<br />
<br />
A special thank you goes out to Platinum Sponsors '''[http://www.bestbuy.com/ Best Buy]''', '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]''', and '''[http://www.go-integral.net/ Integral]'''.<br />
<br />
<br />
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]<br />
<br />
<br />
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!<br />
<br />
<br />
[[Image:Integral_logo.png|114px|link=http://www.go-integral.net/]] [[Image:New_Symantec_Logo.jpg|link=http://www.symantec.com/]] [[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] [[Image:secure360_logo.png|link=http://www.secure360.org/]] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:Center_for_strategic_it_n_security.png|100px|link=http://www.strategicit.org/]]<br />
<br />
<br />
[[Image:Breach_logo.gif|link=http://www.breach.com/]] &nbsp;&nbsp;&nbsp;&nbsp; [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:F5_logo.png|80px|link=http://www.f5.com/]] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:Mn-issa_logo.png|120px|link=http://www.mn-issa.org/]] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[[Image:Fortify_Logo_(Medium).jpg|125px|link=http://www.fortify.com/]]<br />
<br />
<br />
== Social Media ==<br />
<br />
'''Share''' the OWASP MSP 2009 Half Day Conference on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference&summary=The%20%20OWASP%20Minneapolis-St.%20Paul%20(MSP)%20chapter%20is%20pleased%20to%20announce%20an%20afternoon%20of%20information%20security%20presentations%20on%20August%2024%2C%202009%20at%20the%20St.%20Paul%20Student%20Center%20Auditorium%2FTheater%20on%20the%20University%20of%20Minnesota%20-%20Twin%20Cities%20campus.%20&source=OWASPMSP]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=OWASP%20MSP%202009%20Conference%20-%2024%20August%202009%20-%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference&bodytext=The%20%20OWASP%20Minneapolis-St.%20Paul%20(MSP)%20chapter%20is%20pleased%20to%20announce%20an%20afternoon%20of%20information%20security%20presentations%20on%20August%2024%2C%202009%20at%20the%20St.%20Paul%20Student%20Center%20Auditorium%2FTheater%20on%20the%20University%20of%20Minnesota%20-%20Twin%20Cities%20campus.%20]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]]<br />
<br />
<br />
'''Follow''' OWASP MSP on your favorite social media sites:<br />
<br />
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]] <br />
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]<br />
<br />
<br />
<br />
== Agenda ==<br />
<br />
* Talks now available on [http://vimeo.com/channels/owaspmsp Viemo Video Archive ]<br />
<br />
{| border="0" width="80%"<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 12:30 PM - 1:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 1:45 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Kuai Hinojosa''' <br />
<br />
OWASP MSP President - [http://vimeo.com/6502372 Video Archive ]<br />
<br />
'''Topic:''' Event Introduction <br />
<br />
The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community. <br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:45 PM - 2:30 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Seth Peter''' <br />
<br />
Chief Technology Officer, [http://www.netspi.com/ NetSPI] - [http://vimeo.com/6495344 Video Archive ]<br />
<br />
'''Topic:''' The Developers Guide to PCI DSS and PA-DSS Requirements <br />
<br />
The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing &amp; logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply. <br />
<br />
'''Bio:''' (From [http://www.nesspi.com/ netspi.com]) ''Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.'' <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 2:45 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:45 PM - 3:30 PM <br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | <br />
'''Pravir Chandra''' <br />
<br />
Director of Strategic Services, [http://www.fortify.com/ Fortify] - [http://vimeo.com/6495398 Video Archive ]<br />
<br />
'''Topic:''' Software Assurance Maturity Model (OpenSAMM) <br />
<br />
The Software Assurance Maturity Model (SAMM) ([http://www.opensamm.org/ http://www.opensamm.org/]) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit [http://www.opensamm.org/ http://www.opensamm.org/]. <br />
<br />
'''Bio:''' (From [http://www.fortify.com/ fortify.com]) ''Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.'' <br />
<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 3:45 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:45 PM - 4:45 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | '''Bruce Schneier'''<br>[http://www.schneier.com/ schneier.com] - [http://vimeo.com/6495257 Video Archive ]<br />
'''Topic:''' The Future of the Security Industry: IT is Rapidly Becoming a Commodity <br />
<br />
More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry. <br />
'''Bio''': (From [http://www.schneier.com/ schneier.com]) ''Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.''<br />
|-<br />
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:45 PM<br />
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Event Closing<br />
|}<br />
<br />
[[Category:Minnesota]]</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=68698Category:OWASP Video2009-09-09T16:05:22Z<p>Videoman: </p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP MSP ===<br />
'''2009 [[Minneapolis St Paul | Minneapolis-St.Paul (MSP) OWASP Chapter]] Meeting presentations:'''<br />
<br />
==== OWASP Minneapolis Conference 2009 ====<br />
[http://vimeo.com/channels/owaspmsp OWASP MSP 2009 Conference Videos] from the local Minneapolis Saint Paul OWASP conference in 2009. Guest speakers include Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
==== OWASP Minneapolis 2009 Monthly Talks ====<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
==== OWASP Minneapolis 2008 Monthly Talks ====<br />
<br />
'''2008 [https://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis-St.Paul (MSP) OWASP Chapter] Meeting and Mini-Conference presentations:'''<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=68697Category:OWASP Video2009-09-09T16:04:06Z<p>Videoman: /* OWASP MSP 2009 */</p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP MSP ===<br />
'''2009 [[Minneapolis St Paul | Minneapolis-St.Paul (MSP) OWASP Chapter]] Meeting presentations:'''<br />
<br />
==== OWASP Minneapolis Conference 2009 ====<br />
[http://vimeo.com/channels/owaspmsp OWASP MSP 2009 Conference Videos] from the local Minneapolis Saint Paul OWASP conference in 2009. Guest speakers include Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
==== OWASP Minneapolis 2009 Monthly Talks ====<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
=== OWASP Minneapolis 2008 Monthly Talks ===<br />
<br />
'''2008 [https://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis-St.Paul (MSP) OWASP Chapter] Meeting and Mini-Conference presentations:'''<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=68696Category:OWASP Video2009-09-09T16:03:40Z<p>Videoman: /* OWASP MSP */</p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP MSP ===<br />
'''2009 [[Minneapolis St Paul | Minneapolis-St.Paul (MSP) OWASP Chapter]] Meeting presentations:'''<br />
<br />
==== OWASP Minneapolis Conference 2009 ====<br />
[http://vimeo.com/channels/owaspmsp OWASP MSP 2009 Conference Videos] from the local Minneapolis Saint Paul OWASP conference in 2009. Guest speakers include Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
==== OWASP Minneapolis 2009 Monthly Talks ====<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
=== OWASP MSP 2009 ===<br />
<br />
'''2008 [https://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis-St.Paul (MSP) OWASP Chapter] Meeting and Mini-Conference presentations:'''<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=68695Category:OWASP Video2009-09-09T16:03:01Z<p>Videoman: /* OWASP Minneapolis Conference 2009 */</p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP MSP ===<br />
'''2009 [[Minneapolis St Paul | Minneapolis-St.Paul (MSP) OWASP Chapter]] Meeting presentations:'''<br />
<br />
==== OWASP Minneapolis Conference 2009 ====<br />
[http://vimeo.com/channels/owaspmsp OWASP MSP 2009 Conference Videos] from the local Minneapolis Saint Paul OWASP conference in 2009. Guest speakers include Seth Peter, Pravir Chandra, and Bruce Schneier.<br />
<br />
==== OWASP Minneapolis Monthly Talks ====<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
=== OWASP MSP 2009 ===<br />
<br />
'''2008 [https://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis-St.Paul (MSP) OWASP Chapter] Meeting and Mini-Conference presentations:'''<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=68694Category:OWASP Video2009-09-09T16:00:29Z<p>Videoman: /* OWASP MSP 2009 */</p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP MSP ===<br />
'''2009 [[Minneapolis St Paul | Minneapolis-St.Paul (MSP) OWASP Chapter]] Meeting presentations:'''<br />
<br />
==== OWASP Minneapolis Conference 2009 ====<br />
[http://vimeo.com/channels/owaspmsp09 OWASP MSP 2009 Conference Videos] from the local Minneapolis Saint Paul OWASP conference in 2009. Guest speakers include Seth Peter, Pravir Chandra, and Bruce Schneier. <br />
<br />
==== OWASP Minneapolis Monthly Talks ====<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
=== OWASP MSP 2009 ===<br />
<br />
'''2008 [https://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis-St.Paul (MSP) OWASP Chapter] Meeting and Mini-Conference presentations:'''<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=Category:OWASP_Video&diff=68693Category:OWASP Video2009-09-09T15:59:18Z<p>Videoman: /* Videos */</p>
<hr />
<div>== Welcome to the OWASP Video Collection ==<br />
<br />
OWASP attempts to make videos of presentations made by our members and at our conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas (please link them if possible!).<br />
<br />
Some of the videos below got a little mangled in the conversion process. So some of the talks run together. For example the first part of Dinis' .Net Tools video is appended to the end of Jeff's Guide talk. We're working on it.<br />
<br />
== Videos ==<br />
<br />
=== OWASP EU ===<br />
OWASP EU 2009 - [http://owasp.blip.tv Click Here]<br />
<br />
To see videos from the OWASP NYC APPSEC 2008 event (50+ speakers) see : [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Click Here]<br />
<br />
;[http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009#Agenda_and_Presentations:_5_March_2009 OWASP SnowFROC from Denver, CO 2009]<br />
<br />
=== OWASP MSP ===<br />
'''2009 [[Minneapolis St Paul | Minneapolis-St.Paul (MSP) OWASP Chapter]] Meeting presentations:'''<br />
<br />
==== OWASP MSP 2009 ====<br />
[http://vimeo.com/channels/owaspmsp09 OWASP MSP 2009 Conference Videos] from the local Minneapolis Saint Paul OWASP conference in 2009. Guest speakers include Seth Peter, Pravir Chandra, and Bruce Schneier. <br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp4 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP4]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP4...please right click and save). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.mp3 OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_MP3]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (68 minutes) (MP3). OWASP (MSP) - July 27, 2009<br />
<br />
;[[Media:20090727-Robert_Sullivan-Open_This_First_-_A_job-oriented_guide_to_software_security_resources.pdf|OWASP_MSP_Robert_Sullivan_Open_This_First_A_job_oriented_guide_to_software_security_resources_Slides]]<br />
:OWASP Robert Sullivan - Open this first: A job-oriented guide to software security resources (Slides .PDF). OWASP (MSP) - July 27, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp4 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP4]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP4...please right click and save). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.slideshare.net/webappsecguy/tracking-the-progress-of-an-sdl-program-lessons-from-the-gym-1684512 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slidecast]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (Slidecast). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.mp3 OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_MP3]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (55 minutes) (MP3). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.owasp.org/images/0/0e/20090629-Cassio_Goldschmidt-Tracking_the_Progress_of_an_SDL_Program_-_Lessons_from_the_Gym.pptx OWASP_MSP_Cassio_Goldschmidt_Tracking_the_Progress_of_an_SDL_Program_Lessons_from_the_Gym_Slides]<br />
:OWASP Cassio Goldschmidt - Tracking the Progress of an SDL Program: Lessons from the Gym (Slides .PPTX). OWASP (MSP) - June 29, 2009<br />
<br />
;[http://www.comotheory.com/owasp/20090427-Gunnar_Peterson_-_OWASP_Top_Ten_Web_Services.mp4 OWASP_MSP_Gunnar_Peterson_OWASP_Top_Ten_Web_Services_MP4]<br />
:OWASP Gunnar Peterson - OWASP Top Ten Web Services (1 hour, 27 minutes) (MP4...please right click and save). OWASP (MSP) - April 27, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=3200887090385342211&hl=en OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (1 hour, 52 minutes). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://www.owasp.org/images/1/16/VulnerabilityManagementInAnApplicaitonSecurityWorld_OWASPMSP_20090316.pdf OWASP_MSP_Dan_Cornell_Vulnerability_Management_in_an_Application_Security_World_Slides]<br />
:OWASP Dan Cornell - Vulnerability Management in an Application Security World (Slides .PDF). OWASP (MSP) - March 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=2838721966098123222&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_1_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (1 of 2 - 35 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[http://video.google.com/videoplay?docid=1766766374336659744&hl=en OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_2_of_2]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (2 of 2 - 34 minutes). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/f/f8/Proactive_Lifecycle_Security_Management_Presentation_for_OWASP_Mpls-Stp_Chapter_Meeting_-_2-16-09.ppt OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Slides]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Slides .PPT). OWASP (MSP) - February 16, 2009<br />
<br />
;[https://www.owasp.org/images/9/9c/Generic_System_Security_Plan.doc OWASP_MSP_Rick_Ensenbach_Proactive_Lifecycle_Security_Management_Handout_Service_System_Security_Plan_template]<br />
:OWASP Rick Ensenbach - Proactive Lifecycle Security Management (Handout: Service/System Security Plan template .DOC). OWASP (MSP) - February 16, 2009<br />
<br />
=== OWASP MSP 2009 ===<br />
<br />
'''2008 [https://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis-St.Paul (MSP) OWASP Chapter] Meeting and Mini-Conference presentations:'''<br />
<br />
;[http://video.google.com/videoplay?docid=8393196340486939495&en OWASP MSP October 2008 Mini-Conference: Arshan Dabirsiaghi - ISWG. OWASP (MSP)]<br />
:Arshan Dabirsiaghi, founder of the OWASP Intrinsic Security Working Group (OWASP ISWG), ISWG at the OWASP & FLOSS Application Security Mini-Conference - Oct 21, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-2772176093312625908&hl=en OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Partial_Video_38_Minutes] | [https://www.owasp.org/images/5/5d/OWASP_Minneapolis_20080908_Jeremiah_Grossman.pdf OWASP_MSP_Jeremiah_Grossman_Get_Rich_or_Die_Trying_Slides_Full]<br />
:Jeremiah Grossman - Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - OWASP (MSP) - 9 September 2008 (Partial Video - 38 Minutes) | Slides (Full)<br />
<br />
;[http://video.google.com/videoplay?docid=-7859027646762182620&hl=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_1_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (1 of 2 - original aspect ratio maintained). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=-7066675474788394571&q=en OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_2_of_2]<br />
:OWASP Gunnar Peterson - Breaking Web Services (2 of 2 - aspect ratio distorted). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://www.owasp.org/images/b/b9/OWASP-MSP-GunnarPetersonHandout20080707.pdf OWASP_MSP_Gunnar_Peterson_Breaking_Web_Services_Handout]<br />
:OWASP Gunnar Peterson - Preaking Web Services (Handout). OWASP (MSP) - July 7, 2008<br />
<br />
;[http://video.google.com/videoplay?docid=7535038243903138173&hl=en OWASP_MSP_Tony_Stieber_How_NOT_to_Implement_Encryption_for_the_OWASP_Top_10]<br />
:OWASP Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10. OWASP (MSP) - Jun 16, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-1695798832162574124&hl=en OWASP_MSP_Bruce_Schneier_Economic_trends_of_information_security]<br />
:OWASP Bruce Schneier - 10 Economic Trends of Information Security. OWASP (MSP)- Jan 14, 2008 <br />
<br />
;[http://video.google.com/videoplay?docid=-8346192947975269407&hl=en OWASP_MSP_Robert_Hansen_RSnake_Logic_Attacks_inefficiencies_of_robotic_detection]<br />
:OWASP Robert Hansen aka RSnake - Logic Attacks, inefficiencies of Robotic detection. OWASP (MSP) - Feb 11th 2008<br />
<br />
=== Black Hat 2006 ===<br />
<br />
'''From Black Hat 2006:'''<br />
<br />
;[http://video.google.com/videoplay?docid=941077664562737284&q=owasp Dinis Cruz @ BlackHat 2006 with FSTV]<br />
:Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP - 30 min - Aug 30, 2006<br />
<br />
=== AppSec Washington 2005 ===<br />
<br />
'''From the [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference held Oct 11-12, 2005]] - Day 1:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-2481289516847680871&q=owasp OWASP_Intro_DaveWichers_Key_JoeJarzombek_RonRoss.mp4]<br />
:OWASP Intro: Dave Wichers - Key Note Day 1: Joe Jarzombek - Dir. of Software Assurance - DHS - Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead - NIST - Status of the Federal Information Security Management Act (FISMA) Project. OWASP - 2 hr 7 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=3853779542023264815&q=owasp OWASP_JackDanahy_The_Business_Case_for_Software_Security_Assurance.mp4]<br />
:OWASP Jack Danahy - The Business Case for Software Security Assurance. OWASP - 1 hr 2 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=5758230888370998733&q=owasp OWASP_ArianEvans_Tools_SurveyProject.mp4]<br />
:OWASP Arian Evans - The OWASP Tools Survey Project. OWASP - 1 hr 18 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_DinizCruz_Rooting_the_CLR.mp4]<br />
:OWASP Diniz Cruz - Rooting the CLR. OWASP - 1 hr 22 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5233500471539001436&q=owasp OWASP_PaulBlack_RickKuhn.mp4]<br />
:OWASP Paul Black - NIST - Developing a Reference Dataset & Rick Kuhn - NIST - Software Fault Interactions. OWASP - 1 hr 9 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4473926180612118549&q=owasp OWASP_AlexSmolen_Application_Logic_Defense.mp4]<br />
:OWASP Alex Smolen - Application Logic Defense. OWASP - 36 min - Oct 11, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=4379894308228900017&q=owasp OWASP_DanielCuthbert_Evolution_WebAppPenTest.mp4]<br />
:OWASP Daniel Cuthbert - OWASP Testing Guide Lead - The Evolution Web App Pen Testing. OWASP - 1 hr 11 min - Oct 11, 2005<br />
<br />
'''The [[AppSec_Washington_2005/Agenda | 2nd U.S. OWASP Conference]] Day 2:'''<br />
<br />
;[http://video.google.com/videoplay?docid=-9110574247136866679&q=owasp OWASP_IraWinkler_Secrets_of_Superspies.mp4]<br />
:OWASP Ira Winkler - Keynote Day 2: Secrets of Superspies & Jeremy Poteet - In the Line of Fire: Defending Highly Visible Targets. OWASP - 2 hr 2 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-5332911124544076749&q=owasp OWASP_JeffWilliams_OWASP_Guide_and_Membership.mp4]<br />
:OWASP Jeff Williams - OWASP Development Guide and OWASP Membership Plan. OWASP - 1 hr 12 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=7947858567235952851&q=owasp OWASP_DinizCruz_DotNet_Tools_Project.mp4]<br />
:OWASP Diniz Cruz - The .Net Tools Project. OWASP - 1 hr 15 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=2018648061521175729&q=owasp OWASP_MattFisher_WormsNowTargetingWebApps.mp4]<br />
:OWASP Matt Fisher - Worms Now Targeting Web Applications. OWASP - 49 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=8437304318271455155&q=owasp OWASP_RoganDawes_AdvancedFeaturesofWebScarab.mp4]<br />
:OWASP Rogan Dawes - Advanced Features of OWASP WebScarab. OWASP - 1 hr 24 min - Oct 12, 2005 <br />
<br />
;[http://video.google.com/videoplay?docid=-2492965730809426450&q=owasp OWASP_JohnSteven_Building_a_Scalable_Software_Security_Practice.mp4]<br />
:OWASP John Steven - Building a Scalable Software Security Practice. OWASP - 1 hr 19 min - Oct 12, 2005<br />
<br />
;[http://video.google.com/videoplay?docid=-1807054604513842127&q=owasp OWASP_GunnerPeterson_IntegratingIdentityServicesintoWebApps.mp4]<br />
:OWASP Gunnar Peterson - Integrating Identity Services into Web Apps. OWASP - 35 min - Oct 12, 2005</div>Videomanhttps://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&diff=28268Minneapolis St Paul2008-04-21T20:32:10Z<p>Videoman: /* OWASP Chapter meeting */</p>
<hr />
<div><h2>NEWS - OWASP becomes an affiliate of UMSA in support of the Secure 360 conference.</h2><br />
<b>Secure360°™ </b>is an annual conference providing high quality educational sessions and networking opportunities while working to identify developing trends in risk management, physical security, governance, audit, information security, contingency planning and human capital. As the host of Secure360°, UMSA strives to provide expert speakers, informative educational sessions and a wide range of exhibits for the collective membership and resources of individual associations, supplier partners and general public. (See the Members & Affiliates page for further information.)<br />
http://www.secure360.org/index.html<br />
<br />
<h2>Videos:</h2><br />
<br />
<p>I uploaded the videos and I will follow up with their presentations soon. I apologize for the delay. The video and sound quality is not the best but works. You can get to both videos here:<br />
<br />
https://www.owasp.org/index.php/Category:OWASP_Video#Videos</p><br />
<br />
<H2>Upcoming Speakers:</H2><br />
<p><br />
Tony Stieber from Wells Fargo will be speaking on Encryption - TBD - As you know we canceled this meeting due to weather conditions we will give you an update soon on the date.<br />
</p><br />
<p><br />
Andrew Van Deer Stock has agreed to visit our chapter and discuss the new Enterprise Security API. We do not have an exact day yet, as soon us we get one I will let the members know.<br />
</p><br />
<br />
<H2>Thanks</H2><br />
<p> Thanks to NetSpi for providing Coffee and Cookies for this event. If your organization would like to sponsor the book give-away or refreshments please contact Lorna Alamri at 651-259-1001.<br />
</p><br />
<br />
==OWASP Chapter meeting==<br />
'''DATE: April 21st 2008'''<br />
'''TIME: 6 p.m.'''<br />
'''Rohy Belani - Phishing 2.0 - '''<br><br />
Abstract:<br><br />
This presentation will discuss the evolution of phishing from being a means of stealing user identities to becoming a mainstay of organized crime. Today, (spear) phishing is a key component in a "hackers" repertoire. It has been used to hijack online brokerage accounts to aid pump 'n dump stock scams, and as a means of creating covert channels from compromised user machines to the Internet. During this talk, I will present the techniques used by attackers to execute such attacks and real-world cases that I have responded to that will provide perspective on the impact. This will be followed by a discussion on what works and what doesn't in building and testing user awareness to thwart such attacks against your organization.<br><br />
<p>Please RSVP for the meeting. You will be sent a confirmation e-mail and a reminder e-mail for the event.</p><br />
<br />
Location: <br />
Gourmet Dinning Room <br />
MnScu Minneapolis Campus (MCTC) <br />
1501 Hennepin Ave. Minneapolis, MN 55403<br />
<br />
Directions:<br />
<br />
[http://www.metrostate.edu/bldgservices/location.html#mpls http://www.metrostate.edu/bldgservices/location.html#mpls]<br><br />
<br />
RSVP:<br><br />
<br />
[http://www.go-integral.net/?q=OWASPApril_RohytBelani http://www.go-integral.net/?q=OWASPApril_RohytBelani ]<br><br />
<br />
Kuai Hinojosa<br><br />
<b>OWASP Chapter Leader</b><br />
<br />
<h2>Other Industry Events:</h2><br />
<p><br />
'''Secure 360'''<br><br />
'''Don't forget to register!'''<br />
Secure 360 is an annual conference providing high quality educational sessions and networking opportunities while working to identify developing trends in risk management, physical security, governance, audit, information security, contingency planning and human capital. Robert Hansen, Rohyt Belani, Robert Sullivan, Joe Teff and Kuai Hinojosa will all be speaking. OWASP will have a booth at the event where we will be showing demos of some of the OWASP projects. Make sure you stop by and say hi!<br />
<br />
http://www.secure360.org/<br />
</p><br />
<p><br />
'''Security & Open Source Symposium'''<br />
For a growing number of organizations, both large and small, open source applications are accepted and well integrated components of their overall enterprise framework. Apache, Open SSL, Syslog, Nessus, Linux, MySQL, JBoss and many others are used in tandem with commercial and proprietary products to create an enterprise environment tailored to business needs. But what are the security implications within a mixed and often complex environment? And how can open source tools help manage and mitigate risks that arise from the nature of the environment itself as well as from external threats?<br />
The SOS symposium will address the identification and alleviation of security risks for enterprise users, as well as implementation of key open source tools used for security functions. Through a combination of overview presentations, informative educational sessions, open source product demonstrations and participant interaction, those who attend will gain a better understanding of the secure use of, and security provided by, open source applications.<br />
<br />
http://www.strategicit.org/secureos.shtml<br />
</p><br />
<p> <br />
'''MN ISACA-''' Will be having thier annual meeting and boat cruise May 21st. http://www.mnisaca.org/events.htm<br />
</p><br />
<p> <br />
'''MN ISSA-''' Meets on Tuesday July 15th at the Four Points Sheraton, 1330 Industrial Blvd. Mpls, MN. For more information on speakers and topics.<br />
http://www.mn-issa.org/html/chaptermeetings.html<br />
</p><br />
<p> <br />
'''TCJUG (Twin Cities Java Users Group) Meets May 21st.''' Josh Reed from Andrill will be speaking on Eclipse RCP Application and working in Antarctica.<br />
http://www.intertechtraining.com/UserGroups/JavaUserGroup.aspx<br />
</p></div>Videoman