|
|
| (100 intermediate revisions by 8 users not shown) |
| Line 1: |
Line 1: |
| − | {{Chapter Template|chaptername=Vancouver|extra=The chapter leader is Rui Pereira (ruiper (at) wavefrontcg (dot) com).
| + | Welcome to the OWASP [https://en.wikipedia.org/wiki/Vancouver Vancouver] chapter homepage. We are located in the beautiful province of [https://en.wikipedia.org/wiki/British_Columbia British Columbia], on the West Coast of [https://en.wikipedia.org/wiki/Canada Canada]. |
| − | |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}
| |
| | | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting September 23, 2010 (Fourth Meeting of 2010)</font></font>==
| + | Our mission is to enrich Vancouver's application security community. We hope you can join us in accomplishing that. |
| − | '''Time:''' | |
| − | Thursday, September 23rd, 2010 @ 5:30pm
| |
| | | | |
| − | ''' Location'''
| + | [[File:Vancouver1000x450.png]] |
| − | Sierra Systems
| |
| − | 1177 West Hastings Street, Suite 2500
| |
| − | Vancouver, BC V6E 2K3
| |
| | | | |
| − | http://maps.google.ca/maps?f=q&source=s_q&hl=en&geocode=&q=1177+West+Hastings+Street,+vancouver,+bc&sll=49.891235,-97.15369&sspn=31.271973,90.263672&ie=UTF8&hq=&hnear=1177+W+Hastings+St,+Vancouver,+Greater+Vancouver+Regional+District,+British+Columbia+V6E+3Y9&z=16
| + | = Events = |
| | + | Our monthly sessions take place on the 4th Thursday of each month. We also host one off events and workshops around town. |
| | | | |
| − | We are pleased to announce the next OWASP Vancouver meeting! As previously announced on the mailing list, we will have the meeting on September 23rd, and Sierra Systems is once again hosting our meeting.
| + | Have a look at [http://owaspvancouver.eventbrite.com/ our calendar of awesome events] and join us! |
| | | | |
| − | *Speaker: | + | = Contact = |
| − | This month we have Dana Epp from Scorpion Software who will lead the group in performing a threat model of an application using the Microsoft SDL Threat Modeling process and tools! This session is an interactive session that will provide an opportunity for the attendees to participate as well as learn how to use this free and powerful process and tool from Microsoft.
| + | The OWASP Vancouver chapter board members are: |
| | + | |
| | + | |
| | + | [https://groups.google.com/a/owasp.org/forum/#!forum/vancouver-chapter Click here] to join the local chapter mailing list and Google Group (pre-Google mailing list archives can be found [http://lists.owasp.org/pipermail/owasp-vancouver here]) |
| | | | |
| − | *Call for Volunteer:
| + | = Watch Online = |
| − | We are looking for a volunteer to offer an application for threat modeling! This is an opportunity to learn how this tool and process can be applied directly to your development cycle and business! If you are interested in volunteering your application for this session, please let me know! (Yvan Boily [[mailto:yvanboily@gmail.com]])
| + | '''Subscribe''' to the '''[https://www.youtube.com/channel/UCSXBb_cPvieNm-MoLjjtbXw OWASP Vancouver YouTube channel]''' where you can check out live streams of upcoming sessions as well as archives of previous sessions (big thanks to '''George Pajari''' and volunteers). |
| | | | |
| − | Please confirm attendance by voting at
| + | = Speakers = |
| − | http://micropoll.com/t/KERPsZBMHr (this is an anonymous poll to get a rough estimate of attendees)
| + | We welcome speakers of all level! You don't have to be a pro to talk at one of our events, but we do ask that you talk be related to an application security domain and you provide value to attendees. To be a speaker, simply review the [[Speaker_Agreement |speaker agreement]] and then contact the our [mailto:[email protected] chapter lead] with details of what OWASP project, independent research or related application security topic you would like to present on. |
| | | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting July 19, 2010 (Third Meeting of 2010)</font></font>== | + | = Membership = |
| − | '''Time:'''
| + | OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing Overview Slides]) is a professional association of [[Membership |global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]]. |
| − | Thursday, August 19th, 2010 @ 5:30pm
| |
| | | | |
| − | ''' Location'''
| + | Consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://www.owasp.org/index.php/Membership]] |
| − | Sierra Systems
| |
| − | 1177 West Hastings Street, Suite 2500
| |
| − | Vancouver, BC V6E 2K3
| |
| | | | |
| − | http://maps.google.ca/maps?f=q&source=s_q&hl=en&geocode=&q=1177+West+Hastings+Street,+vancouver,+bc&sll=49.891235,-97.15369&sspn=31.271973,90.263672&ie=UTF8&hq=&hnear=1177+W+Hastings+St,+Vancouver,+Greater+Vancouver+Regional+District,+British+Columbia+V6E+3Y9&z=16
| |
| | | | |
| − | This meeting featured two presentations on PCI compliance and certification from IPS.
| + | __NOTOC__ |
| | | | |
| − | *Speakers:
| + | <headertabs /> |
| − | Santosh Nair (Chief Technology Officer) and Don Bowen (Senior Account Manager), IPS
| |
| | | | |
| − | Organizations today are faced with a host of regulatory compliance requirements, such as PCI, SOX and NERC. It has become increasingly important for organizations to ensure payment account data security through compliance with the PCI DSS. Don and Santosh will attempt to demystify some of the myths and questions that commonly trouble PCI level 3 and 4 merchants. They will also discuss why the PCI DSS is necessary and provide an auditor’s perspective on what is required to achieve compliance through completing a “Self Assessment Questionnaire”.
| + | = Sponsors = |
| | | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting July 22, 2010 (Second Meeting of 2010)</font></font>==
| + | As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. |
| − | '''Time:'''
| |
| − | Thursday, July 22, 2010 @ 5:30pm
| |
| | | | |
| − | ''' Location'''
| + | [[Image:Btn_donate_SM.gif|link=https://www.owasp.org/index.php/Local_Chapter_Supporter]] to this chapter or become a local chapter supporter. |
| − | Sierra Systems
| |
| − | 1177 West Hastings Street, Suite 2500
| |
| − | Vancouver, BC V6E 2K3
| |
| | | | |
| − | http://maps.google.ca/maps?f=q&source=s_q&hl=en&geocode=&q=1177+West+Hastings+Street,+vancouver,+bc&sll=49.891235,-97.15369&sspn=31.271973,90.263672&ie=UTF8&hq=&hnear=1177+W+Hastings+St,+Vancouver,+Greater+Vancouver+Regional+District,+British+Columbia+V6E+3Y9&z=16
| + | = Our 2019 Sponsors = |
| | | | |
| − | This meeting was held on July 22nd, and Martin Kyle of Sierra Systems offered to host the meeting.
| + | We would like to thank the following companies for providing us with space, pizza and pop, and helping us with our mission to enrich Vancouver's application security community. |
| | | | |
| − | *First Topic : Risk Assessment Methodologies - Erasmus Dong - High level presentation on risk management and risk assessment methodologies with focus on OWASP Threat Risk Modeling.
| + | {| |
| − | *Fifteen minute break
| + | |- |
| − | *Second Topic : Cloud Technologies and Risks - Yvan Boily - Brief overview of cloud technologies, and a discussion of some of the key areas of risk.
| + | | [[File:FwdSec.png|frameless|200px|thumb|left|link=https://www.forwardsecurity.com]] || [[File:PlentyOfFish.png|frameless|200px|thumb|left|link=https://www.pof.com/en/press/]] || [[File:zenefits.png|frameless|200px|thumb|left|link=https://www.zenefits.com]] |
| − | *Discussion of how to grow the chapter, and future areas of interest.
| + | |- |
| | + | | [[File:Galvanize.jpg|frameless|200px|thumb|left|link=https://www.wegalvanize.com/]] || [[File:CISCO.png|frameless|200px|thumb|left|link=https://www.cisco.com/c/en_ca/index.html]] || [[File:cmd.png|frameless|200px|thumb|left|link=https://www.cmd.com]] |
| | + | |} |
| | | | |
| − | About Erasmus Dong:
| + | [[Category:Vancouver]] |
| − | | + | [[Category:OWASP Chapter]] |
| − | A new member of the Vancouver OWASP community, Erasmus has been working in information technology for over a decade in areas of operations, infrastructure, and information security risk in government and financial services.
| |
| − | | |
| − | About Yvan Boily:
| |
| − | | |
| − | Yvan Boily works for a global Financial Institution and was the former chapter lead for the Winnipeg chapter of OWASP. He has worked in various roles in IT Security, primarily focused on Application Security and Security Testing. Working for the last 8 years in IT Security, Yvan has held roles in provincial government, independent contracting, and as a consultant for a dedicated IT security firm.
| |
| − | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting April 22, 2010</font></font>==
| |
| − | | |
| − | *Topic: Informal Meeting
| |
| − | *Meeting Date: April 22, 2010
| |
| − | *Facilitators: Yvan Boily / Rui Pereira
| |
| − | *Place/Room: Steamworks Pub
| |
| − | | |
| − | Agenda
| |
| − | | |
| − | 1. Introductions
| |
| − | 2. Objectives (discuss initial objectives as a chapter)
| |
| − | 3. Discuss Content of Meetings
| |
| − | 4. General Discussion
| |
| − | | |
| − | ==<font color="red"> <font size="5">OWASP Vancouver Chapter Meeting April 27, 2009</font> </font>==
| |
| − | '''Time:'''
| |
| − | Monday April 27, 2009 starting at 5:30 p.m.
| |
| − | | |
| − | ''' Location'''
| |
| − | Deloitte & Touche LLP (downtown office)
| |
| − | 2800 - 1055 Dunsmuir Street
| |
| − | 4 Bentall Centre
| |
| − | Vancouver British Columbia
| |
| − | | |
| − | Vancouver Map/Carte<http://maps.google.ca/maps?f=q&hl=en&geocode=&q=2800+Dunsmuir+Street,+Vancouver+British+Columbia+V7X+1P4>
| |
| − | | |
| − | Agenda:
| |
| − | | |
| − | 5:30 to 5:45 PM Introductions
| |
| − | 5:45 to 6:15 PM Cross Site Scripting XSS & Cross Site Request Forgery CSRF by Mark Lane
| |
| − | 6:15 to 6:30 PM Q&A session
| |
| − | | |
| − | Approximately 10 people attended.
| |
| − | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting January 20, 2009</font></font>==
| |
| − | '''Time:'''
| |
| − | January 20th, 2009 at 6:00 p.m.
| |
| − | | |
| − | ''' Location'''
| |
| − | Deloitte & Touche LLP (downtown office)
| |
| − | 2800 - 1055 Dunsmuir Street
| |
| − | 4 Bentall Centre
| |
| − | Vancouver British Columbia
| |
| − | | |
| − | Vancouver Map/Carte<http://maps.google.ca/maps?f=q&hl=en&geocode=&q=2800+Dunsmuir+Street,+Vancouver+British+Columbia+V7X+1P4>
| |
| − | | |
| − | Agenda:
| |
| − | | |
| − | 6:00 to 6:15 PM Introductions
| |
| − | 6:15 to 6:45 PM Presentation "Real Experiences in developing a Secure Development Life Cycle" from Stephen Charles
| |
| − | 6:45 to 7:00 PM Q&A session
| |
| − | | |
| − | Approximately 10 people attended.
| |
| − | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter meeting January 21, 2008</font></font>==
| |
| − | '''Time:'''
| |
| − | January 21, 2008 6:30 p.m. to 7:30 p.m.
| |
| − | | |
| − | ''' Location'''
| |
| − | Business Objects
| |
| − | 910 Mainland Street
| |
| − | Vancouver BC, Canada V6B 1A9
| |
| − | | |
| − | For the January meeting of the OWASP Vancouver chapter we have a very interesting presentation from Michael Weider, Founder and CTO of IBM Watchfire. Michael will provide insights into the latest trends in application security, what is the threat and what best practices are companies employing to address this growing threat.
| |
| − | | |
| − | The session will be held on January 21st starting at 6:30 p.m.
| |
| − | | |
| − | | |
| − | | |
| − | ==<font color="red"><font size="5">OWASP Vancouver Chapter meeting November 29, 2007</font></font>==
| |
| − | '''Location: '''
| |
| − | Business Objects Main office
| |
| − | | |
| − | '''Attendance: '''
| |
| − | Rodrigo, Rui, Zenko, Russ, Mauro
| |
| − |
| |
| − | The meeting started with an introduction of the OWASP group and its objectives: goals and projects that OWASP is leading.
| |
| − | There are various open source projects that the OWASP team has been a part of, namely, the OWASP top ten list of vulnerabilities; CLASP ( a guideline for companies to address security issues in their products ); GOAT ( practice your hacking skills on their machines); Web Scarab; plus other scanning/hacking tools.
| |
| − |
| |
| − | We then introduced the OWASP Vancouver chapter: lately the chapter has been a little be dormant and all the presents agreed to provide help to revamp the chapter.
| |
| − | The objective of the OWASP Vancouver chapter is to promote web application security and security awareness in the community.
| |
| − |
| |
| − | In the fall off 2007 the Vancouver chapter reached into the other Vancouver security and technical groups. Some groups as for example SIG Security and Vantug have been interested to hear more about OWASP and the asked for presentations. More presentation can be done to these groups in the next year. We all agree that reaching into Vancouver groups is an important goal for the OWASP Vancouver chapter.
| |
| − |
| |
| − | Another goal of the group is to facilitate some technical discussion and presentation on the security field. Some of the topics of interest are the following:
| |
| − |
| |
| − | * Honeypot;
| |
| − | * Vulnerabilities;
| |
| − | * Secure Development LifeCycle;
| |
| − | * Hands on seminar using various security/pen tools;
| |
| − | * Wireless security;
| |
| − | * Http and basic encryption;
| |
| − | * Forensic;
| |
| − | * Law and enforcement in security;
| |
| − | * International security groups like CISSP or SANS.
| |
| − |
| |
| − | We've also discussed the possibility to promote OWASP in the community and other groups and to capturing new membership through social sites such as Tazzu.com and meetup.com.
| |
| − |
| |
| − | The next meeting is planned for the end of January
| |
| − | | |
| − | ==<font color="red"><font size="5">OWASP Chapter Meeting May 30th, 2007 5:30pm - 7:00pm</font></font>==
| |
| − | '''Attendance:'''
| |
| − | * Neil (PDB Security)
| |
| − | * Chris (Sxip Identity)
| |
| − | * Mauro (Business Objects)
| |
| − | | |
| − | '''Introductions'''
| |
| − | | |
| − | ''' Ideas for new members?'''
| |
| − | * Chris to lead web page
| |
| − | * Mauro to contact other local security groups (ISACA, ISSA, CIPS Security Special Interest Group)
| |
| − | * Neil to arrange speakers
| |
| − | * Group to invite friends :)
| |
| − | | |
| − | '''Future Speakers'''
| |
| − | * Topics of interest: fuzzing, risk modeling (CLASP), other risk methodologies, cryptography, web services, tools
| |
| − | | |
| − | '''Other ideas?'''
| |
| − | * Goals of the chapter: grow, cross-pollination of ideas in app. sec. space, evangelize app sec!
| |
| − | * Chatted about compliance standards.
| |
| − | * Chatted about info sec. vs app. sec. as a whole.
| |
| − | | |
| − | [[Category:Canada]] | |
Our mission is to enrich Vancouver's application security community. We hope you can join us in accomplishing that.
We would like to thank the following companies for providing us with space, pizza and pop, and helping us with our mission to enrich Vancouver's application security community.
to this chapter or become a local chapter supporter.
