OWASP - User contributions [en]

Vancouver

2015-09-10T18:44:59Z

Yvan Boily:

{{Chapter Template|chaptername=Vancouver|extra=The chapter leaders are [mailto:farshad.abasi@owasp.org Farshad Abasi],
[mailto:steve.overland@owasp.org Steve Overland] and [mailto:yvan.boily@owasp.org Yvan Boily]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}

Future Scheduled Meetings
* Oct 21, 2015 - Speaker Confirmed - Pending announcement
* Nov 18, 2015 - Speaker Confirmed - Pending announcement
* Dec 16, 2015 - Holiday Social Event
* Jan 27, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
* Feb 24, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
* Mar 16, 2016 - OWASP Social Event during BSidesVancouver / CanSecWest
* Apr 20, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
* May 25, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
* Jun 15, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
* Jul 16, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]

== 2015 Meetings ==

{| class="wikitable"
|-
! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
|-
| September 16, 2015 || Mozilla Vancouver || Farshad Abasi || Do Containers fully 'contain' security issues? A closer look at Docker and Warden. || [[https://www.eventbrite.ca/e/owasp-vancouver-tickets-18558739690]]
|}

== 2013 Meetings ==

{| class="wikitable"
|-
! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
|-
| November 6, 2013 || Mozilla Vancouver || Brian Campbell || Introduction to emerging JSON-based ID and Security protocols ||
|-
| August 7, 2013 || Mozilla Vancouver || Raymond Forbes || Owasp Canada Intro & Bug Bounty Programs || [[http://www.eventbrite.ca/event/7683697145 Register Here!]]
|-
| May 28, 2013 || Mozilla Vancouver || San-Tsai Sung || OAuth-based single sign-on in Real-world Implementations ||
|-
| February 20, 2013 || Ping Identity || Rui Periera || How to own a BILLION identities in less time than it takes to boil an egg
|| <closed>
|}

=== November 6, 2013 - Brian Campbell, Introduction to emerging JSON-based ID and Security protocols ===

This talk will look at JOSE and emerging JSON based ID protocols.

Brian Campbell is a Portfolio Architect for Ping Identity. He contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee (SAML) and a current focus on OAuth 2.0, JOSE and OpenID Connect.

=== August 7, 2013 ===

=== May 28, 2013, San-Tsai Sung, OAuth-based single sign-on in Real-world Implementations ===

Millions of web users today employ their Facebook accounts to sign
into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource
authorization protocol that has been adopted by major service
providers. The OAuth 2.0 protocol has proven secure by several formal
methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity
providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our
results uncover several critical vulnerabilities that allow an
attacker to gain unauthorized access to the victim user's profile and
social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of
design decisions that trade security for implementation simplicity. To
improve the security of OAuth 2.0 SSO systems in real-world settings,
we suggest simple and practical improvements to the design and
implementation of IdPs and RPs that can be adopted gradually by
individual sites.

=== February 20, 2013, Rui Periera, How to own a BILLION identities ... ===

Unless you've been living under a rock over the last few years, you can't help but notice that a lot of hacking seems to be going on - and personal information like e-mail addresses, passwords and credit card numbers are going out the door at several large organizations (Sony anyone?). This presentation deals with a web application hacking technique called SQL Injection (SQLi), and how it was used in various recent hacks such as Epsilon, Heartland Payment Systems, Pirate Bay, eHarmony, Sony and HBGary.

We cover the how's of it: How it is done and how you can protect your organization from being the next big (or little) name on an ever-growing list. This presentation was also given at the IT4BC conference earlier this year.

== 2012 Meetings ==
You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].

=== May 2012 ===

'''OAuth-based single sign-on in Real-world Implementations'''

'''Speaker:''' San-Tsai Sung

'''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Mozilla Vancouver, Suite 209, 163 West Hastings,
Vancouver, BC (Buzzer code is in the directory)

=== January 2012 ===

'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''

'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation

'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Ping Identity,
200 - 788 Beatty St,
Vancouver

'''About Ping Identity
'''
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.

[[Category:British Columbia]]

Vancouver

2014-03-27T23:54:25Z

Yvan Boily:

{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is [mailto:yvanboily@gmail.com Yvan Boily]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}

== 2013 Meetings ==

{| class="wikitable"
|-
! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
|-
| November 6, 2013 || Mozilla Vancouver || Brian Campbell || Introduction to emerging JSON-based ID and Security protocols ||
|-
| August 7, 2013 || Mozilla Vancouver || Raymond Forbes || Owasp Canada Intro & Bug Bounty Programs || [[http://www.eventbrite.ca/event/7683697145 Register Here!]]
|-
| May 28, 2013 || Mozilla Vancouver || San-Tsai Sung || OAuth-based single sign-on in Real-world Implementations ||
|-
| February 20, 2013 || Ping Identity || Rui Periera || How to own a BILLION identities in less time than it takes to boil an egg
|| <closed>
|}

=== November 6, 2013 - Brian Campbell, Introduction to emerging JSON-based ID and Security protocols ===

This talk will look at JOSE and emerging JSON based ID protocols.

Brian Campbell is a Portfolio Architect for Ping Identity. He contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee (SAML) and a current focus on OAuth 2.0, JOSE and OpenID Connect.

=== August 7, 2013 ===

=== May 28, 2013, San-Tsai Sung, OAuth-based single sign-on in Real-world Implementations ===

Millions of web users today employ their Facebook accounts to sign
into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource
authorization protocol that has been adopted by major service
providers. The OAuth 2.0 protocol has proven secure by several formal
methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity
providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our
results uncover several critical vulnerabilities that allow an
attacker to gain unauthorized access to the victim user's profile and
social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of
design decisions that trade security for implementation simplicity. To
improve the security of OAuth 2.0 SSO systems in real-world settings,
we suggest simple and practical improvements to the design and
implementation of IdPs and RPs that can be adopted gradually by
individual sites.

=== February 20, 2013, Rui Periera, How to own a BILLION identities ... ===

Unless you've been living under a rock over the last few years, you can't help but notice that a lot of hacking seems to be going on - and personal information like e-mail addresses, passwords and credit card numbers are going out the door at several large organizations (Sony anyone?). This presentation deals with a web application hacking technique called SQL Injection (SQLi), and how it was used in various recent hacks such as Epsilon, Heartland Payment Systems, Pirate Bay, eHarmony, Sony and HBGary.

We cover the how's of it: How it is done and how you can protect your organization from being the next big (or little) name on an ever-growing list. This presentation was also given at the IT4BC conference earlier this year.

== 2012 Meetings ==
You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].

=== May 2012 ===

'''OAuth-based single sign-on in Real-world Implementations'''

'''Speaker:''' San-Tsai Sung

'''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Mozilla Vancouver, Suite 209, 163 West Hastings,
Vancouver, BC (Buzzer code is in the directory)

=== January 2012 ===

'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''

'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation

'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Ping Identity,
200 - 788 Beatty St,
Vancouver

'''About Ping Identity
'''
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.

[[Category:British Columbia]]

Global Chapter Meetup

2013-09-17T08:57:02Z

Yvan Boily:

= OWASP Global Chapter Meetings =

In addition to local chapter meetings organized by leaders in communities all over the world, OWASP Global Chapter meetings are an opportunity for community members that don't have access to a local chapter to get engaged and participate in OWASP discussions. This is a new initiative, and volunteers to help with the organizational, technical, and social challenges are invited to participate!

== Meeting Format ==

Ideally Global Chapter meetings should follow a rough format:

=== 1. Host Chapter Introduction===
The host chapter should introduce themselves, announce the chapter, and announce which chapters are participating.

=== 2. Participating Chapter Introductions===
Individual chapters should have the opportunity to introduce themselves, and the number of people in attendance.

=== 3. OWASP Monthly Updates ===
A guest speaker (such as a chapter or project lead, board member, OWASP staff member) should work through a set of chapter items collected in advance of the meeting to update the community on the last months events, announcements, and any interesting things that have happened. Upcoming chapter meetings should most definitely be referenced (either as a count, or listing chapters that have meetings before the next global chapter meeting.

=== 4. Speaker Presentation===
The chapter host should introduce the speaker, and then hand off the session to the speaker, with the chapter and online hosts working to ensure that questions from remote participants are raised (and repeated for the audience).

=== 5. Moderated Round Table Discussion===
After the speaker presentation, the chapter and online host should facilitate a moderated discussion about a range of topics (initially related to the speakers topics, but also a related list of round table items proposed prior to, or during the meeting.

=== 6. Closing Remarks===

The chapter host should close the meeting with an announcement of the date, time, and location of the next meeting, including the speaker details.

== Speaker Rules ==

Speakers must comply with the standard [https://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. Slides and media will be shared to the online community by the online organizer, and as a result must be shared a week in advance to allow for proper testing.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
| align="center" style="background:#f0f0f0;"|'''Media'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathan Marcil||Toronto, Montreal, Ottawa, Quebec || [http://www.youtube.com/watch?v=VZHp5Ssi67U Stream]
|-
| 9/16/2013||GMT+1||OWASP Paris||Sebastien Gioria||Yvan Boily||Paris || [http://www.youtube.com/watch?v=ymX3Ecly8RM Youtube Video]
|-
| 10/10/2013||GMT-4||OWASP NYC (Tentative) ||TBD||TBD||TBD ||
|-
| 11/6/2013||GMT-0||London (Tentative) ||TBD||TBD||TBD ||
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD ||
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD ||
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD ||
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD ||
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD ||
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD ||
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD ||
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD ||
|}

Global Chapter Meetup

2013-08-28T05:12:02Z

Yvan Boily:

= OWASP Global Chapter Meetings =

In addition to local chapter meetings organized by leaders in communities all over the world, OWASP Global Chapter meetings are an opportunity for community members that don't have access to a local chapter to get engaged and participate in OWASP discussions. This is a new initiative, and volunteers to help with the organizational, technical, and social challenges are invited to participate!

== Meeting Format ==

Ideally Global Chapter meetings should follow a rough format:

=== 1. Host Chapter Introduction===
The host chapter should introduce themselves, announce the chapter, and announce which chapters are participating.

=== 2. Participating Chapter Introductions===
Individual chapters should have the opportunity to introduce themselves, and the number of people in attendance.

=== 3. OWASP Monthly Updates ===
A guest speaker (such as a chapter or project lead, board member, OWASP staff member) should work through a set of chapter items collected in advance of the meeting to update the community on the last months events, announcements, and any interesting things that have happened. Upcoming chapter meetings should most definitely be referenced (either as a count, or listing chapters that have meetings before the next global chapter meeting.

=== 4. Speaker Presentation===
The chapter host should introduce the speaker, and then hand off the session to the speaker, with the chapter and online hosts working to ensure that questions from remote participants are raised (and repeated for the audience).

=== 5. Moderated Round Table Discussion===
After the speaker presentation, the chapter and online host should facilitate a moderated discussion about a range of topics (initially related to the speakers topics, but also a related list of round table items proposed prior to, or during the meeting.

=== 6. Closing Remarks===

The chapter host should close the meeting with an announcement of the date, time, and location of the next meeting, including the speaker details.

== Speaker Rules ==

Speakers must comply with the standard [https://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. Slides and media will be shared to the online community by the online organizer, and as a result must be shared a week in advance to allow for proper testing.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
| align="center" style="background:#f0f0f0;"|'''Media'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathon Marcil||Toronto, Montreal, Ottawa, Quebec || [http://www.youtube.com/watch?v=VZHp5Ssi67U Stream]
|-
| 9/16/2013||GMT+1||OWASP Paris||Sebastien Gioria||Yvan Boily||Paris, ? || TBD
|-
| 10/10/2013||GMT-4||OWASP NYC (Tentative) ||TBD||TBD||TBD ||
|-
| 11/6/2013||GMT-0||London (Tentative) ||TBD||TBD||TBD ||
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD ||
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD ||
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD ||
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD ||
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD ||
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD ||
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD ||
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD ||
|}

Global Chapter Meetup

2013-08-21T14:46:45Z

Yvan Boily:

= OWASP Global Chapter Meetings =

In addition to local chapter meetings organized by leaders in communities all over the world, OWASP Global Chapter meetings are an opportunity for community members that don't have access to a local chapter to get engaged and participate in OWASP discussions. This is a new initiative, and volunteers to help with the organizational, technical, and social challenges are invited to participate!

== Meeting Format ==

Ideally Global Chapter meetings should follow a rough format:

=== 1. Host Chapter Introduction===
The host chapter should introduce themselves, announce the chapter, and announce which chapters are participating.

=== 2. Participating Chapter Introductions===
Individual chapters should have the opportunity to introduce themselves, and the number of people in attendance.

=== 3. OWASP Monthly Updates ===
A guest speaker (such as a chapter or project lead, board member, OWASP staff member) should work through a set of chapter items collected in advance of the meeting to update the community on the last months events, announcements, and any interesting things that have happened. Upcoming chapter meetings should most definitely be referenced (either as a count, or listing chapters that have meetings before the next global chapter meeting.

=== 4. Speaker Presentation===
The chapter host should introduce the speaker, and then hand off the session to the speaker, with the chapter and online hosts working to ensure that questions from remote participants are raised (and repeated for the audience).

=== 5. Moderated Round Table Discussion===
After the speaker presentation, the chapter and online host should facilitate a moderated discussion about a range of topics (initially related to the speakers topics, but also a related list of round table items proposed prior to, or during the meeting.

=== 6. Closing Remarks===

The chapter host should close the meeting with an announcement of the date, time, and location of the next meeting, including the speaker details.

== Speaker Rules ==

Speakers must comply with the standard [https://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. Slides and media will be shared to the online community by the online organizer, and as a result must be shared a week in advance to allow for proper testing.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
| align="center" style="background:#f0f0f0;"|'''Media'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathon Marcil||Toronto, Montreal, Ottawa, Quebec || [http://www.youtube.com/watch?v=VZHp5Ssi67U Stream]
|-
| 9/4/2013||GMT-6||OWASP Oklahoma||TBD||TBD||TBD ||
|-
| 10/10/2013||GMT-4||OWASP NYC (Tentative) ||TBD||TBD||TBD ||
|-
| 11/6/2013||GMT-0||London (Tentative) ||TBD||TBD||TBD ||
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD ||
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD ||
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD ||
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD ||
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD ||
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD ||
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD ||
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD ||
|}

Global Chapter Meetup

2013-08-16T22:20:16Z

Yvan Boily:

= OWASP Global Chapter Meetings =

In addition to local chapter meetings organized by leaders in communities all over the world, OWASP Global Chapter meetings are an opportunity for community members that don't have access to a local chapter to get engaged and participate in OWASP discussions. This is a new initiative, and volunteers to help with the organizational, technical, and social challenges are invited to participate!

== Meeting Format ==

Ideally Global Chapter meetings should follow a rough format:

=== 1. Host Chapter Introduction===
The host chapter should introduce themselves, announce the chapter, and announce which chapters are participating.

=== 2. Participating Chapter Introductions===
Individual chapters should have the opportunity to introduce themselves, and the number of people in attendance.

=== 3. OWASP Monthly Updates ===
A guest speaker (such as a chapter or project lead, board member, OWASP staff member) should work through a set of chapter items collected in advance of the meeting to update the community on the last months events, announcements, and any interesting things that have happened. Upcoming chapter meetings should most definitely be referenced (either as a count, or listing chapters that have meetings before the next global chapter meeting.

=== 4. Speaker Presentation===
The chapter host should introduce the speaker, and then hand off the session to the speaker, with the chapter and online hosts working to ensure that questions from remote participants are raised (and repeated for the audience).

=== 5. Moderated Round Table Discussion===
After the speaker presentation, the chapter and online host should facilitate a moderated discussion about a range of topics (initially related to the speakers topics, but also a related list of round table items proposed prior to, or during the meeting.

=== 6. Closing Remarks===

The chapter host should close the meeting with an announcement of the date, time, and location of the next meeting, including the speaker details.

== Speaker Rules ==

Speakers must comply with the standard [https://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. Slides and media will be shared to the online community by the online organizer, and as a result must be shared a week in advance to allow for proper testing.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
| align="center" style="background:#f0f0f0;"|'''Media'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathon Marcil||Toronto, Montreal, Ottawa, Quebec || [http://www.youtube.com/watch?v=VZHp5Ssi67U Stream]
|-
| 9/4/2013||GMT-6||OWASP Oklahoma||TBD||TBD||TBD ||
|-
| 10/10/2013||GMT-4||OWASP NYC (Tentative) ||TBD||TBD||TBD ||
|-
| 11/6/2013||GMT-0||TBD||TBD||TBD||TBD ||
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD ||
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD ||
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD ||
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD ||
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD ||
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD ||
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD ||
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD ||
|}

Global Chapter Meetup

2013-08-16T16:36:31Z

Yvan Boily:

= OWASP Global Chapter Meetings =

In addition to local chapter meetings organized by leaders in communities all over the world, OWASP Global Chapter meetings are an opportunity for community members that don't have access to a local chapter to get engaged and participate in OWASP discussions. This is a new initiative, and volunteers to help with the organizational, technical, and social challenges are invited to participate!

== Meeting Format ==

Ideally Global Chapter meetings should follow a rough format:

=== 1. Host Chapter Introduction===
The host chapter should introduce themselves, announce the chapter, and announce which chapters are participating.

=== 2. Participating Chapter Introductions===
Individual chapters should have the opportunity to introduce themselves, and the number of people in attendance.

=== 3. OWASP Monthly Updates ===
A guest speaker (such as a chapter or project lead, board member, OWASP staff member) should work through a set of chapter items collected in advance of the meeting to update the community on the last months events, announcements, and any interesting things that have happened. Upcoming chapter meetings should most definitely be referenced (either as a count, or listing chapters that have meetings before the next global chapter meeting.

=== 4. Speaker Presentation===
The chapter host should introduce the speaker, and then hand off the session to the speaker, with the chapter and online hosts working to ensure that questions from remote participants are raised (and repeated for the audience).

=== 5. Moderated Round Table Discussion===
After the speaker presentation, the chapter and online host should facilitate a moderated discussion about a range of topics (initially related to the speakers topics, but also a related list of round table items proposed prior to, or during the meeting.

=== 6. Closing Remarks===

The chapter host should close the meeting with an announcement of the date, time, and location of the next meeting, including the speaker details.

== Speaker Rules ==

Speakers must comply with the standard [https://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. Slides and media will be shared to the online community by the online organizer, and as a result must be shared a week in advance to allow for proper testing.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
| align="center" style="background:#f0f0f0;"|'''Media'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathon Marcil||Toronto, Montreal, Ottawa, Quebec || [http://www.youtube.com/watch?v=VZHp5Ssi67U Stream]
|-
| 9/4/2013||GMT-6||TBD||TBD||TBD||TBD ||
|-
| 10/10/2013||GMT-4||OWASP NYC (Tentative) ||TBD||TBD||TBD ||
|-
| 11/6/2013||GMT-0||TBD||TBD||TBD||TBD ||
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD ||
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD ||
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD ||
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD ||
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD ||
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD ||
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD ||
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD ||
|}

Global Chapter Meetup

2013-08-15T21:42:36Z

Yvan Boily:

= OWASP Global Chapter Meetings =

In addition to local chapter meetings organized by leaders in communities all over the world, OWASP Global Chapter meetings are an opportunity for community members that don't have access to a local chapter to get engaged and participate in OWASP discussions. This is a new initiative, and volunteers to help with the organizational, technical, and social challenges are invited to participate!

== Meeting Format ==

Ideally Global Chapter meetings should follow a rough format:

=== 1. Host Chapter Introduction===
The host chapter should introduce themselves, announce the chapter, and announce which chapters are participating.

=== 2. Participating Chapter Introductions===
Individual chapters should have the opportunity to introduce themselves, and the number of people in attendance.

=== 3. OWASP Monthly Updates ===
A guest speaker (such as a chapter or project lead, board member, OWASP staff member) should work through a set of chapter items collected in advance of the meeting to update the community on the last months events, announcements, and any interesting things that have happened. Upcoming chapter meetings should most definitely be referenced (either as a count, or listing chapters that have meetings before the next global chapter meeting.

=== 4. Speaker Presentation===
The chapter host should introduce the speaker, and then hand off the session to the speaker, with the chapter and online hosts working to ensure that questions from remote participants are raised (and repeated for the audience).

=== 5. Moderated Round Table Discussion===
After the speaker presentation, the chapter and online host should facilitate a moderated discussion about a range of topics (initially related to the speakers topics, but also a related list of round table items proposed prior to, or during the meeting.

=== 6. Closing Remarks===

The chapter host should close the meeting with an announcement of the date, time, and location of the next meeting, including the speaker details.

== Speaker Rules ==

Speakers must comply with the standard [https://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. Slides and media will be shared to the online community by the online organizer, and as a result must be shared a week in advance to allow for proper testing.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
| align="center" style="background:#f0f0f0;"|'''Media'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathon Marcil||Toronto, Montreal, Ottawa, Quebec || [http://www.youtube.com/watch?v=VZHp5Ssi67U Stream]
|-
| 9/4/2013||GMT-6||TBD||TBD||TBD||TBD ||
|-
| 10/2/2013||GMT-4||TBD||TBD||TBD||TBD ||
|-
| 11/6/2013||GMT-0||TBD||TBD||TBD||TBD ||
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD ||
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD ||
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD ||
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD ||
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD ||
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD ||
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD ||
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD ||
|}

Global Chapter Meetup

2013-08-15T16:06:29Z

Yvan Boily:

Global Chapter Meetup

2013-08-15T15:38:19Z

Yvan Boily: Created page with "This is the landing page for the monthly global chapter meetup. == Schedule == {| {{table}} | align="center" style="background:#f0f0f0;"|'''Date''' | align="center" style="ba..."

This is the landing page for the monthly global chapter meetup.

== Schedule ==
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''Date'''
| align="center" style="background:#f0f0f0;"|'''Proposed Time Zone'''
| align="center" style="background:#f0f0f0;"|'''Host Chapter'''
| align="center" style="background:#f0f0f0;"|'''Chapter Contact'''
| align="center" style="background:#f0f0f0;"|'''Online Contact'''
| align="center" style="background:#f0f0f0;"|'''Participating Chapters'''
|-
| 8/7/2013||GMT-8||Vancouver||Yvan Boily||Jonathon Marcil||Toronto, Montreal, Ottawa, Quebec
|-
| 9/4/2013||GMT-6||TBD||TBD||TBD||TBD
|-
| 10/2/2013||GMT-4||TBD||TBD||TBD||TBD
|-
| 11/6/2013||GMT-0||TBD||TBD||TBD||TBD
|-
| 12/4/2013||GMT+1||TBD||TBD||TBD||TBD
|-
| 1/4/2014||GMT+3||TBD||TBD||TBD||TBD
|-
| 2/1/2014||GMT+4||TBD||TBD||TBD||TBD
|-
| 3/5/2014||GMT+5||TBD||TBD||TBD||TBD
|-
| 4/2/2014||GMT+6||TBD||TBD||TBD||TBD
|-
| 5/7/2014||GMT+7||TBD||TBD||TBD||TBD
|-
| 6/4/2014||GMT+9||TBD||TBD||TBD||TBD
|-
| 7/2/2014||GMT+10||TBD||TBD||TBD||TBD
|}

Vancouver

2013-07-31T16:36:50Z

Yvan Boily:

{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is _______________________
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}

== 2013 Meetings ==

{| class="wikitable"
|-
! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
|-
| August 7, 2013 || Mozilla Vancouver || Raymond Forbes || Owasp Canada Intro & Bug Bounty Programs || [[http://www.eventbrite.ca/event/7683697145 Register Here!]]
|-
| September 30, 2013 || TBD || TBD || TBD ||
|-
| October 28, 2013 || TBD || TBD || TBD ||
|-
| November 25, 2013 || TBD || TBD || TBD ||
|}

== 2012 Meetings ==
You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].

=== May 2012 ===

'''OAuth-based single sign-on in Real-world Implementations'''

'''Speaker:''' San-Tsai Sung

'''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Mozilla Vancouver, Suite 209, 163 West Hastings,
Vancouver, BC (Buzzer code is in the directory)

=== January 2012 ===

'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''

'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation

'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Ping Identity,
200 - 788 Beatty St,
Vancouver

'''About Ping Identity
'''
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.

[[Category:British Columbia]]

Vancouver

2013-07-31T16:36:26Z

Yvan Boily:

{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is _______________________
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}

== 2013 Meetings ==

{| class="wikitable"
|-
! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
|-
| August 7, 2013 || Mozilla Vancouver || Raymond Forbes || Owasp Canada Intro & Bug Bounty Programs || [[http://www.eventbrite.ca/event/7683697145 Register Here!]]
|-
| September 30, 2013 || TBD || TBD || TBD
|-
| October 28, 2013 || TBD || TBD || TBD
|-
| November 25, 2013 || TBD || TBD || TBD
|}

== 2012 Meetings ==
You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].

=== May 2012 ===

'''OAuth-based single sign-on in Real-world Implementations'''

'''Speaker:''' San-Tsai Sung

'''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Mozilla Vancouver, Suite 209, 163 West Hastings,
Vancouver, BC (Buzzer code is in the directory)

=== January 2012 ===

'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''

'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation

'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Ping Identity,
200 - 788 Beatty St,
Vancouver

'''About Ping Identity
'''
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.

[[Category:British Columbia]]

Vancouver

2013-03-11T04:03:26Z

Yvan Boily:

{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is Yvan Boily (yvanboily at gmail.com).
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}

== 2013 Meetings ==

{| class="wikitable"
|-
! Date !! Location !! Speaker !! Topic
|-
| March 25, 2013 || Mozilla Vancouver || TBD || TBD
|-
| April 29, 2013 || Mozilla Vancouver || TBD || TBD
|-
| May 27, 2013 || TBD || TBD || TBD
|-
| June 24, 2013 || TBD || TBD || TBD
|-
| July 29, 2013 || TBD || TBD || TBD
|-
| August 26, 2013 || TBD || TBD || TBD
|-
| September 30, 2013 || TBD || TBD || TBD
|-
| October 28, 2013 || TBD || TBD || TBD
|-
| November 25, 2013 || TBD || TBD || TBD
|}

== 2012 Meetings ==
You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].

=== May 2012 ===

'''OAuth-based single sign-on in Real-world Implementations'''

'''Speaker:''' San-Tsai Sung

'''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Mozilla Vancouver, Suite 209, 163 West Hastings,
Vancouver, BC (Buzzer code is in the directory)

=== January 2012 ===

'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''

'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation

'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Ping Identity,
200 - 788 Beatty St,
Vancouver

'''About Ping Identity
'''
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.

[[Category:British Columbia]]

Vancouver

2011-12-21T08:35:09Z

Yvan Boily:

Vancouver

2011-12-21T08:31:15Z

Yvan Boily:

Vancouver

2011-12-21T08:28:43Z

Yvan Boily:

{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is Rui Pereira (ruiper (at) wavefrontcg (dot) com).
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}
{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is Yvan Boily (yvanboily at gmail.com).
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}

== 2012 Meetings ==

=== January 2012 ===

'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''

'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation

'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''

'''Location:'''
Ping Identity,
200 - 788 Beatty St,
Vancouver

'''About Ping Identity
'''
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.

[[Category:British Columbia]]

Defenders

2011-02-23T17:38:48Z

Yvan Boily:

==== OWASP Defenders ====

{| width="100%"
|- valign="top"
|
'''Defenders Community'''

A community of security professionals and stakeholders with the common goal of advancing the state of security in the area of application defense, including the tools and techniques that enable the detection and response to application layer attacks.

 '''Examples'''

AppSensor, ModSecurity, Real Time Log Analysis, Application Trending Techniques

 '''Target Audience'''

Application Security Professionals, Infrastructure Security Teams, Developers looking to integrate defensive technologies

 '''What Are OWASP Communities?'''

Builders, Breakers and Defenders; the idea of OWASP Communities is to bring together experts in the area that they are best at with the common goal of advancing the state of application security. This approach allows similar groups of professionals and experts to tackle security problems with the involvement of the most relevant stakeholders. The intent is to drive high quality output that is immediately usable by the target audience. More information about this vision can be found [http://michael-coates.blogspot.com/2011/02/vision-for-owasp.html here]

|
[[Image:OWASP-vision.jpg]]

|}

==== The Community ====

      

{| cellspacing="1" cellpadding="1" style="width: 404px; height: 413px;"
|-
| [[Image:MichaelCoates-OWASP.jpg]] 
| '''Michael Coates''' Mozilla michael.coates@owasp.org http://michael-coates.blogspot.com @_mwc
|
|
|-
| [[Image:JohnMelton-OWASP.jpg]] 
| '''John Melton''' Wells Fargo john.melton@owasp.org http://www.jtmelton.com 
|
|
|-
| [[Image:IvanRistic-OWASP.jpg]] 
| '''Ivan Ristic''' Qualys ivanr@webkreator.com http://blog.ivanristic.com/ @ivanristic
|
|
|-
| [[Image:ColinWatson-OWASP.jpg]] 
| '''Colin Watson''' Watson Hall Ltd. colin.watson@owasp.org http://www.clerkendweller.com @clerkendweller
|
|
|-
| [[Image:RyanBarnett-OWASP.jpg]] 
| '''Ryan Barnett''' Trustwave ryan.barnett@owasp.org http://tacticalwebappsec.blogspot.com/ @ryancbarnett
|
|
|-
|  
| '''Chen King'''      
|
|
|-
|  
| '''Fernando A. Damião'''      
|
|
|-
|  
| '''Yvan Boily''' yvanboily@gmail.com @ygjb  
|
|}

Want to contribute to the OWASP Defenders Community? Add your info and send an email to [mailto:michael.coates@owasp.org michael.coates@owasp.org]
 

==== Roadmap ====
* Determine the current market need. This requires involvement from people in enterprise that are tacking these problems. No guessing about what we think people need.
* Evaluate current OWASP projects to understand match with market need and quality of projects
* Identify 3-4 projects that will be focused on for growth and promotion
* Archive other projects (within defender domain) that are abandoned or not inline with market need
* Cross training - We should all be able to help out to advance our 3-4 core projects
* Significantly advance quality of selected projects
* Community outreach for adoption
* High quality marketing efforts
* Conference presentations across multiple projects

==== Official Defender Projects ====

To be determined - see roadmap

__NOTOC__ <headertabs />