https://wiki.owasp.org/api.php?action=feedcontributions&user=Psillanp&feedformat=atomOWASP - User contributions [en]2024-03-28T08:22:58ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Helsinki&diff=255522Helsinki2019-10-16T20:45:51Z<p>Psillanp: </p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #39: Oct 22nd 2019 ==<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO, Second Nature Security (2NS)'''<br />
<br />
'''18:15 OWASP SAMM2 - your dynamic software security journey, Sebastien Deleersnyder, OWASP SAMM project leader, Managing partner Application Security, Toreon'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 Scaling up threat modeling, Mikko Saario, Security Architect, KONE Corporation'''<br />
<br />
'''20:15 Trusted Computing - beyond the TPM, Ian Oliver, Senior Security Researcher, Nokia Bell Labs'''<br />
<br />
'''21:00-> Discussions continue with Snacks, Refreshments and Sauna sponsored by 2NS.'''<br />
<br />
Please register by 21st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/265401349/ here] (Note that the seats are limited)<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Lasse Korvala, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''. [[File:OWASP_Helsinki_Sep_2019_ASVS_4.0_release.pdf]]<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom''' [[File:OWASP_Helsinki_MobileAuthnAppSecVerification.pdf]]<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia''' [[File:OWASP_presentation_-_Gabriela_Limonta.pdf]]<br />
<br />
'''21:00 Snacks/BBQ, Refreshments, Sauna & Jacuzzi'''<br />
<br />
Please register by 1st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/264058334/ here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=255520Helsinki2019-10-16T20:43:03Z<p>Psillanp: added slides for #38</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #39: Oct 22nd 2019 ==<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO, Second Nature Security (2NS)'''<br />
<br />
'''18:15 OWASP SAMM2 - your dynamic software security journey, Sebastien Deleersnyder, OWASP SAMM project leader, Managing partner Application Security, Toreon'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 Scaling up threat modeling, Mikko Saario, Security Architect, KONE Corporation'''<br />
<br />
'''20:15 Trusted Computing - beyond the TPM, Ian Oliver, Senior Security Researcher, Nokia Bell Labs'''<br />
<br />
'''21:00-> Discussions continue with Snacks, Refreshments and Sauna sponsored by 2NS.'''<br />
<br />
Please register by 21st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/265401349/ here] (Note that the seats are limited)<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Petteri Arola, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''. [[File:OWASP_Helsinki_Sep_2019_ASVS_4.0_release.pdf]]<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom''' [[File:OWASP_Helsinki_MobileAuthnAppSecVerification.pdf]]<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia''' [[File:OWASP_presentation_-_Gabriela_Limonta.pdf]]<br />
<br />
'''21:00 Snacks/BBQ, Refreshments, Sauna & Jacuzzi'''<br />
<br />
Please register by 1st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/264058334/ here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=File:OWASP_Helsinki_MobileAuthnAppSecVerification.pdf&diff=255519File:OWASP Helsinki MobileAuthnAppSecVerification.pdf2019-10-16T20:41:54Z<p>Psillanp: </p>
<hr />
<div></div>Psillanphttps://wiki.owasp.org/index.php?title=File:OWASP_Helsinki_Sep_2019_ASVS_4.0_release.pdf&diff=255518File:OWASP Helsinki Sep 2019 ASVS 4.0 release.pdf2019-10-16T20:40:32Z<p>Psillanp: </p>
<hr />
<div></div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=255517Helsinki2019-10-16T20:38:02Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #39: Oct 22nd 2019 ==<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO, Second Nature Security (2NS)'''<br />
<br />
'''18:15 OWASP SAMM2 - your dynamic software security journey, Sebastien Deleersnyder, OWASP SAMM project leader, Managing partner Application Security, Toreon'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 Scaling up threat modeling, Mikko Saario, Security Architect, KONE Corporation'''<br />
<br />
'''20:15 Trusted Computing - beyond the TPM, Ian Oliver, Senior Security Researcher, Nokia Bell Labs'''<br />
<br />
'''21:00-> Discussions continue with Snacks, Refreshments and Sauna sponsored by 2NS.'''<br />
<br />
Please register by 21st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/265401349/ here] (Note that the seats are limited)<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Petteri Arola, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom'''<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia''' <br />
<br />
'''21:00 Snacks/BBQ, Refreshments, Sauna & Jacuzzi'''<br />
<br />
Please register by 1st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/264058334/ here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=File:OWASP_presentation_-_Gabriela_Limonta.pdf&diff=255516File:OWASP presentation - Gabriela Limonta.pdf2019-10-16T20:34:26Z<p>Psillanp: </p>
<hr />
<div>If you like it then you shoulda put a TPM on it</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=255515Helsinki2019-10-16T20:31:30Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #39: Oct 22nd 2019 ==<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO, Second Nature Security (2NS)'''<br />
<br />
'''18:15 OWASP SAMM2 - your dynamic software security journey, Sebastien Deleersnyder, OWASP SAMM project leader, Managing partner Application Security, Toreon'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 Scaling up threat modeling, Mikko Saario, Security Architect, KONE Corporation'''<br />
<br />
'''20:15 Trusted Computing - beyond the TPM, Ian Oliver, Senior Security Researcher, Nokia Bell Labs'''<br />
<br />
'''21:00-> Discussions continue with Snacks, Refreshments and Sauna sponsored by 2NS.'''<br />
<br />
Please register by 21st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/265401349/ here] (Note that the seats are limited)<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Petteri Arola, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom'''<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia'''<br />
<br />
'''21:00 Snacks/BBQ, Refreshments, Sauna & Jacuzzi'''<br />
<br />
Please register by 1st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/264058334/ here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=253819Helsinki2019-08-17T10:47:53Z<p>Psillanp: /* OWASP Helsinki chapter meeting #38: Sep 3rd 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Petteri Arola, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom'''<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia'''<br />
<br />
'''21:00 Snacks/BBQ, Refreshments, Sauna & Jacuzzi'''<br />
<br />
Please register by 1st of Sep [https://www.meetup.com/OWASP-Helsinki-Chapter/events/264058334/ here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=253818Helsinki2019-08-17T10:42:11Z<p>Psillanp: /* OWASP Helsinki chapter meeting #38: Sep 3rd 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Petteri Arola, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom'''<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia'''<br />
<br />
'''21:00 Snacks/BBQ, Refreshments, Sauna & Jacuzzi'''<br />
<br />
Please register by 1st of Sep here (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=253817Helsinki2019-08-17T10:38:09Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #38: Sep 3rd 2019 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta 1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Petteri Arola, Chapter leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 What's new in the ASVS 4.0, Josh Grossman, OWASP ASVS Project co-leader, Head of Security Services, AppSec Labs'''<br />
<br />
'''19:15 Break'''<br />
<br />
'''19:30 How to determine the security of a mobile authentication app, Petteri Ihalainen, Senior Specialist, Traficom'''<br />
<br />
'''20:15 If you like it then you shoulda put a TPM on it 🎵, Gabriela Limonta, Security Researcher, Nokia'''<br />
<br />
'''21:00 Snacks & Refreshments & Sauna'''<br />
<br />
Please register by 1st of Sep here (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=251031Helsinki2019-05-03T21:23:14Z<p>Psillanp: /* OWASP Helsinki chapter meeting #37: May 21st 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-37-tickets-61322317703 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=251030Helsinki2019-05-03T21:18:35Z<p>Psillanp: /* Chapter Meetings */ #37</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #37: May 21st 2019 ==<br />
'''Location: KONE, Keilasatama 5, 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, KONE'''<br />
<br />
'''18:10 Blockchains; How secure are they in practice in an IoT disrupted world and making the things secure, Onur Zengin, Senior Software Security Architect, KONE'''<br />
<br />
'''18:50 Break: Snacks & Refreshments'''<br />
<br />
'''19:20 Traficom's security label for IoT consumer devices - goals and challenges (tietoturvamerkki), Juhani Eronen and Saana Seppänen, Traficom'''<br />
<br />
'''19:50 Deploying a bug bounty / test automation environment for thousands of IoT devices with Kubernetes, Pekka Sillanpää, CTO and Teemu Huhtala, Senior SW engineer, Tosibox'''<br />
<br />
'''20:30 Networking with peers'''<br />
<br />
'''21:00 Discussions continue in Sauna/Jacuzzi on the top of Keilaranta 1 (neighbour building) sponsored by 2NS'''<br />
<br />
Please register by 13th of May [link] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=248064Helsinki2019-02-28T16:57:44Z<p>Psillanp: /* OWASP Helsinki chapter meeting #36: Feb 12th 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu''' [https://www.slideshare.net/AnneOikarinen1/what-every-developer-and-tester-should-know-about-software-security]<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=248063Helsinki2019-02-28T16:56:08Z<p>Psillanp: </p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break'''<br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' [[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=248062Helsinki2019-02-28T16:55:00Z<p>Psillanp: /* OWASP Helsinki chapter meeting #36: Feb 12th 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break'''<br />
[[File:OWASP Helsinki - Security in Agile Development (1).pdf|thumb]]<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma''' <br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=File:OWASP_Helsinki_-_Security_in_Agile_Development_(1).pdf&diff=248059File:OWASP Helsinki - Security in Agile Development (1).pdf2019-02-28T16:53:50Z<p>Psillanp: </p>
<hr />
<div>Slides from Helsinki chapter meeting #36</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=247343Helsinki2019-02-12T14:45:17Z<p>Psillanp: </p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break''' <br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma'''<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' [[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=247342Helsinki2019-02-12T14:44:55Z<p>Psillanp: /* OWASP Helsinki chapter meeting #36: Feb 12th 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break''' <br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma'''<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' <br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited). <br />
[[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=247341Helsinki2019-02-12T14:44:13Z<p>Psillanp: /* OWASP Helsinki chapter meeting #36: Feb 12th 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break''' <br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma'''<br />
[[File:DeathStarArchitecture v0.8 DRAFT.pdf|thumb]]<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers''' <br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited). <br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
<br />
[[Category:OWASP Chapter]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=File:DeathStarArchitecture_v0.8_DRAFT.pdf&diff=247340File:DeathStarArchitecture v0.8 DRAFT.pdf2019-02-12T14:43:45Z<p>Psillanp: </p>
<hr />
<div>Architecture diagram for Cornucopia</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=246780Helsinki2019-01-23T17:19:14Z<p>Psillanp: /* OWASP Helsinki chapter meeting #36: Feb 12th 2019 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break''' <br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma'''<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers'''<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
<br />
Please register by 10th of Feb https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-36-tickets-55288270706 (Note that the seats are limited). <br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=246779Helsinki2019-01-23T17:09:48Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #36: Feb 12th 2019 ==<br />
'''Location: Veikkaus, Aku Korhosen tie 2, 00440 Helsinki'''<br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor, Veikkaus''' <br />
<br />
'''18:10 What Every Developer and Tester Should Know About Software Security, Anne Oikarinen, Senior Security Consultant, Nixu'''<br />
<br />
'''18:50 Break''' <br />
<br />
'''19:00 Security in Agile Development, Joakim Tauren, Application Security Architect, Visma'''<br />
<br />
'''19:45 OWASP Cornucopia - a live card game session, Veikkaus + volunteers'''<br />
<br />
'''20:15 Snacks & Refreshments''' <br />
Please register by 10th of Feb (link soon) (Note that the seats are limited). <br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=245362Helsinki2018-11-21T21:34:25Z<p>Psillanp: added links to slides</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS''' [[File:Nurmi_BugBounty_slides.zip]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' [[File:Running a successful bug bounty program - public.pdf]]<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=File:Running_a_successful_bug_bounty_program_-_public.pdf&diff=245361File:Running a successful bug bounty program - public.pdf2018-11-21T21:32:33Z<p>Psillanp: Slides from Owasp Helsinki chapter meeting #35</p>
<hr />
<div>Slides from Owasp Helsinki chapter meeting #35</div>Psillanphttps://wiki.owasp.org/index.php?title=File:Nurmi_BugBounty_slides.zip&diff=245360File:Nurmi BugBounty slides.zip2018-11-21T21:31:21Z<p>Psillanp: Bug Bounty Slides from Owasp Helsinki Chapter meeting #35</p>
<hr />
<div>Bug Bounty Slides from Owasp Helsinki Chapter meeting #35</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=245359Helsinki2018-11-21T21:28:41Z<p>Psillanp: added new chapter leaders</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen], [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen], [mailto:petri.koistinen@nixu.com Petri Koistinen] and [mailto:lasse.korvala@gmail.com Lasse Korvala].<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)''' <br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS'''<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi''' <br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=244287Helsinki2018-10-16T15:39:02Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS'''<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi'''<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-35-tickets-51465932991 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=244286Helsinki2018-10-16T15:25:04Z<p>Psillanp: /* Sponsorship/Membership */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #35: Nov 6th 2018 ==<br />
'''Location: Second Nature Security (2NS), Keilaranta1 (auditorium Ankkuri), 02150 Espoo'''<br />
<br />
'''Time: 17:30-21:00'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words, Pekka Sillanpää, Chapter co-leader - OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)'''<br />
<br />
'''18:15 Hunting for bounties in a web browser, Juho Nurminen, White Hat Hacker, InfoSec Specialist - 2NS'''<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 How to become a bug bounty hunter, Iiro Uusitalo, Cloud and Security Specialist - Solita'''<br />
<br />
'''19:30 Running a successful bug bounty program, Thomas Malmberg, Partner & Owner - Hackrfi'''<br />
<br />
'''19:50 Short break'''<br />
<br />
'''20:00 Panel & Discussion about bug bounty with Juho, Iiro and Thomas'''<br />
<br />
'''20:30 Snacks & Refreshments'''<br />
<br />
Please register by 4th of Nov [] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=241236Helsinki2018-06-11T09:00:11Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15''' '''Best friends: API security & API management, Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=241098Helsinki2018-06-03T10:48:39Z<p>Psillanp: </p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 [TBD, about API security], Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 10th of Jun https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=241097Helsinki2018-06-03T10:47:15Z<p>Psillanp: /* OWASP Helsinki chapter meeting #34: Jun 12th 2018 */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 [TBD, about API security], Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages'''<br />
<br />
Please register by 12th of Nov https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-34-tickets-46690898735 (Note that the seats are limited). <br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=241096Helsinki2018-06-03T10:33:26Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #34: Jun 12th 2018 ==<br />
'''Location: Eficode, Pohjoinen Rautatiekatu 25, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-21:30'''<br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Pekka Sillanpää OWASP Helsinki'''<br />
<br />
'''18:05 Words from the sponsor / Pekka Siltala-Li / Eficode'''<br />
<br />
'''18:15 Perfectly secure API, Matti Suominen, Lead Security Consultant - Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 [TBD, about API security], Antti Virtanen, Software Architect, Solita''' <br />
<br />
'''20:00-21:30 Sauna, Snacks & Beverages''' <br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=235207Helsinki2017-11-08T19:23:38Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-33-tickets-39656996143 here] (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=235159Helsinki2017-11-07T14:53:44Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #33: Nov 14th 2017 ==<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki''' <br />
<br />
'''18:05 Words from the sponsor'''<br />
<br />
'''18:10 Coping with GDPR requirements in development, Kira Ahveninen-Kuha, Lead, Data Protection and Cybersecurity Law, Nixu'''<br />
<br />
'''19:00 Break''' <br />
<br />
'''19:15 Integrating Privacy Work in Threat Modeling and Design Review, Antti Vähä-Sipilä, Principal Security Consultant, F-Secure'''<br />
<br />
'''20:00 Panel & Discussion – Kira and Antti debate about privacy and GDPR with the audience'''<br />
<br />
'''20:30 OWASP Helsinki DevSecOps Hackathon: Lessons learned, Pekka Sillanpää, OWASP Helsinki''' <br />
<br />
'''21:00-22:00 Snacks & Refreshments''' <br />
<br />
Please register by 12th of Nov here (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon_write-up&diff=234259OWASP Helsinki DevSecOps Hackathon write-up2017-10-10T14:31:27Z<p>Psillanp: Fixed few typos</p>
<hr />
<div>Now it's time to tell about the hackathon, where 15 OWASP volunteers from 10 different companies gathered on Wed September 27th to find out how to add security into devops process in real life. This was done as a DevSecOps mini hackathon. While normally hackathons may last even two full days, this lasted only 12 hours. It was organized at Nixu’s office in the beautiful Keilaniemi area. We had really enthusiastic athmosphere!<br />
<br />
Many of the participants already had former experience of the CI tools and Docker, while the others had experience on some of the security testing tools, which was a nice starting point for the hackathon. At least the organizers who prepared the environment definitely learned a lot while preparing the hackathon setup! It was a great experience! Even if e.g. Docker, Jenkins and the basics of CI were familiar in theory level for most of the participants, it was exciting to dive much deeper into the practical challenges of these tools!<br />
<br />
== Goal ==<br />
Initially, we had prepared a CI setup for OWASP Juice Shop application. Juice Shop is a web application that intentionally contains typical web application vulnerabilities, and has a nice set of unit tests and end-to-end tests. (The project is located here: <nowiki>https://www.owasp.org/index.php/OWASP_Juice_Shop_Project</nowiki>) This project was forked into own repository under owasp-helsinki GitHub group and a Jenkins pipeline was created to build and deploy the Juice Shop as a Docker container.<br />
<br />
We had three tracks in the hackathon:<br />
# Application security testing<br />
# Platform hardening and testing<br />
# Vulnerability management<br />
The main goal of the hackathon was to add security to CI pipeline, by using open source tools. The maturity and applicability of these tools for automated use in a CI pipeline was initially unknown. Many of these tools are developed under an OWASP project. Each track was responsible of investigating and configuring the tools relevant to their track, and see how applicable they are.<br />
<br />
== Setup ==<br />
<br />
=== AWS infrastructure ===<br />
We had six Amazon AWS Medium EC2 instances that was accessible from the hackathon Wi-Fi network.<br />
<br />
The following diagram describes the setup:<br />
[[File:Hackathon setup.png|none|thumb|523x523px|The AWS setup for the hackathon]]<br />
<br />
Every track had two instances. One instance was for running Jenkins pipeline defined in GitHub and running the target Juice Shop Docker image from Docker Hub. The other was for installing the required testing tools. We wanted to keep the jenkins/deployment environment stable and to allow flexible installation for the tools.<br />
<br />
We shared owasp-hackathon SSH private key and a proper config file for all participants. Network access to the servers was limited only to the wi-fi network of the hackathon venue. Accesses from all servers to all servers were opened at AWS level both from their private and public IP-addresses, as the traffic was initially blocked. It was also noteworthy to see that even though the servers were opened at the same time, the public IP-addresses were in totally different B-class networks!<br />
<br />
=== CI Pipeline ===<br />
The pipeline was made using Jenkins Pipelines (JenkinsFile), which contained initially few stages (more info here: https://www.owasp.org/index.php/OWASP_Helsinki_DevSecOps_Hackathon).<br />
<br />
Basically the pipeline had initially 5 stages. Stages are the different phases in Jenkins pipeline, that can be considered as "scripts" and measured independently.<br />
<br />
== Schedule ==<br />
The event was basically divided into two parts: before-pizza and after-pizza.<br />
<br />
12:00 - 12:30 Introduction to environment, tracks & goals<br />
<br />
12:30 - 17:00 Track work<br />
<br />
17:00 - 17:30 Preparation of track presentations<br />
<br />
17:30 - 18:00 Pizza & beverages<br />
<br />
18:00 - 18:30 Tracks presents their results and the next steps<br />
<br />
19:00 - 21:30 Track work continues<br />
<br />
21:30 - 22:00 Preparation of track presentations<br />
<br />
22:00 - 22:45 Tracks presents results<br />
<br />
22:45 - 23:00 Final wrap-up<br />
<br />
After the first section, the tracks gave a presentation of the achievements and their intended next steps. Around 22:30 we started to go through the final achievements and had a quick wrap-up of the results.<br />
<br />
== Achievements ==<br />
The following simplified diagram summarizes the achievements of the hackathon. We did not have time to bundle every possible security testing tool to the pipeline, but each track chose the optimal location for each stage for the tools.<br />
[[File:Oversimplified hachathon pipeline.png|none|thumb|793x793px]]<br />
<br />
Here is more complex, and more accurate version of the Pipeline diagram with all the stages that were in the final pipeline.<br />
[[File:Hackathon pipeline final.png|none|thumb|1250x1250px|The intended CI-pipeline based on the work done during the hackathon]]<br />
<br />
As we can see, this diagram looks much more complex than the one we initially had in mind before the hackathon (presented here: https://www.owasp.org/index.php/OWASP_Helsinki_DevSecOps_Hackathon). But the same basic stages are there, but split in more specific locations based on the tool's applicability.<br />
<br />
The tracks contributed (at least some) of their work to OWASP Helsinki's GitHub repository.<br />
<br />
https://github.com/owasp-helsinki/<br />
<br />
The testing images of juice-shop were pushed to Docker Hub under /helsinkiowasp<br />
<br />
=== Track 1 achievements: Platform security hardening and testing ===<br />
Track 1 splitted into two branches, one for hardening the Docker image and one for testing the Docker image hardening. The hardening branch started with a nice script for hardening the web server, blocking all unnecessary and possibly harmful URLS. This branch also applied the hardening recommendations given in the previous OWASP Helsinki Chapter meeting (slides here [https://www.owasp.org/index.php/File:Owasp-Helsinki-20170613-Docker-Security.pdf%29 https://www.owasp.org/index.php/File:Owasp-Helsinki-20170613-Docker-Security.pdf)]<br />
<br />
Testing branch chose Clair as their tool for testing the vulnerabilities in the docker container. Clair assumed the target to be in a Docker Hub or similar public location, and the team spent time to make it available for local testing. In the end it was also realized that the images can be pushed to Docker Hub with a tag (e.g. "testing"), to prevent the image to be run in any real environment.<br />
<br />
(MORE INFORMATION TO BE INSERTED HERE)<br />
<br />
=== Track 2 achievements: Application security testing ===<br />
Track 2 started to implement OWASP Dependency Check utility, that checks the versions of the used libraries and reports if there are any known, publicly disclosed, vulnerabilities. They installed the Jenkins OWASP Dependency Check Plugin.<br />
<br />
Dependency Check scan was added as part of a build process in the Jenkinsfile. The analyzer was configured to read the npm's package.json file. The detailed analysis report was seen in the HTML report (but was not analysed further for detailed findings). Getting the check work as a Jenkins plugin in the pipeline involved setting up a missing directory for a feature that was not needed in the first place, but could not be disabled.<br />
<br />
OWASP Zed Attack Proxy (ZAP) was integrated to the build pipeline in two phases. First, because ZAP doesn't really know a whole lot about the target application, it needs to be taught how to log in and navigate the functionality. For that the team used Juice Shop's end-to-end tests, so that the testing was done with ZAP acting as a passive proxy, recording the traffic. That involved reconfiguring end to end test to use ZAP as a proxy, but unfortunately that did break some of the test cases for unknown reason. Juice Shop does use socket.io in communications, and finding correct ZAP configs (connection timeouts etc) might have fixed that.<br />
<br />
Second, Jenkins plugin for ZAP was used to scan the target application. For that the recorded ZAP session was imported to Jenkins ZAP plugin.<br />
<br />
One possible concern with the setup was that the target application used JWT for maintaining authentication, but the expiration time for tokens turned out to be long enough so that they were still fresh after running the first phase. (I.e. security scanning could use the same tokens as end-to-end test.)<br />
<br />
Something to look at to make ZAP work more reliably, could be https://github.com/continuumsecurity/bdd-security, which was not assessed during this hackathon.<br />
<br />
Plugin installations and configuring was done directly at Jenkins, which ran in a container, so it was not a persistent way to store them.<br />
<br />
=== Track 3 achievements: Vulnerability management ===<br />
The goal of this track was to apply vulnerability management practices.<br />
<br />
Track started by investigating the Defect Dojo tool. It was quite straightforward to understand the data model, which contained:<br />
* product type (e.g. for grouping critical business applications)<br />
* product (separate applications / systems)<br />
* engagements (for linking various testing activities to specific product)<br />
* test (to describe specific type of test done during an engagement)<br />
* finding (an issue found during the test)<br />
They created a business critical product type, and created a product called "Juice Shop". First they played with different engagements and tests to find the proper way of using the system in vulnerability management. Then the importing capabilities were tested from ZAP tool. This worked well, but importing an OWASP Dependency checker file crashed the system, which was probably due to a newer file format that the system expected. Creating findings manually worked well.<br />
<br />
Lot of time was spent trying to figure out how to import files via the API. Eventually, a nice script was pointed in the Defect Dojo slack channel: https://github.com/aaronweaver/defectdojo_api/blob/master/examples/dojo_ci_cd.py. There was not enough time to make this work properly in the pipeline, as the proper way of usage of that (API keys, etc) was found too late. However, this probably could take it a bit further.<br />
<br />
JIRA integration took a lot of time. The JIRA instance itself was easy to run as a docker container, short configuration. Defect Dojo had generally a good documentation and also instructions to setup JIRA bidirectional integration. However, we had already created the product. Enabling JIRA did not enable JIRA configuration options for the existing Juice Shop project. After a long struggle, we asked for help at the Slack channel again. Got some answers from the developer, and then we tried to create a new project, and voilá, the JIRA options appeared to this new product. However, we could not get any JIRA issues to be created, and thus could not test the JIRA webhook based JIRA→DefectDojo integration.<br />
<br />
This track was evaluating this pipeline with Defect Dojo / JIRA etc. form NIST vulnerability management program perspective. They found that quite many areas are actually not covered by these tools, but a quite good coverage can be achieved by applying some processes especially to JIRA -> Developers, Admins and Decision makers. Initial slideset on this topic was created, but it will probably still evolve.<br />
<br />
Possible observations/bugs were detected during the hackathon:<br />
* Crashes when importing OWASP Dependency Check files<br />
* If JIRA integration is enabled later, the products created before JIRA integration cannot be configured to use JIRA<br />
* JIRA import does not start for ZAP file import<br />
* JIRA issues were not created, even though the Celery started processing a new issue. No error messages or whatsoever could be found.<br />
* Uploading Threat modeling documentation crashed the system<br />
* Scanning DefectDojo with ZAP made the system very unstable, and we had to reinstall it.<br />
<br />
== Lessons learned ==<br />
The most obvious thing we learned was that the tools we tested are not yet mature to be easily bundled into a CI pipeline. We had many experienced people trying to make these tools work. Even though the tools generally had quite good documentation, our use cases seemingly were not the typical use case scenarios. Therefore, at the current state, we think that implementing security into the CI pipeline with the open source tools that were used in this hackathon, may be slow and expensive. Many of the features are not very well documented, and they contain bugs that are time consuming to debug.<br />
<br />
During this hackathon, we did not get the whole "ideal" process working, so we don't know what kind of practical challenges it might have. However, some thoughts rose into mind:<br />
* There is a lot of noise and false positives in the vulnerability scanner results. This should be reduced so that the accuracy of the tools used in the CI/CD-pipeline should be maximized by using lot of effort in proper configuration. Instead of getting maximum amount of findings, concentrate on getting real findings.<br />
* Communication to the business people may be tricky, as these tools cannot tell the business impacts of the identified vulnerabilities, which may slow down the decision process.<br />
Generally this hackathon was considered to be a success what comes to learning. We had a question round in the end, and every participant had a good learning experience, both security tools and the world of CI pipelines and Docker. CI pipelines generally are becoming more and more familiar concept, but security testing bundled to that is still something not many are actively doing. This hackathon was a journey to find out reasons why, and even in this short time we were able to conclude that this area still requires more development and community work to make this more practical and straightforward to start be used daily as a part of CI.<br />
<br />
If you have been building or seen working pipelines with these tools (or some other) bundled, please let us know how well it has worked. We know that there are also commercial vendors that are actively making their tools CI/CD compliant, and we are also interested in hearing of success stories related to any free or commercial tools, with practical examples how they are used, and how well they work.<br />
<br />
== Future work ==<br />
It would be really nice to see the whole pipeline with all stages working, as there are not many good real life practical examples available. Many high level diagrams have been seen in many presentations.<br />
<br />
During the hackathon we found an OWASP project AppSec Pipeline which looks interesting: [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline#tab=Main https://www.owasp.org/index.php/OWASP_AppSec_Pipeline#tab=Main.] This definitely is worth looking a bit futher, even though the latest activities seemed to be from 2015.<br />
<br />
If anyone has pointers to good and practical CI/CD-pipelines with security tools bundled in, we are interested to hear about those!<br />
<br />
The following action points were left open:<br />
* Investigate more Engagement survey addon for Defect Dojo, that allows inputting more specific background information about the engagement for the record<br />
* If this pipeline finally starts working, we could start including other tools and make practical Jenkins pipelines / stages available for easy installation, and practical instructions on how to start<br />
* Code analysis tools should be bundled there too<br />
* Should we organize a new Hackathon? This was considered a really good way of learning - and many participants were eager to join then next time, so definititely yes!</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon_write-up&diff=234251OWASP Helsinki DevSecOps Hackathon write-up2017-10-10T10:05:06Z<p>Psillanp: </p>
<hr />
<div>Now it's time to tell about the hackathon, where 15 OWASP volunteers from 10 different companies gathered on Wed September 27th to find out how to add security into devops process in real life. This was done as a DevSecOps mini hackathon. While normally hackathons may last even two full days, this lasted only 12 hours. It was organized at Nixu’s office in the beautiful Keilaniemi area. We had really enthusiastic athmosphere.<br />
<br />
Many of the participants already had former experience of the CI tools and docker, while the others had experience some of the security testing tools, which was a nice starting point for the hackathon. At least the organizers who prepared the environment definitely learned a lot while preparing the hackathon setup! It was a great experience! Even if e.g. Docker, Jenkins and the basics of CI were familiar in theory level for most of the participants, it was exciting to dive much deeper into the practical challenges of them!<br />
<br />
== Goal ==<br />
Initially, we had prepared a CI setup for OWASP Juice Shop application. Juice Shop is a web application that intentionally contains typical web application vulnerabilities, and has a nice set of unit tests and end-to-end tests. (The project is located here: <nowiki>https://www.owasp.org/index.php/OWASP_Juice_Shop_Project</nowiki>) This project was forked into own repository under owasp-helsinki GitHub group and a Jenkins pipeline was created to build and deploy the Juice Shop as a Docker container.<br />
<br />
We had three tracks in the hackathon:<br />
# Application security testing<br />
# Platform hardening and testing<br />
# Vulnerability management<br />
The main goal of the hackathon was to add security to CI pipeline, by using open source tools. The maturity and applicability of these tools for automated use in a CI pipeline was initially unknown. Many of these tools are developed under an OWASP project. Each track was responsible of investigating and configuring the tools relevant to their track, and see how applicable they are.<br />
<br />
== Setup ==<br />
<br />
=== AWS infrastructure ===<br />
We had six Amazon AWS Medium EC2 instances that was accessible from the hackathon Wi-Fi network.<br />
<br />
The following diagram describes the setup:<br />
[[File:Hackathon setup.png|none|thumb|523x523px|The AWS setup for the hackathon]]<br />
<br />
Every track had two instances. One instance was for running Jenkins pipeline defined in GitHub and running the target Juice Shop Docker image from Docker Hub. The other was for installing the required testing tools. We wanted to keep the jenkins/deployment environment stable and to allow flexible installation for the tools.<br />
<br />
We shared owasp-hackathon SSH private key and a proper config file for all participants. Network access to the servers was limited only to the wi-fi network of the hackathon venue. Accesses from all servers to all servers were opened at AWS level both from their private and public IP-addresses, as the traffic was initially blocked. It was also noteworthy to see that even though the servers were opened at the same time, the public IP-addresses were in totally different B-class networks!<br />
<br />
=== CI Pipeline ===<br />
The pipeline was made using Jenkins Pipelines (JenkinsFile), which contained initially few stages (more info here: https://www.owasp.org/index.php/OWASP_Helsinki_DevSecOps_Hackathon).<br />
<br />
Basically the pipeline had initially 5 stages. Stages are the different phases in Jenkins pipeline, that can be considered as "scripts" and measured independently.<br />
<br />
== Schedule ==<br />
The event was basically divided into two parts: before-pizza and after-pizza.<br />
<br />
12:00 - 12:30 Introduction to environment, tracks & goals<br />
<br />
12:30 - 17:00 Track work<br />
<br />
17:00 - 17:30 Preparation of track presentations<br />
<br />
17:30 - 18:00 Pizza & beverages<br />
<br />
18:00 - 18:30 Tracks presents their results and the next steps<br />
<br />
19:00 - 21:30 Track work continues<br />
<br />
21:30 - 22:00 Preparation of track presentations<br />
<br />
22:00 - 22:45 Tracks presents results<br />
<br />
22:45 - 23:00 Final wrap-up<br />
<br />
After the first section, the tracks gave a presentation of the achievements and their intended next steps. Around 22:30 we started to go through the final achievements and had a quick wrap-up of the results.<br />
<br />
== Achievements ==<br />
The following simplified diagram summarizes the achievements of the hackathon. We did not have time to bundle every possible security testing tool to the pipeline, but each track chose the optimal location for each stage for the tools.<br />
[[File:Oversimplified hachathon pipeline.png|none|thumb|793x793px]]<br />
<br />
Here is more complex, and more accurate version of the Pipeline diagram with all the stages that were in the final pipeline.<br />
[[File:Hackathon pipeline final.png|none|thumb|1250x1250px|The intended CI-pipeline based on the work done during the hackathon]]<br />
<br />
As we can see, this diagram looks much more complex than the one we initially had in mind before the hackathon (presented here: https://www.owasp.org/index.php/OWASP_Helsinki_DevSecOps_Hackathon). But the same basic stages are there, but split in more specific locations based on the tool's applicability.<br />
<br />
The tracks contributed (at least some) of their work to OWASP Helsinki's GitHub repository.<br />
<br />
https://github.com/owasp-helsinki/<br />
<br />
The testing images of juice-shop were pushed to Docker Hub under /helsinkiowasp<br />
<br />
=== Track 1 achievements: Platform security hardening and testing ===<br />
Track 1 splitted into two branches, one for hardening the Docker image and one for testing the Docker image hardening. The hardening branch started with a nice script for hardening the web server, blocking all unnecessary and possibly harmful URLS. This branch also applied the hardening recommendations given in the previous OWASP Helsinki Chapter meeting (slides here [https://www.owasp.org/index.php/File:Owasp-Helsinki-20170613-Docker-Security.pdf%29 https://www.owasp.org/index.php/File:Owasp-Helsinki-20170613-Docker-Security.pdf)]<br />
<br />
Testing branch chose Clair as their tool for testing the vulnerabilities in the docker container. Clair assumed the target to be in a Docker Hub or similar public location, and the team spent time to make it available for local testing. In the end it was also realized that the images can be pushed to Docker Hub with a tag (e.g. "testing"), to prevent the image to be run in any real environment.<br />
<br />
(MORE INFORMATION TO BE INSERTED HERE)<br />
<br />
=== Track 2 achievements: Application security testing ===<br />
Track 2 started to implement OWASP Dependency Check utility, that checks the versions of the used libraries and reports if there are any known, publicly disclosed, vulnerabilities. They installed the Jenkins OWASP Dependency Check Plugin.<br />
<br />
Dependency Check scan was added as part of a build process in the Jenkinsfile. The analyzer was configured to read the npm's package.json file. The detailed analysis report was seen in the HTML report (but was not analysed further for detailed findings). Getting the check work as a Jenkins plugin in the pipeline involved setting up a missing directory for a feature that was not needed in the first place, but could not be disabled.<br />
<br />
OWASP Zed Attack Proxy (ZAP) was integrated to the build pipeline in two phases. First, because ZAP doesn't really know a whole lot about the target application, it needs to be taught how to log in and navigate the functionality. For that the team used Juice Shop's end-to-end tests, so that the testing was done with ZAP acting as a passive proxy, recording the traffic. That involved reconfiguring end to end test to use ZAP as a proxy, but unfortunately that did break some of the test cases for unknown reason. Juice Shop does use socket.io in communications, and finding correct ZAP configs (connection timeouts etc) might have fixed that.<br />
<br />
Second, Jenkins plugin for ZAP was used to scan the target application. For that the recorded ZAP session was imported to Jenkins ZAP plugin.<br />
<br />
One possible concern with the setup was that the target application used JWT for maintaining authentication, but the expiration time for tokens turned out to be long enough so that they were still fresh after running the first phase. (I.e. security scanning could use the same tokens as end-to-end test.)<br />
<br />
Something to look at to make ZAP work more reliably, could be https://github.com/continuumsecurity/bdd-security, which was not assessed during this hackathon.<br />
<br />
Plugin installations and configuring was done directly at Jenkins, which ran in a container, so it was not a persistent way to store them.<br />
<br />
=== Track 3 achievements: Vulnerability management ===<br />
The goal of this track was to apply vulnerability management practices.<br />
<br />
Track started by investigating the Defect Dojo tool. It was quite straightforward to understand the data model, which contained:<br />
* product type (e.g. for grouping critical business applications)<br />
* product (separate applications / systems)<br />
* engagements (for linking various testing activities to specific product)<br />
* test (to describe specific type of test done during an engagement)<br />
* finding (an issue found during the test)<br />
They created a business critical product type, and created a product called "Juice Shop". First they played with different engagements and tests to find the proper way of using the system in vulnerability management. Then the importing capabilities were tested from ZAP tool. This worked well, but importing an OWASP Dependency checker file crashed the system, which was probably due to a newer file format that the system expected. Creating findings manually worked well.<br />
<br />
Lot of time was spent trying to figure out how to import files via the API. Eventually, a nice script was pointed in the Defect Dojo slack channel: https://github.com/aaronweaver/defectdojo_api/blob/master/examples/dojo_ci_cd.py. There was not enough time to make this work properly in the pipeline, as the proper way of usage of that (API keys, etc) was found too late. However, this probably could take it a bit further.<br />
<br />
JIRA integration took a lot of time. The JIRA instance itself was easy to run as a docker container, short configuration. Defect Dojo had generally a good documentation and also instructions to setup JIRA bidirectional integration. However, we had already created the product. Enabling JIRA did not enable JIRA configuration options for the existing Juice Shop project. After a long struggle, we asked for help at the Slack channel again. Got some answers from the developer, and then we tried to create a new project, and voilá, the JIRA options appeared to this new product. However, we could not get any JIRA issues to be created, and thus could not test the JIRA webhook based JIRA→DefectDojo integration.<br />
<br />
This track was evaluating this pipeline with Defect Dojo / JIRA etc. form NIST vulnerability management program perspective. They found that quite many areas are actually not covered by these tools, but a quite good coverage can be achieved by applying some processes especially to JIRA -> Developers, Admins and Decision makers. Initial slideset on this topic was created, but it will probably still evolve.<br />
<br />
Possible observations/bugs were detected during the hackathon:<br />
* Crashes when importing OWASP Dependency Check files<br />
* If JIRA integration is enabled later, the products created before JIRA integration cannot be configured to use JIRA<br />
* JIRA import does not start for ZAP file import<br />
* JIRA issues were not created, even though the Celery started processing a new issue. No error messages or whatsoever could be found.<br />
* Uploading Threat modeling documentation crashed the system<br />
* Scanning DefectDojo with ZAP made the system very unstable, and we had to reinstall it.<br />
<br />
== Lessons learned ==<br />
The most obvious thing we learned was that the tools we tested are not yet mature to be easily bundled into a CI pipeline. We had many experienced people trying to make these tools work. Even though the tools generally had quite good documentation, our use cases seemingly were not the typical use case scenarios. Therefore, at the current state, we think that implementing security into the CI pipeline with the open source tools that were used in this hackathon, may be slow and expensive. Many of the features are not very well documented, and they contain bugs that are time consuming to debug.<br />
<br />
During this hackathon, we did not get the whole "ideal" process working, so we don't know what kind of practical challenges it might have. However, some thoughts rose into mind:<br />
* There is a lot of noise and false positives in the vulnerability scanner results. This should be reduced so that the accuracy of the tools used in the CI/CD-pipeline should be maximized by using lot of effort in proper configuration. Instead of getting maximum amount of findings, concentrate on getting real findings.<br />
* Communication to the business people may be tricky, as these tools cannot tell the business impacts of the identified vulnerabilities, which may slow down the decision process.<br />
Generally this hackathon was considered to be a success what comes to learning. We had a question round in the end, and every participant had a good learning experience, both security tools and the world of CI pipelines and Docker. CI pipelines generally are becoming more and more familiar concept, but security testing bundled to that is still something not many are actively doing. This hackathon was a journey to find out reasons why, and even in this short time we were able to conclude that this area still requires more development and community work to make this more practical and straightforward to start be used daily as a part of CI.<br />
<br />
If you have been building or seen working pipelines with these tools (or some other) bundled, please let us know how well it has worked. We know that there are also commercial vendors that are actively making their tools CI/CD compliant, and we are also interested in hearing of success stories related to any free or commercial tools, with practical examples how they are used, and how well they work.<br />
<br />
== Future work ==<br />
It would be really nice to see the whole pipeline with all stages working, as there are not many good real life practical examples available. Many high level diagrams have been seen in many presentations.<br />
<br />
During the hackathon we found an OWASP project AppSec Pipeline which looks interesting: [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline#tab=Main https://www.owasp.org/index.php/OWASP_AppSec_Pipeline#tab=Main.] This definitely is worth looking a bit futher, even though the latest activities seemed to be from 2015.<br />
<br />
If anyone has pointers to good and practical CI/CD-pipelines with security tools bundled in, we are interested to hear about those!<br />
<br />
The following action points were left open:<br />
* Investigate more Engagement survey addon for Defect Dojo, that allows inputting more specific background information about the engagement for the record<br />
* If this pipeline finally starts working, we could start including other tools and make practical Jenkins pipelines / stages available for easy installation, and practical instructions on how to start<br />
* Code analysis tools should be bundled there too<br />
* Should we organize a new Hackathon? This was considered a really good way of learning - and many participants were eager to join then next time, so definititely yes!</div>Psillanphttps://wiki.owasp.org/index.php?title=File:Hackathon_pipeline_final.png&diff=234250File:Hackathon pipeline final.png2017-10-10T09:53:18Z<p>Psillanp: </p>
<hr />
<div>Final version of the hackathon pipeline</div>Psillanphttps://wiki.owasp.org/index.php?title=File:Oversimplified_hachathon_pipeline.png&diff=234249File:Oversimplified hachathon pipeline.png2017-10-10T09:51:26Z<p>Psillanp: </p>
<hr />
<div>Oversimplified hachathon pipeline</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon_write-up&diff=234248OWASP Helsinki DevSecOps Hackathon write-up2017-10-10T09:49:37Z<p>Psillanp: Started</p>
<hr />
<div>Now it's time to tell about the hackathon, where 15 OWASP volunteers from 10 different companies gathered on Wed September 27th to find out how to add security into devops process in real life. This was done as a DevSecOps mini hackathon. While normally hackathons may last even two full days, this lasted only 12 hours. It was organized at Nixu’s office in the beautiful Keilaniemi area. We had really enthusiastic athmosphere.<br />
<br />
Many of the participants already had former experience of the CI tools and docker, while the others had experience some of the security testing tools, which was a nice starting point for the hackathon. At least the organizers who prepared the environment definitely learned a lot while preparing the hackathon setup! It was a great experience! Even if e.g. Docker, Jenkins and the basics of CI were familiar in theory level for most of the participants, it was exciting to dive much deeper into the practical challenges of them!<br />
<br />
== Goal ==<br />
Initially, we had prepared a CI setup for OWASP Juice Shop application. Juice Shop is a web application that intentionally contains typical web application vulnerabilities, and has a nice set of unit tests and end-to-end tests. (The project is located here: <nowiki>https://www.owasp.org/index.php/OWASP_Juice_Shop_Project</nowiki>) This project was forked into own repository under owasp-helsinki GitHub group and a Jenkins pipeline was created to build and deploy the Juice Shop as a Docker container.<br />
<br />
We had three tracks in the hackathon:<br />
# Application security testing<br />
# Platform hardening and testing<br />
# Vulnerability management<br />
The main goal of the hackathon was to add security to CI pipeline, by using open source tools. The maturity and applicability of these tools for automated use in a CI pipeline was initially unknown. Many of these tools are developed under an OWASP project. Each track was responsible of investigating and configuring the tools relevant to their track, and see how applicable they are.<br />
<br />
== Setup ==<br />
<br />
=== AWS infrastructure ===<br />
We had six Amazon AWS Medium EC2 instances that was accessible from the hackathon Wi-Fi network.<br />
<br />
The following diagram describes the setup:<br />
[[File:Hackathon setup.png|none|thumb|523x523px|The AWS setup for the hackathon]]<br />
<br />
Every track had two instances. One instance was for running Jenkins pipeline defined in GitHub and running the target Juice Shop Docker image from Docker Hub. The other was for installing the required testing tools. We wanted to keep the jenkins/deployment environment stable and to allow flexible installation for the tools.<br />
<br />
We shared owasp-hackathon SSH private key and a proper config file for all participants. Network access to the servers was limited only to the wi-fi network of the hackathon venue. Accesses from all servers to all servers were opened at AWS level both from their private and public IP-addresses, as the traffic was initially blocked. It was also noteworthy to see that even though the servers were opened at the same time, the public IP-addresses were in totally different B-class networks!<br />
<br />
=== CI Pipeline ===<br />
The pipeline was made using Jenkins Pipelines (JenkinsFile), which contained initially few stages (more info here: https://www.owasp.org/index.php/OWASP_Helsinki_DevSecOps_Hackathon).<br />
<br />
Basically the pipeline had initially 5 stages. Stages are the different phases in Jenkins pipeline, that can be considered as "scripts" and measured independently.<br />
<br />
== Schedule ==<br />
The event was basically divided into two parts: before-pizza and after-pizza.<br />
<br />
12:00 - 12:30 Introduction to environment, tracks & goals<br />
<br />
12:30 - 17:00 Track work<br />
<br />
17:00 - 17:30 Preparation of track presentations<br />
<br />
17:30 - 18:00 Pizza & beverages<br />
<br />
18:00 - 18:30 Tracks presents their results and the next steps<br />
<br />
19:00 - 21:30 Track work continues<br />
<br />
21:30 - 22:00 Preparation of track presentations<br />
<br />
22:00 - 22:45 Tracks presents results<br />
<br />
22:45 - 23:00 Final wrap-up<br />
<br />
After the first section, the tracks gave a presentation of the achievements and their intended next steps. Around 22:30 we started to go through the final achievements and had a quick wrap-up of the results.<br />
<br />
== Achievements ==<br />
The following simplified diagram summarizes the achievements of the hackathon. We did not have time to bundle every possible security testing tool to the pipeline, but each track chose the optimal location for each stage for the tools.</div>Psillanphttps://wiki.owasp.org/index.php?title=File:Hackathon_setup.png&diff=234247File:Hackathon setup.png2017-10-10T09:45:59Z<p>Psillanp: </p>
<hr />
<div>Describes the OWASP Helsinki DevSecOps hackathon server setup.</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon_write-up&diff=234246OWASP Helsinki DevSecOps Hackathon write-up2017-10-10T09:35:51Z<p>Psillanp: Created page with "Placeholder"</p>
<hr />
<div>Placeholder</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon&diff=234245OWASP Helsinki DevSecOps Hackathon2017-10-10T09:33:29Z<p>Psillanp: </p>
<hr />
<div>The OWASP DevSecOps mini hackathon took place at Keilaranta 15 on Sep 27th starting at 12:00.<br />
<br />
Read the write-up of the Hackathon here: [[OWASP Helsinki DevSecOps Hackathon write-up]].<br />
<br />
=== Original description ===<br />
The aim of the hackathon is to understand and gather experiences from bringing sec into devops practices. This means, that we bundle some security tools to the CI pipeline. There is already a list of tools that can be used, but each hackathon track team selects the tools that best fit to their purposes.<br />
<br />
There are three tracks in the hackathon:<br />
# Application security testing<br />
# Platform security hardening and testing<br />
# Vulnerability management<br />
Our hackathon goal is to make sec aware pipeline for OWASP Juice Shop web application. (https://www.owasp.org/index.php/OWASP_Juice_Shop_Project).<br />
<br />
The initial setup of the hackathon is a Jenkins server image having a pipeline for building the juice shop. Participants will be provided with instructions to install the Jenkins server and initial baseline, and more detailed instructions.<br />
<br />
Prerequisites:<br />
* Bring your laptop with docker installed<br />
* Briefly look at the tools that can be utilized in your track<br />
The hackathon starts at 12:00 (Noon) and lasts till 23:00. Pizza, snacks and beverages are served to the participants after 17:00 and the hackathon lasts till midnight. You are free to leave earlier, but we hope that every attendee can stay as long as possible.<br />
<br />
After the hackathon we publish the results and achievements to OWASP Wiki page.<br />
<br />
Any questions, please contact pekka.sillanpaa@owasp.org.<br />
<br />
[[File:Hackathon pipeline.png|thumb|768x768px]]</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon&diff=233324OWASP Helsinki DevSecOps Hackathon2017-09-16T10:46:02Z<p>Psillanp: Added initial content</p>
<hr />
<div>The OWASP DevSecOps mini hackathon will take place at Keilaranta 15 on Sep 27th starting at 12:00.<br />
<br />
The aim of the hackathon is to understand and gather experiences from bringing sec into devops practices. This means, that we bundle some security tools to the CI pipeline. There is already a list of tools that can be used, but each hackathon track team selects the tools that best fit to their purposes.<br />
<br />
There are three tracks in the hackathon:<br />
# Application security testing<br />
# Platform security hardening and testing<br />
# Vulnerability management<br />
Our hackathon goal is to make sec aware pipeline for OWASP Juice Shop web application. (https://www.owasp.org/index.php/OWASP_Juice_Shop_Project).<br />
<br />
The initial setup of the hackathon is a Jenkins server image having a pipeline for building the juice shop. Participants will be provided with instructions to install the Jenkins server and initial baseline, and more detailed instructions.<br />
<br />
Prerequisites:<br />
* Bring your laptop with docker installed<br />
* Briefly look at the tools that can be utilized in your track<br />
The hackathon starts at 12:00 (Noon) and lasts till 23:00. Pizza, snacks and beverages are served to the participants after 17:00 and the hackathon lasts till midnight. You are free to leave earlier, but we hope that every attendee can stay as long as possible.<br />
<br />
After the hackathon we publish the results and achievements to OWASP Wiki page.<br />
<br />
Any questions, please contact pekka.sillanpaa@owasp.org.<br />
<br />
[[File:Hackathon pipeline.png|thumb|768x768px]]</div>Psillanphttps://wiki.owasp.org/index.php?title=File:Hackathon_pipeline.png&diff=233323File:Hackathon pipeline.png2017-09-16T10:44:59Z<p>Psillanp: </p>
<hr />
<div>Describes OWASP Helsinki devsecops minihackathon scope</div>Psillanphttps://wiki.owasp.org/index.php?title=OWASP_Helsinki_DevSecOps_Hackathon&diff=233318OWASP Helsinki DevSecOps Hackathon2017-09-15T12:09:55Z<p>Psillanp: Created page with "Content will come here."</p>
<hr />
<div>Content will come here.</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=233317Helsinki2017-09-15T12:09:18Z<p>Psillanp: </p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
More information here: [[OWASP Helsinki DevSecOps Hackathon]]<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=233316Helsinki2017-09-15T12:07:30Z<p>Psillanp: Added chapter leaders on top</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leaders are [mailto:petteri.arola@owasp.org Petteri Arola], [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpää], [mailto:timo@owasp.org Timo Meriläinen] and [mailto:pyry.heikkinen@owasp.org Pyry Heikkinen]<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #32: Sep 27th ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=230980Helsinki2017-06-26T08:53:22Z<p>Psillanp: /* Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:petteri.arola@owasp.org Petteri Arola] <br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #32: Aug/Sep, TBD ==<br />
If you are working in a DevOps team and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=230979Helsinki2017-06-26T08:52:17Z<p>Psillanp: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:petteri.arola@owasp.org Petteri Arola] <br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leaders and shortly describe the talk. (the contact details can be found in the bottom of the page). We encourage everyone to suggest ideas for presentation topics. The talks can be either a full talk (45-60min) or a lightning talk (~15min). <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #32: (POSTPONED) August, TBD ==<br />
If you are working in a devops team, and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanphttps://wiki.owasp.org/index.php?title=Helsinki&diff=230978Helsinki2017-06-26T08:47:31Z<p>Psillanp: /* OWASP Helsinki chapter meeting #32: (POSTPONED) August, TBD */</p>
<hr />
<div>{{Chapter Template|chaptername=Helsinki|extra=The chapter leader is [mailto:petteri.arola@owasp.org Petteri Arola] <br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-helsinki|emailarchives=http://lists.owasp.org/pipermail/owasp-helsinki}} <br />
<br />
==== Local News ====<br />
<br />
<paypal>Helsinki</paypal> <br />
<br />
'''Welcome to the OWASP Helsinki Chapter'''<br />
<br />
The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki. <br />
<br />
If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader. <br />
<br />
==== Suomalaista sovellusturva-asiaa ====<br />
<br />
[[OWASP Helsinki Appsec Thesis of the Year|Vuoden sovellusturva-aiheinen opinnäytetyö]]<br />
<br />
[[Oppilaitoksille|Tietoa oppilaitoksille (Information for academic institutions)]] <br />
<br />
[[Verkkomaksut|Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen]] <br />
<br />
<br />
<br />
Previously OWASP Helsinki has been working on the following tasks: <br />
<br />
*[[Top 10 2007 Finnish]] aim to translate OWASP Top 10 list in Finnish<br />
<br />
==== Chapter Meetings ====<br />
<br />
== OWASP Helsinki chapter meeting #32: (POSTPONED) August, TBD ==<br />
If you are working in a devops team, and want to get concrete ideas on how to integrate security into your CI/CD pipeline, this hackathon is a fun opportunity to learn by doing together with others.<br />
<br />
In summary, we familiarize and investigate (and of cource hack with) some nice open source tools, including:<br />
* OWASP Dependency-Check ([[OWASP Dependency Check]])<br />
* ZAP Proxy ([[OWASP Zed Attack Proxy Project]])<br />
* OWASP DefectDojo ([[OWASP DefectDojo Project]])<br />
* DevSec hardening framework (https://github.com/dev-sec)<br />
* Clair (https://github.com/coreos/clair)<br />
<br />
The output of this hackathon is an OWASP wiki page describing what was achieved in the hackathon, possible commits to the tools' repositories and future plans. If there is enough interest, we might organize "part 2" for this event in Autumn.<br />
<br />
To participate in this event, it is recommended to have at least basic programming/scripting skills (python, ruby, bash, etc) and understanding of configuration management tools (puppet, salt, ansible, etc.). '''If you are interested to join''' or have questions, please send email to pekka.sillanpaa@owasp.org '''by Jul 7th 2017''' and a short description of your background. Tracks of the hackathon environment are tuned based on the skills and background of the participants.<br />
<br />
The maximum of 15 seats are available for this event. The event is fully free of charge.<br />
<br />
'''Location: Nixu, Keilaranta 15, 02150 Espoo'''<br />
<br />
'''12:00 Hackathon starts'''<br />
<br />
'''17:00-23:00 Hackathon continues after the work day as long as needed. Pizza and beverages available.'''<br />
<br />
== OWASP Helsinki chapter meeting #31: Jun 13th 2017 ==<br />
'''Location: Solita, Alvar Aallon katu 5, 00100 Helsinki'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''18:05 DevSec - Developers are the key to security, Antti Virtanen, Software Architect, Solita [[File:Devsec-owasp-2017.pdf]]''' <br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Docker Security, Mika Vatanen, Systems Architect, Digia [[File:Owasp-Helsinki-20170613-Docker-Security.pdf]]'''<br />
<br />
'''20:00 Lightning talk: Leaking credentials - a security malpractice more common than expected, Bogdan Mihaila, Synopsys [[:File:Bogdan Mihaila - Leaking Credentials.pdf]]'''<br />
<br />
'''20:15 Introduction to DevSecOps "mini-hackathon", Pekka Sillanpää, OWASP Helsinki'''<br />
<br />
'''20:30-22:30 Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-31-tickets-34950473808 here] by 12th of Jun (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #30: Oct 11th 2016 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, 00380 Helsinki, Auditorio'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How to protect mobile application? Case "Nordea Tunnusluvut” / Michael Peltonen, Senior Business Developer, Nordea''' [[File:Helsinki_meeting_30_-Michael_Peltonen_OWASP_11102016.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Lightning talk: Authentication topic / Teemu Simonen, System Architect, Fujitsu''' [[File:Helsinki_meeting_30_-Authentication_topic.pdf]]<br />
<br />
'''19:30 Threats and vulnerabilities in federation protocols - and how did I find 0-days in the most common access management products / Teemu Kääriäinen, Senior IAM Consultant, Nixu Oyj''' [[File:Helsinki_meeting_30_-_Threats_and_Vulnerabilities_in_Federation_Protocols_and_Products.pdf]]<br />
<br />
'''20:30-> Snacks & Refreshments'''<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-30-tickets-28190573765 here] by 9th of October (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #29: Mar 29th 2016 ==<br />
<br />
'''Location: Solinor, Elimäenkatu 14 C, 00510 Helsinki'''<br />
<br />
'''Time: 17:30-21:15'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 OWASP Security Knowledge Framework, Glenn Ten Cate''' [[File:Skf-owaspHelsinki-16.pdf]]<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Amazon Web Services Security, Joel Leino, Solinor''' [[File:Aws_security_joel_leino.pdf]]<br />
<br />
'''20:30 Do's and don'ts: A Day Of Browser Bug Hunting, Atte Kettunen, University of Oulu''' [[File:Do's_and_Don'ts-_A_Day_Of_Browser_Bug_Hunting_rev2.pdf]]<br />
<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-29-tickets-22159795545 here] by 26th of March (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #28: Nov 10th 2015 ==<br />
<br />
'''Location: LähiTapiola, Revontulenkuja 1, 02100 Espoo'''<br />
<br />
'''Time: 17:30-20:30'''<br />
<br />
'''Agenda'''<br />
<br />
'''17:30 Welcome coffee'''<br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 How we feel about Bug Bounty, Leo Niemelä, CISO, LähiTapiola Group (in Finnish)'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Security and "Modern" software Deployment, Rory McCune, Managing Consultant, NCC Group'''<br />
<br />
'''20:30 Discussion continues in a local cafe / bar'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-28-tickets-19188815263 here] by 8th of November (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #27: May 29th 2015 ==<br />
<br />
'''Location: Life Science Center Keilaranta 10-16''' <br />
<br />
'''Time: 17:30-20:00 (networking ends 23:00)''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome coffee''' <br />
<br />
'''18:00 Opening words / Petteri Arola, OWASP Helsinki'''<br />
<br />
'''18:05 Word from our sponsor / Nixu'''<br />
<br />
'''18:15 50 Shades of AppSec / Troy Hunt'''<br />
<br />
'''19:00 Break'''<br />
<br />
'''19:15 Hack yourself first: how go on the cyber-offence before online attackers do / Troy Hunt'''<br />
<br />
'''20:00-23:00 Refreshments and Sauna on the 7th floor'''<br />
<br />
Please register [https://www.eventbrite.com/e/owasp-chapter-meeting-27-tickets-16709176597 here] by Monday Fri 22th May (Note that the seats are limited).<br />
<br />
== OWASP Helsinki chapter meeting #26: January 13th 2015 ==<br />
<br />
'''Location: Castrén & Snellman Attorneys Ltd. Eteläesplanadi 14 6th Floor Helsinki, Finland.''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''Opening words / OWASP Helsinki&IAPP''' <br />
<br />
'''Words from our sponsor / Castrén & Snellman Attorneys Ltd.'''<br />
<br />
'''Privacy Seals and Marks, Hannu Järvinen, Specialist Partner, Attorneys at Law Borenius Ltd'''<br />
<br />
'''Privacy Engineering, Antti Vähä-Sipilä, software security guy, F-Secure Oyj'''<br />
<br />
'''Privacy Use Cases, Saku Vainikainen, Lead Consultant, Nixu Oyj'''<br />
<br />
Please register here https://t.co/OoQN2FRbBX by Monday 12 Jan.<br />
<br />
== OWASP Helsinki chapter meeting #25: September 29th 2014 ==<br />
<br />
'''Location: Appelsiini (Elisa), Kaarlenkatu 9-11, 00530 Helsinki. Public transport is strongly recommended.''' <br />
<br />
'''Time: 17:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:10 Opening words / OWASP Helsinki''' <br />
<br />
'''17:20 Words from our sponsor / Elisa'''<br />
<br />
'''17:30 Mobile Security Chess Board - Attacks & Defense / Hemil Shah / Founder, Director eSphere Security''' [[File:Mobile_Security_chess_board_-_Attacks_&_Defense.pdf]]<br />
<br />
'''18:45 Break'''<br />
<br />
'''19:00 Mobile Platform Security: OS (kernel) Hardening and Trusted Execution Environment / Onur Zengin / Trustonic'''<br />
[[File:Onur_Zengin_-_TEE_chapter_meeting_presentation.pdf]]<br />
<br />
'''20:00 OWASP Mobile Top Ten Risks 2014 - The New M10: 'Lack of Binary Protection' Category / Bo Asklund and Rikard Kullenberg / Arxan'''<br />
[[File:OWASP_Mobile_Top_Ten_-_Meet_the_New_Addition.pdf]]<br />
<br />
'''21:00 Networking and continue discussions in TBD location nearby'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-25-tickets-13087782911 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #24: March 25st 2014 ==<br />
<br />
'''Location: F-Secure, Tammasaarenkatu 7, 00180 Helsinki. Parking space is limited, public transport is strongly recommended. Ruoholahti station for metro, Länsisatamankatu stop for tram 8, Länsiväylä stop for buses from Espoo.''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and registration''' <br />
<br />
'''17:20 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''17:30 Enhancing security through tight collaboration and automation /Kalle Hallivuori''' <br />
Presentation material: http://kato.iki.fi/owasp-pci-devops/<br />
<br />
'''18:00 Continuous Security Testing in a Devops World /Stephen de Vries'''<br />
Download the presentation from our file page: [[image:OWASP-Continuous_Security_Testing.pdf]]<br />
<br />
'''19:00 Demo of Burp Suite & HTTP API fuzzing automation with Python & Behave /Antti Vähä-Sipilä'''<br />
<br />
'''19:30 Time to go to Pub (Amsterdam) and continue discussion there'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-24-tickets-10765729587 Eventbrite]<br />
<br />
== OWASP Helsinki chapter meeting #23: January 21st 2014 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 13, 02150 Espoo''' <br />
<br />
'''Time: 17:30-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee and registration''' <br />
<br />
'''18:00 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:05 Word from our sponsor /Nixu''' <br />
<br />
'''18:20 The inner HTML Apocalypse - How MXSS attacks change everything we believed to know so far /Mario Heiderich'''<br />
<br />
'''19:15 JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks /Mario Heiderich"''''<br />
<br />
'''20:15 QA'''<br />
<br />
'''20.30 - 21.30 Discussion continues over snacks and refreshments'''<br />
<br />
Please register at [https://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
<br />
== OWASP Helsinki chapter meeting #22: November 19th 2013 ==<br />
<br />
'''Location: Aalto University, Hall S1, Otakaari 5, 02150 Espoo''' <br />
<br />
'''Time: 18:00-21:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Registration''' <br />
<br />
'''18:10 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''18:20 Word from our sponsor''' <br />
<br />
'''18:30 Backgrounds of Eve in Digiland comic and cyber research in Aalto University /Timo Kiravuo, Aalto University'''<br />
<br />
'''19:15 Break"''''<br />
<br />
'''19:30 Cyber crime response from CERT perspective and backgrounds of Finnish web site attacks /Jussi Eronen, CERT-FI'''<br />
<br />
'''20:00 Methods in Finnish cyber crime police investigation and case example /Timo Piiroinen, National Bureau of Investigation (NBI)'''<br />
<br />
'''20:30 Networking and discussion continues at same location'''<br />
<br />
Please register at [http://www.eventbrite.com/e/owasp-helsinki-chapter-meeting-23-tickets-10095813851 Eventbrite]<br />
<br />
== OWASP EUTour2013: June 17th 2013 ==<br />
<br />
'''Location: HTC Keilaniemi, Keilaranta 15''' <br />
<br />
'''Time: 16:00-19:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''16:00 Registration & coffee''' <br />
<br />
'''16:15 Welcome /Petteri Arola, OWASP'''<br />
<br />
'''16:30 Word from our sponsor''' <br />
<br />
'''16:45 Nokia responsible disclosure program /Omar Benbouazza-Villa, Nokia'''<br />
<br />
Nokia has launched a responsible disclosure program recently. In this presentation we'll go through experiences starting and running such a program as a part of enterprise application security program.<br />
<br />
'''17:30 Social engineering /Gavin Ewan"''''<br />
<br />
Jac0byterebel is not your typical social engineering presenter. Out goes the snake oil sale of analysing the minutia of pop psychology and trying to squeeze out real answers to the questions asked during a real social engineering attack. In comes hard hitting accounts of social engineering attacks drawn from real sources but anonymised to protect the pwned.<br />
<br />
'''19:00 Rounding up and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [http://www.regonline.com/owaspeutourfinland Regonline]<br />
<br />
== OWASP Helsinki Chapter Meeting #21: April 24 2013 ==<br />
<br />
'''Location: KPMG, Yrjönkatu 23 B, 6. floor''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /OWASP''' <br />
<br />
'''18:10 Word from our sponso /Mika Laaksonen, KPMG''' <br />
<br />
'''18:15 OWASP project news /Petteri Arola, OWASP''' <br />
<br />
Newsflash of new and rebooted OWASP projects.<br />
<br />
'''18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG'''<br />
<br />
VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf<br />
<br />
'''19:15 Database self-defence /Mika Aronen, KPMG (in place of "HTML5 & security /SC5"'''<br />
<br />
'''20:00 Official program ends and discussion continues over food & drinks at same location'''<br />
<br />
Please register at [https://www.eventbrite.com/event/6240751255 Eventbrite]<br />
<br />
== OWASP Helsinki Chapter Meeting #20: December 4 2012 ==<br />
<br />
'''Location: Nokia House, Keilalahdentie 4, Espoo''' <br />
<br />
'''Time: 17:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos''' <br />
<br />
'''18:00 Opening words /OWASP + HelsinkiJS''' <br />
<br />
'''18:10 Word from our sponsor''' <br />
<br />
'''18:20 Securing JavaScript based web apps /Erlend Oftedal''' <br />
<br />
Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?<br />
<br />
'''19:05 RESTful Security'''<br />
<br />
Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
CLOSED: Please register at [http://www.eventbrite.com/event/4856878053 Eventbrite]<br />
<br />
Please use the NORTH entrance when entering the Nokia campus<br />
<br />
== OWASP Helsinki Chapter Meeting #19: October 16 2012 ==<br />
<br />
'''Location: Fujitsu, Valimotie 16, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''18:00 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''18:10 Word from our sponsor /Fujitsu''' <br />
<br />
'''18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia''' <br />
<br />
Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.<br />
<br />
'''19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu'''<br />
<br />
Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.<br />
<br />
'''20:00 Official program ends and free debate continues at nearby location'''<br />
<br />
'''Please register in Eventbrite http://www.eventbrite.com/event/4462882602''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #18: June 26 2012 ==<br />
<br />
'''Location: Kela, Nordenskjölkinkatu 12, Helsinki''' <br />
<br />
'''Time: 17:30-20:00''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:45 Word from our sponsor /Kela''' <br />
<br />
'''18:00 Helsinki Ruby Brigade intro''' <br />
<br />
'''18:15 Ruby on Rails security - why could it fail'''<br />
<br />
'''19:00 Panel discussion'''<br />
<br />
'''19:45 Wrap-up'''<br />
<br />
'''20:00 Discussion continues in a nearby pub Hadanka'''<br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
<br />
== OWASP Helsinki Chapter Meeting #17: March 21 2012 ==<br />
<br />
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Coffee''' <br />
<br />
'''17:40 Opening words /Petteri Arola, chapter leader''' <br />
<br />
'''17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:Developer_Top_Ten_Core_Controls_v4.1.pdf]]<br />
<br />
'''19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too''' <br />
<br />
'''23:00 Event ends'''<br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
== Tietoturvapäivä Turku: February 7 2012 ==<br />
<br />
''' Sovellusturvallisuus / Petteri Arola, OWASP''' <br />
<br />
Download the presentation from our file page: [[image:OWASP_esitys_tietoturvapäivä_Turku_20120207.pdf]]<br />
<br />
== OWASP Helsinki Chapter Meeting #16: October 18 2011 ==<br />
<br />
'''Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:00 Coffee and lock picking''' <br />
<br />
'''17:30 OWASP - What is it?''' <br />
<br />
'''17:45 Introduction to OWASP projects<br>- OWASP Top Ten, ASVS<br><span class="Apple-tab-span"> </span>- Testing guide<br>- How OWASP relates to academic world''' <br />
<br />
<br> Download presentation from our file-page: [[Image:OWASP_presentation_for_Aalto.pdf]] <br><br />
<br />
'''18:45 Break''' <br />
<br />
'''19:00 Hacking demonstrations'''<br />
<br />
'''19:30 - Discussion continues in a nearby public house''' <br />
<br />
'''Please register with petteri.arola(at)owasp.org''' <br />
<br />
== OWASP Introduction to Turku AMK students: September 12th 2011 ==<br />
<br />
'''Introduction to Application security and OWASP / Petteri Arola, OWASP''' <br />
<br />
'''OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP''' <br />
<br />
== OWASP Helsinki Chapter Meeting #15: June 15 2011 ==<br />
<br />
'''Location: Itämerenkatu 11 - 13, Helsinki''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda ''' <br />
<br />
'''17:30 Welcome, Petteri Arola, Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nokia''' <br />
<br />
'''17:45 HTML5 Security, Ville Säävuori, Syneus''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu''' <br> [[Image:Mobile-threat-analysis-short-presentation owasp.pdf]] <br> [[Image:Why-privacy-matters.pdf]] <br> <br />
<br />
<br>'''19.30 - Discussion continues in a nearby public house or terrace if it's sunny''' <br />
<br />
'''Please register with mikko.saario(at)nokia.com''' <br />
<br />
== OWASP Helsinki Chapter Meeting #14: February 22 2011 ==<br />
<br />
'''Location: Nixu Oy, Keilaranta 15, Espoo''' <br />
<br />
'''Time: 17:30-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nixu Oy''' <br />
<br />
'''17:45 OpenSAMM, Pravir Chandra /Fortify''' <br />
<br />
'''18:30 Break''' <br />
<br />
'''18:40 Threat modeling, Pravir Chandra /Fortify''' <br />
<br />
<br> '''19.30 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with enroll(at)nixu.com''' <br />
<br />
<br> Download OpenSAMM presentation from opensamm.org [http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt] <br> <br />
<br />
== OWASP Helsinki Chapter Meeting #13: June 8 2010 ==<br />
<br />
'''Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki''' <br />
<br />
'''Time: 17:00-19:30''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:05 Word from our sponsor KPMG ''' <br />
<br />
'''17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj''' http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf <br />
<br />
'''18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy''' <br />
<br />
'''18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG''' <br />
<br />
Download presentation from our file-page:[[Image:ESAPI for OWASP.pdf]] <br />
<br />
<br> '''19.30 - Discussion continues at some nearby establishment''' <br />
<br />
'''Please register with anssi.porttikivi(at)kpmg.fi''' <br />
<br />
<br> <br />
<br />
== OWASP Goes! Locksport: April 20 2010 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 17:30-20:30''' <br />
<br />
'''Agenda''' <br />
<br />
'''17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:35 Word from our sponsor Nsense Oy''' <br />
<br />
'''17:45 Introduction to Locksport (presentation in Finnish)''' <br />
<br />
'''19:00 - Sauna and refreshments from our sponsor''' <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi ''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #12: March 30 2010 ==<br />
<br />
'''Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Agenda''' <br> <br />
<br />
'''18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader''' <br />
<br />
Download presentation from our file-page:[[Image:OWASP -12 Helsinki chapter meeting.pdf]] <br />
<br />
'''18:05 Word from our sponsor Helsingin Energia ''' <br />
<br />
'''18:15 3 different views on information security and social media applications''' <br />
<br />
- information security in social media API’s, Antti Nuopponen/Nixu Oy <br />
<br />
Download presentation from our file-page:[[Image:Security of social media apis v1.pdf]] <br />
<br />
- Facebook apps, Markus Törnqvist/Fad Consulting <br />
<br />
Download presentation from our file-page:[[Image:Mjt owasp 2010.pdf]] <br />
<br />
- Payment API’s, Tuomas Toivonen/Scred <br />
<br />
Download presentation from our file-page:[[Image:Owasp-payment-apis.pdf]] <br />
<br />
'''20.00 - Discussion continues at nearby establishment Bruuveri''' <br />
<br />
'''Please register with antti##owasp.org''' <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #11: November 17 2009 ==<br />
<br />
'''Location: Nsense Oy, Ahventie 4, Espoo''' <br />
<br />
'''Time: 18:00-20:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:05 Word from our sponsor Nsense Oy''' <br />
<br />
'''18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu''' <br />
<br />
Download presentation from our file-page:[[Image:Ari kesaniemi nixu manual-vs-automatic-analysis.pdf]] <br />
<br />
'''19.00- Sauna and refreshments from our sponsor''' <br />
<br />
<br> <br />
<br />
'''Please register with ilmoittautumiset##nsense.fi''' <br />
<br />
== OWASP Helsinki Chapter Meeting #10: October 20 2009 ==<br />
<br />
'''Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki''' <br />
<br />
'''Time: 18:00-19:40''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''18:00 Word from our sponsor Tieto Oy''' <br />
<br />
'''18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy''' <br />
<br />
Download presentation from our file-page:[[Image:Security in integration and ESB-OWASP 20091020.pdf]] <br />
<br />
'''18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs''' <br />
<br />
'''19:40 Closure and move to Vltava''' <br />
<br />
'''20:00 or so''' <br />
<br />
*Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station<br />
<br />
'''Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324''' <br />
<br />
== OWASP Helsinki Chapter Meeting #9: May 12 2009 ==<br />
<br />
'''Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki''' <br />
<br />
'''Time: 17:30-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:45 Word from our sponsor Louhi Networks''' <br />
<br />
'''18:00 Panel discussion about application scanners''' <br />
<br />
*Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy<br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location<br />
<br />
'''Please register with Henri Lindberg henri.lindberg##louhi.fi''' <br />
<br />
== OWASP OWASP Goes! Viestimuseo: March 29 2009 ==<br />
<br />
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki ''' <br />
<br />
'''Time: 13:00-15:00''' <br />
<br />
Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan. <br />
<br />
Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin. <br />
<br />
Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html <br />
<br />
Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle. <br />
<br />
Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa. <br />
<br />
Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi <br />
<br />
<br> <br />
<br />
== OWASP Helsinki Chapter Meeting #8: March 12 2009 ==<br />
<br />
'''Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)''' <br />
<br />
'''Time: 17:00-19:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader''' <br />
<br />
'''17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink''' <br />
<br />
'''17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink''' <br />
<br />
'''18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration''' <br />
<br />
<br> '''19:00 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost at Sello<br />
<br />
'''Please register with Jari Pirhonen jari.pirhonen##samlink.fi''' <br />
<br />
== OWASP Introduction to startup firms: Thursday January 15th 2009 ==<br />
<br />
'''Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki''' <br />
<br />
'''Time: 18:00-20:00''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor''' <br />
<br />
*What OWASP is <br />
*Examples of useful Tools and Documents <br />
*OWASP in Finland<br />
<br />
Presentation: [[Image:OWASP Startups 20090115 Henri.pdf]] <br />
<br />
(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP) <br />
<br />
'''18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred''' <br />
<br />
*Henri Lindberg from Scred shares experiences and lessons learned <br />
*How to make your web application more secure with minimal budget<br />
<br />
Presentation: [[Image:SDG Scred 090115.pdf]] <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost<br />
<br />
== OWASP Helsinki Meeting #7: Tuesday November 11th 2008 ==<br />
<br />
'''Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki''' <br />
<br />
<br> <br />
<br />
'''Time: 17:00-18:30''' <br />
<br />
'''Schedule'''<br> <br />
<br />
'''17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader''' <br />
<br />
*Current state and progress of OWASP Top 10 Finnish translation<br />
<br />
'''17:20 Antti Vähä-Sipilä, Nokia: SAFECode''' <br />
<br />
*Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code) <br />
*SAFECode publications<br />
<br />
'''17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability''' <br />
<br />
*Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.<br />
<br />
'''Discussion''' <br />
<br />
'''18:30 or so''' <br />
<br />
*Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]<br />
<br />
'''PLEASE REGISTER WITH: mikko . saario at nokia . com (we have reserved snacks for 25 people)''' <br />
<br />
== OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008 ==<br />
<br />
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki''' <br />
<br />
'''Time: 18.00 - 20.00''' <br />
<br />
'''Schedule''' <br />
<br />
'''18.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
'''18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware''' <br />
<br />
*KPMG Oy IT Security Advisory marketing presentation 15 min <br />
*Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)<br />
<br />
'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.''' <br />
<br />
<br> '''Note! Be in time, because the reception closes at 18.''' <br />
<br />
== OWASP Goes! CERT-FI, Thursday, June 12th 2008 ==<br />
<br />
'''Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki''' <br />
<br />
<br> '''Time: 16.00 - 20.00''' <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 Welcome and recent activities. Antti Laulajainen ''' <br />
<br />
<br> '''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI''' <br />
<br />
<br> '''16.30 Vulnerability coordination. Juhani Eronen''' <br />
<br />
*CERT-FI as a vulnerability coordinator <br />
*Coordination examples<br />
<br />
'''18.00 Possibility to continue the evening at the One Pint Pub''' <br />
<br />
*If someone fancies a (self-financed) beer<br />
<br />
<br> '''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.''' <br />
<br />
== OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008 ==<br />
<br />
Thank you for attending. <br />
<br />
You can download the presentation here'''https://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf''' <br />
<br />
Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715 <br />
<br />
<br> '''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki''' <br />
<br />
'''Time: 16.00 - 20.00''' <br />
<br />
<br> <br />
<br />
Welcome to spring meeting 2008. <br />
<br />
<br> '''Schedule''' <br />
<br />
'''16.00 - 16.10 OWASP update. Antti Laulajainen''' <br />
<br />
'''16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen''' <br />
<br />
'''17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
'''Time: 18.30 - 20.30''' <br />
<br />
Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break. <br />
<br />
We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security. <br />
<br />
'''Schedule''' <br />
<br />
'''18.30 - 18.40 OWASP update. Antti Laulajainen''' <br />
<br />
'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov''' <br />
<br />
<br> Hope to see as many of you as possible! <br />
<br />
== OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008 ==<br />
<br />
'''Location: IBM, Laajalahdentie 23, 00330 Helsinki.''' '''Time: 11.15 - 19.00''' <br />
<br />
OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385 <br />
<br />
'''You can download the presentation here''' https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf <br />
<br />
See program below. Most of it is Finnish only <br />
<br />
*11.15 Ilmoittautuminen alkaa <br />
*11.15-12.00 Buffet-lounas <br />
*12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry<br />
<br />
KEYNOTE <br />
<br />
*12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada <br />
*13.30-13.45 Kahvitauko <br />
*13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft <br />
*15.30-15.45 Tauko <br />
*15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT <br />
*16.30-17.15 Jazz Update IBM <br />
*17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa<br />
<br />
<br> <br />
<br />
== OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008 ==<br />
<br />
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. <br> A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. <br> '''You can download the presentation here''': https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only) <br><br> <br />
<br />
== OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007 ==<br />
<br />
'''Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.''' <br />
<br />
Thank you for all participants and Mark from great presentation. <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629 <br />
<br />
<br> We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate! <br />
<br />
'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen''' <br />
<br />
'''18:40 Naked Software Security. Mark Curphey''' <br />
<br />
*Commentary on how to build secure software <br />
*Thoughts on the industry<br />
<br />
<br> '''WELCOME!''' <br />
<br />
== OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007 ==<br />
<br />
'''Date: June 5th''' <br />
<br />
<br> '''Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.''' <br />
<br />
Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167 <br />
<br />
<br> '''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.''' <br />
<br />
<br> '''19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".''' <br />
<br />
Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered: <br />
<br />
*XML Security Gateways <br />
*Message level threats and security countermeasures in Web services <br />
*OWASP XML Security Gateway Evaluation Criteria Project<br />
<br />
<br> '''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.''' <br />
<br />
(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.) <br />
<br />
<br> '''20:45 Enter Bar 52...''' --&gt; Enjoy (sponsored) beverages. <br />
<br />
== OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007 ==<br />
<br />
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen! <br />
<br />
'''Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.''' <br />
<br />
What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products. <br />
<br />
<br> '''18.30 Welcome. Mikko Saario, Chapter Leader.''' <br />
<br />
Today's topic and agenda in short. <br />
<br />
<br> '''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.''' <br />
<br />
http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf <br />
<br />
- Technology <br />
<br />
- Blacklisting &amp; Whitelisting <br />
<br />
- mod_security features <br />
<br />
- Do's and Don'ts <br />
<br />
<br> '''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.''' <br />
<br />
http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf <br />
<br />
- WAF deployment and protection strategies <br />
<br />
- Detection of generic web layer attacks <br />
<br />
- Virtual patching <br />
<br />
== OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young ==<br />
<br />
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues. <br />
<br />
<br> Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463 <br />
<br />
<br> '''18:30 Welcome. What is OWASP and why OWASP Helsinki?''' <br />
<br />
Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter. <br />
<br />
<br> '''19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)''' <br />
<br />
Olli Wiren discussed application related threats and corresponding security issues. <br />
<br />
http://www.owasp.org/images/7/7c/Owasp-olli.pdf <br />
<br />
<br> '''19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.''' <br />
<br />
There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow... <br />
<br />
==== Helsinki OWASP Chapter Leaders ====<br />
<br />
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola] <br />
<br />
The chapter board members are [mailto:timo@owasp.org Timo Merilainen], Pyry Heikkinen and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. <br />
<br />
__NOTOC__<br />
[[Category:Finland]] <br />
[[Category:Europe]]</div>Psillanp