This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Minneapolis St Paul"

From OWASP
Jump to: navigation, search
(June meeting announcement)
Line 13: Line 13:
 
== Local News ==
 
== Local News ==
  
  '''Next meeting: Tuesday, April 18th'''
+
  '''Next meeting: Tuesday, June 20th Location: Metro State University, MPLS'''
  
<u>Agenda</u>
 
  
* 6:00pm - Introduction and optional sign-in for CISSP credits.
+
== <u>Agenda</u> ==
* 6:15pm - Special Guest Presentation: AppArmor (Mick Bauer, see below for more information)
 
* 7:00pm - Discuss Spies Among Us, by Ira Winkler (Lorna Alamn)
 
* 7:15pm - WebGoat update (Bob Sullivan)
 
* 7:30pm - Upcoming events: SoBIS, Secure 360°, NECERT
 
  
 +
6:00pm - Food, Introduction and optional sign-in for CISSP credits.
 +
6:10pm - Metropolitan State University programs
 +
6:15pm - Open Source Security Testing Tools, (Tim McGuire, see below)
 +
7:00pm - Fortify, a commercial source code analysis tool (Joe Teff, see below)
 +
7:30pm - Report on AppSec Europe 2006 (pending presenter confirmation)
 +
7:45pm - What's new in WebGoat 4.0 (Bob Sullivan)
  
<u>Special Guest Presentation</u>
 
  
This month Mick Bauer will present AppArmor. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges.
+
== <u>Location:</u> ==
A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours. AppArmor is included with SUSE Linux.
 
  
 +
Metro State,Management Education Center, 1300 Harmon Place June 20th.Room M.1500 or M.1700 look for the event titled:
 +
"Open Web Security Meeting"
  
<u>About Mick Bauer</u>
 
  
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He wrote Linux Server Security, 2nd Ed. (O'Reilly & Associates, 2005).
+
== <u>Directions:</u> ==
 +
[http://www.metrostate.edu/facilities/mpls.html]
 +
Link to building location:  [http://www.metrostate.edu/images/facilities/com.gif]
 +
Rooms are on first floor of the Management Education Center.
 +
They are really nice rooms with very comfortable chairs.
 +
Street parking is free after 6 pm.
 +
If you get there early it's just a $.25 for a half hour.  
 +
There is also a ramp which is $5.00.  
  
  
<u>Location:</u>
+
== <u>Food:</u> ==
  
We will meet at the Integral Business Solutions in Roseville.
+
Lorna will bring pizza and pop.
1751 W County Rd B, Suite 310 Roseville MN 55113
 
Directions: hwy 36 to Snelling South to County Road B West. Turn right on County Road B to building driveway – Park in back they are on the 3rd floor.
 
  
  
<u>Books to Study:</u>
+
== <u>Open Source Tools Presentation</u> ==
  
We will begin to discuss Spies Among Us, by Ira Winkler.
+
Tim McGuire – Consultant
After a careful selection process in February Spies Among Us ran away with the voting.
+
Will present:  Selected open source web application security testing tools.  
  
 +
Tim will demonstrate these tools:
 +
1)  Using Gforge, a fat target for security scanning. It uses CVS module, file uploads, email and SOAP.
 +
2)  Using Wikto, a Web Server Assesment Tool
 +
3)  Using and customizing WSFuzzer, a penetration testing tool that audits HTTP based SOAP targets.
 +
4)  Using Oedipus, a web application scanner written in Ruby.
 +
5)  Using and customizing Rats, a source code scanner.
 +
6)  Using and customizing spike proxy, a HTTP proxy for finding security flaws in web sites.
  
<u>Upcoming Events:</u>
 
 
Here is a list of upcoming security events:
 
 
: * SoBIS 2006: http://ia.metrostate.edu/sobis/
 
:: Friday, April 21, 2006
 
:: Minneapolis Community & Technical College and Metropolitan State University
 
:: This regional symposium will bring together business executives and leading senior scientists and practitioners from information security and assurance services to outline issues, present strategies, discuss business cases, and recommend best practices.
 
 
: * Secure 360° http://www.secure360.org
 
:: Wednesday, May 17 and Thursday, May 18, 2006
 
:: RiverCentre, St. Paul, MN
 
:: The Upper Midwest Security Alliance presents Secure360° bringing together the membership and resources of five individual associations who
 
:: have formed an alliance to better serve their membership, supplier partners and the general public.
 
 
: * NEbraskaCERT Conference: http://www.certconf.org/
 
:: August 8-10
 
:: Scott Conference Center, Omaha, NE
 
:: The Theme for the 2006 NEbraskaCERT Conference is "Security is Here!" The
 
:: Information Assurance Technology industry is maturing. We are moving from the Wild West to controlled environments where risk is managed through continuous improvement rather than a magic silver bullet.
 
 
 
Please email the list with any additional items you'd like to see added to the agenda.
 
  
 +
== <u>Fortify, a commercial source code analysis tool</u> ==
  
 +
Joe Teff, Wells Fargo
 +
Fortify Source Code Analysis Suite is a set of industry-proven tools that
 +
enables you to find, track, and fix security vulnerabilities in your software applications. Fortify is built to work with your development and audit tools and processes.
 +
Joe will demonstrate how to use the tool to find source code vulnerabilities.
 +
 +
Check the meeting posting at  http://www.owasp.org/index.php/Minneapolis_St_Paul  for more detail about the presenters.
 +
 +
Thanks to the folks at Metropolitan State U for the room and Integral Business solutions for the food.
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]

Revision as of 09:40, 9 June 2006

Welcome to the OWASP Minneapolis/St. Paul Local Chapter

Welcome to the Minneapolis/St. Paul local chapter homepage.

The chapter leader is Robert Sullivan.

Participation

OWASP chapter meetings are free and open. Anybody interested in web application security is welcome. We encourage attendees to give presentations on specific topics, however please review rules.

To join the chapter mailing list, please visit our mailing list homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Local News

Next meeting: Tuesday, June 20th Location: Metro State University, MPLS


Agenda

6:00pm - Food, Introduction and optional sign-in for CISSP credits. 6:10pm - Metropolitan State University programs 6:15pm - Open Source Security Testing Tools, (Tim McGuire, see below) 7:00pm - Fortify, a commercial source code analysis tool (Joe Teff, see below) 7:30pm - Report on AppSec Europe 2006 (pending presenter confirmation) 7:45pm - What's new in WebGoat 4.0 (Bob Sullivan)


Location:

Metro State,Management Education Center, 1300 Harmon Place June 20th.Room M.1500 or M.1700 look for the event titled: "Open Web Security Meeting"


Directions:

[1] Link to building location: [2] Rooms are on first floor of the Management Education Center. They are really nice rooms with very comfortable chairs. Street parking is free after 6 pm. If you get there early it's just a $.25 for a half hour. There is also a ramp which is $5.00.


Food:

Lorna will bring pizza and pop.


Open Source Tools Presentation

Tim McGuire – Consultant Will present: Selected open source web application security testing tools.

Tim will demonstrate these tools: 1) Using Gforge, a fat target for security scanning. It uses CVS module, file uploads, email and SOAP. 2) Using Wikto, a Web Server Assesment Tool 3) Using and customizing WSFuzzer, a penetration testing tool that audits HTTP based SOAP targets. 4) Using Oedipus, a web application scanner written in Ruby. 5) Using and customizing Rats, a source code scanner. 6) Using and customizing spike proxy, a HTTP proxy for finding security flaws in web sites.


Fortify, a commercial source code analysis tool

Joe Teff, Wells Fargo Fortify Source Code Analysis Suite is a set of industry-proven tools that enables you to find, track, and fix security vulnerabilities in your software applications. Fortify is built to work with your development and audit tools and processes. Joe will demonstrate how to use the tool to find source code vulnerabilities.

Check the meeting posting at http://www.owasp.org/index.php/Minneapolis_St_Paul for more detail about the presenters.

Thanks to the folks at Metropolitan State U for the room and Integral Business solutions for the food.

Retrieved from "https://wiki.owasp.org/index.php?title=Minneapolis_St_Paul&oldid=5456"