This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Philadelphia"
Line 5: | Line 5: | ||
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-philadelphia|emailarchives=http://lists.owasp.org/pipermail/owasp-philadelphia}} | |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-philadelphia|emailarchives=http://lists.owasp.org/pipermail/owasp-philadelphia}} | ||
− | == | + | == Previous Meeting: '''Tuesday,August 13th, 2013 from 7:000 - 8:30 PM''' == |
'''OWASP Philly/ Meeting ''' | '''OWASP Philly/ Meeting ''' | ||
Line 17: | Line 17: | ||
'''Abstract:''' | '''Abstract:''' | ||
− | HTML 5 Security | + | HTML 5 Security |
+ | |||
+ | While HTML 5 is a wonderful tool for developer, the new features also present some new security challenges. Security in HTML 5 is a widely varied topic and we may not yet understand all of the security challenges it will bring. HTML 5 poses a major paradigm shift in the way that web applications are delivered and consumed and time will tell whether this will result in a net positive or negative for security. The new anti-XSS mitigation features of HTML 5 are amazing, and well worth investigating if you're looking to develop a new application. | ||
+ | |||
+ | Presentation material available at https://sites.sas.upenn.edu/?kleinkeane/presentations/html-5-security | ||
'''Reminder:''' | '''Reminder:''' | ||
OWASP App Sec USA is coming up in November in NYC (http://appsecusa.org/2013/)! It's a short trip and an awesome opportunity to hear some really great talks. If folks want to go, please register with the discount code "Support_PHI" to support the chapter. Additionally, if you're going to go, it's $50 cheaper if you're an OWASP member, and individual membership only costs $50 (https://owasp.org/index.php/Individual_Member) so join! | OWASP App Sec USA is coming up in November in NYC (http://appsecusa.org/2013/)! It's a short trip and an awesome opportunity to hear some really great talks. If folks want to go, please register with the discount code "Support_PHI" to support the chapter. Additionally, if you're going to go, it's $50 cheaper if you're an OWASP member, and individual membership only costs $50 (https://owasp.org/index.php/Individual_Member) so join! | ||
+ | |||
+ | '''Upcoming Events:''' | ||
+ | * Friday, October 11 is [http://drupaldelphia.com/ Drupaldelphia], at the Philadelphia Convention Center | ||
+ | * Friday-Sunday, October 25-27 is [http://pumpcon.org/ Pumpcon] in Philadelphia, follow [https://twitter.com/pumpcon @pumpcon] | ||
+ | |||
+ | |||
== Previous Meeting: '''Tuesday, January 8th, 2013 from 7:000 - 8:30 PM''' == | == Previous Meeting: '''Tuesday, January 8th, 2013 from 7:000 - 8:30 PM''' == | ||
Line 106: | Line 116: | ||
'''Register:''' [http://www.issa-dv.org/meetings/registration.php Please register to attend this free conference] | '''Register:''' [http://www.issa-dv.org/meetings/registration.php Please register to attend this free conference] | ||
− | ==Agenda== | + | ===Agenda=== |
{| class="wikitable" | {| class="wikitable" |
Revision as of 12:10, 14 August 2013
- 1 OWASP Philadelphia
- 2 Participation
- 3 Sponsorship/Membership
- 4 Previous Meeting: Tuesday,August 13th, 2013 from 7:000 - 8:30 PM
- 5 Previous Meeting: Tuesday, January 8th, 2013 from 7:000 - 8:30 PM
- 6 Previous Meeting: Tuesday, November 27th, 2012 from 7:000 - 8:30 PM
- 7 Previous Meeting: Monday April 16th, 2012, from 7:00 - 8:30 PM
- 8 Previous Meeting: Friday September 16th, 2011, from 1:00 PM - 4:15 PM
- 9 Previous Meeting: Monday June 20th, from 6:30 - 8:00 PM
- 10 Previous Meeting: Monday, May 23rd, from 6:30 - 8:00 PM
- 11 Previous Meeting: Monday, April 11th, from 6:30 - 8:00 PM
- 12 Previous Meeting: Monday, March 7th, from 6:30 - 8:00 PM
- 13 Previous Meeting: Tuesday, August 17th, 2010 6:30pm - 8:00pm
- 14 Previous Meeting: Tuesday, July 20th, 2010 6:30pm - 8:30pm
- 15 Previous Meeting: Thursday, December 3rd, 2009 6:30pm - 8:30pm
- 16 Previous Meeting: October 27th, 2009 6:00pm - 9:00pm
- 17 Previous Meeting: Wednesday June 24th 2009, 6:30 PM - 8:00 PM
- 18 Previous Meetings
OWASP Philadelphia
Welcome to the Philadelphia chapter homepage. The chapter leaders are Aaron Weaver, Darian Patrick, and Justin C. Klein Keane.
Follow us @phillyowasp
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Previous Meeting: Tuesday,August 13th, 2013 from 7:000 - 8:30 PM
OWASP Philly/ Meeting
When: Tuesday ,August 13th, 2013 from 7:000 - 8:30 PM
Where: University of Pennsylvania, Fisher-Bennett Hall room 322
Topic: HTML5 Security
Presenter: Justin C. Klein Keane or others
Abstract:
HTML 5 Security
While HTML 5 is a wonderful tool for developer, the new features also present some new security challenges. Security in HTML 5 is a widely varied topic and we may not yet understand all of the security challenges it will bring. HTML 5 poses a major paradigm shift in the way that web applications are delivered and consumed and time will tell whether this will result in a net positive or negative for security. The new anti-XSS mitigation features of HTML 5 are amazing, and well worth investigating if you're looking to develop a new application.
Presentation material available at https://sites.sas.upenn.edu/?kleinkeane/presentations/html-5-security
Reminder:
OWASP App Sec USA is coming up in November in NYC (http://appsecusa.org/2013/)! It's a short trip and an awesome opportunity to hear some really great talks. If folks want to go, please register with the discount code "Support_PHI" to support the chapter. Additionally, if you're going to go, it's $50 cheaper if you're an OWASP member, and individual membership only costs $50 (https://owasp.org/index.php/Individual_Member) so join!
Upcoming Events:
- Friday, October 11 is Drupaldelphia, at the Philadelphia Convention Center
- Friday-Sunday, October 25-27 is Pumpcon in Philadelphia, follow @pumpcon
Previous Meeting: Tuesday, January 8th, 2013 from 7:000 - 8:30 PM
OWASP Philly/ Meeting - University of Pennsylvania, Fisher-Bennett Hall Hall Room 224
When: Tuesday, January 8th, 2013 from 7:000 - 8:30 PM
Where: University of Pennsylvania, Fisher-Bennett Hall Hall Room 224
Topic: Capture the Flag Exercise
Presenter: Justin C. Klein Keane
Abstract:
NB: Please RSVP to [email protected] for this meeting if you plan to attend so that we can provide sufficient materials for all attendees.
Capture the Flag (CTF) exercise. Come learn about how web applications are compromised by actually breaking one yourself. This hands on exercise will guide attendees through common web application vulnerabilities and their potential impact by allowing participants to utilize tools to test and attack a target web application in a controlled environment. The exercise will include a vulnerable virtual machine image and documentation on one of many possible routes to complete the exercise.
This meeting will be lead by Justin Klein Keane, a veteran of web application capture the flag exercises and maintainer of the LAMPSecurity project on SourceForge.net (https://sourceforge.net/projects/lampsecurity). This exercise will be released as part of the LAMPSecurity project after the meeting.
Previous Meeting: Tuesday, November 27th, 2012 from 7:000 - 8:30 PM
OWASP Philly/ Meeting - Meyerson Hall, Room B4
When: Tuesday, November 27th from 7:000 - 8:30 PM
Where: University of Pennsylvania, Meyerson Hall, Room B4, Philadelphia
Penetration Testing - Attack Vector and Vulnerability Trends
Presenter: Shannon Schriver and Garrett Fails
Abstract:
The more things change, the more they stay the same. Even though the Top Ten hasn't been updated since 2010, the vulnerabilities that are prevalent in the wild in 2012 still map directly to items on the list.
Shannon Schriver and Garrett Fails, penetration testers for PwC, will be discussing the most successful web application vulnerabilities and attack vectors that they have used during client penetration tests in 2012. Topics will include local file inclusion, insecure administrative consoles (including JBoss and Tomcat), and WPAD man-in-the-middle browser vulnerabilities.
Previous Meeting: Monday April 16th, 2012, from 7:00 - 8:30 PM
OWASP Philly/ Meeting - Fisher-Bennett Hall - 231
When: Monday, Monday April 16th from 7:000 - 8:03 PM
Where: University of Pennsylvania, Fisher-Bennett Hall - 231, Philadelphia
HECTOR, our evolving security intelligence platform
Presenter: Justin Klein Keane
Abstract:
Asset management is an ever present challenge for any IT organization, and especially so for information security groups. Even more challenging is data aggregation for intelligent security analysis (or security intelligence). HECTOR is an effort by the University of Pennsylvania's School of Arts and Sciences to provide such a security intelligence platform. Organizing assets, scanning for vulnerabilities and profiles, correlating attacks on your network to services offered by hosts, tracking changes, following remediation, and making information available to multiple users via a web interface are all goals of HECTOR. HECTOR leverages honeypot technology, darknet sensors, port scans, vulnerability scans, intrusion detection systems, the powerful open source MySQL database, and a PHP based web front end to provide security intelligence to security practitioners.
HECTOR is an evolving, open source effort that attempts to leverage a wide variety of tools and information sources to empower security practitioners with better insights as well as to track and trend security related data. Come hear about HECTOR in advance the official open source launch at the Educause Security Professionals 2012 conference. Presentation material will include a discussion of the philosophy behind HECTOR, the open source technologies that make HECTOR work, as well as design challenges and solutions. Even if you don't end up using HECTOR the presentation seeks to spur new ideas and ways of thinking about asset management and security data.
Previous Meeting: Friday September 16th, 2011, from 1:00 PM - 4:15 PM
Joint Meeting with ISSA-DV, Infragard - VWR International, Radnor Corporate Center
When: Friday September 16th, 1:00 PM
Where: VWR International
Radnor Corporate Center
100 Matsonford Road
Wayne, PA 19087
Register: Please register to attend this free conference
Agenda
1:00 - 1:15 | OWASP, INFRAGARD, ISSA Joint Session | Registration |
1:15 – 2:00 | Dan Kuykendall, CTO NT Objectives | "Not Your Granddad's Web App." |
2:00 – 2:45 | Jack Mannino from nVisium Security | "Building Secure Android Apps" |
2:30 – 2:45 | BREAK | |
2:45 – 3:30 | CEO Matthew Jonkman Emergingthreats.net | Open Information Security Foundation (OISF Suricata) |
3:30 – 4:15 | Aaron Weaver - OWASP | Breaking Botnets: Finding App Vulnerabilities in Botnet Command & Control servers |
Directions to VWR International
Previous Meeting: Monday June 20th, from 6:30 - 8:00 PM
OWASP Philly/ Meeting - Fisher-Bennett Hall - 231
When: Monday, June 20th from 6:30 - 8:00 PM
Where: University of Pennsylvania, Fisher-Bennett Hall - 231, Philadelphia
Three lightning round presentations - Each presentation will be about 20 minutes long
- Using PHP for Security - Justin C. Klein Keane
- Perl for AppSec - Darian Anthony Patrick
- What does your metadata say about your organization? A look at the open source tool Foca - Aaron Weaver
Thanks to Penn for hosting the OWASP event!
Directions: The building entrance faces the intersection of 34th and Walnut streets and the room is on the third floor. Folks should bring identification and if the guard asks let him know you are coming to the OWASP meeting.
Previous Meeting: Monday, May 23rd, from 6:30 - 8:00 PM
OWASP Philly/ Meeting - Fisher-Bennett Hall - 231
When: Monday, May 23rd from 6:30 - 8:00 PM
Where: University of Pennsylvania, Fisher-Bennett Hall - 231, Philadelphia
The Search for Intelligent Life
Synopsis: For years organizations have been mining and culling data warehouses to measure every layer of their business right down to the clickstream information of their web sites. These business intelligence tools have helped organizations identify points of poor product performance, highlighting areas of current and potential future demand, key performance indicators, etc. In the information security field we still tend to look at our information in silos. Dedicated engineers solely focused on web application security, network security, compliance and so on, all while bemoaning a lack of information and decision support.
In this talk, Ed will cover some of the many sources of security data publicly available and how to apply them to add context to your security data and tools to help make more intelligent decisions. Ed also points out a number of ways to repurpose information and tools your company is already using in order to glean a clearer view into your security and the threats that may effect it.
Bio: Ed Bellis is the CEO of HoneyApps Inc, a vulnerability management Software as a Service that centralizes, correlates, prioritizes and automates the entire stack of security vulnerabilities and remediation workflow. Prior to HoneyApps, Ed served as the Chief Information Security Officer for Orbitz, the well known online travel agency where he built and led the information security program and personnel for over 6 years. Ed has over 18 years experience in information security and technology. He is a frequent speaker at information security events across North America and Europe. Past talks have included venues such as IANS Security Forum, SaaScon, AppSec DC, BlackHat, CSO Perspectives, MIS Institute, and several others. Additionally, Ed is a contributing author to the book Beautiful Security by O’Reilly and a blogger on CSO Online.
For a summary of the presentation please see http://www.madirish.net/justin/security-intelligence-philly-owasp-ed-bellis
Directions: The building entrance faces the intersection of 34th and Walnut streets and the room is on the third floor. Folks should bring identification and let the guard know they're coming for the OWASP meeting.
Previous Meeting: Monday, April 11th, from 6:30 - 8:00 PM
OWASP Philly/ Meeting - Fisher-Bennett Hall - 322
When: Monday, April 11th from 6:30 - 8:00 PM
Where: University of Pennsylvania, Fisher-Bennett Hall - 322, Philadelphia
Topic: TBD
Supervisory Special Agent Brian Herrick of the Philadelphia FBI - Cyber Squad
The building entrance faces the intersection of 34th and Walnut streets and the room is on the third floor. Folks should bring identification and let the guard know they're coming for the OWASP meeting.
Previous Meeting: Monday, March 7th, from 6:30 - 8:00 PM
OWASP Philly/ Meeting - Fisher-Bennett Hall - 322
When: Monday, March 7th from 6:30 - 8:00 PM
Where: University of Pennsylvania, Fisher-Bennett Hall - 322, Philadelphia
The Power of Code Review
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security.
- As a volunteer to OWASP, Dave is:
- A member of the OWASP Board,
- The OWASP Conferences Chair,
- Project lead and coauthor of the OWASP Top 10,
- Coauthor of the OWASP Application Security Verification Standard, and
- Contributor to the OWASP Enterprise Security API (ESAPI) project.
The building entrance faces the intersection of 34th and Walnut streets and the room is on the third floor. Folks should bring identification and let the guard know they're coming for the OWASP meeting.
For a write up of the meeting please see http://www.madirish.net/justin/owasp-philadelphia-march-7-2011-meeting
Previous Meeting: Tuesday, August 17th, 2010 6:30pm - 8:00pm
OWASP Philly/ Meeting - 307 Levine Hall
When: Tuesday, August 17th, from 6:30 - 8:00 PM
Where: University of Pennsylvania, 307 Levine Hall, Philadelphia
Mobile App Security Techniques
Look left, look right, look in your pocket, you probably glanced over a cellular phone. These devices are getting more and more pervasive in today's society. More importantly they are getting very powerful. This new market of software users have been the catalyst of the "app" boom. Everyone is jumping on board and developing mobile applications. This influx of mobile application development means there are a large number of mobile applications that get rushed to the market before they can be properly reviewed from a security standpoint. So guess what, more bugs for the taking!
In this talk we will lay out a few basic techniques that we use when we perform mobile application assessments, highlight possible pit falls that one should be aware and hopefully give those up and coming mobile application penetration testers a leg up on the competition.
Raj Umadas is a Consultant with the Intrepidus Group. Mr. Umadas graduated Summa Cum-Laude from The Polytechnic Institute of NYU with a BS in Computer Engineering. At NYU:Poly, Mr. Umadas pursued a highly expansive computer security curriculum. He is just as comfortable sniffing out a memory corruption bug as he is assessing the risk management decisions of large projects.
Coupled with Mr. Umadas' fresh academic outlook on security, he obtained a no-nonsense business sense of security while working in an Information Risk Management arm of a large investment bank. Corporate governance, segregation of duties, and SOX compliance were all daily concerns for Mr. Umadas.
Mr. Umadas is eager to establish his own niche in the security world where he will be the catalyst of some very major innovation. With his strong academics, proven real world experience, and never-say-no attitude; it is only a matter of time.
For a summary of this presentation please see http://www.madirish.net/security-tools/470
Previous Meeting: Tuesday, July 20th, 2010 6:30pm - 8:30pm
OWASP Philly/ Meeting - University of Pennsylvania - Philadelphia
All are welcome to join us on Tuesday as we discuss web application security.
When: Tuesday, July 20th, 2010 6:30pm - 8:30pm
Where: Fisher-Bennett Room 401, University of Pennsylvania
3340 Walnut Street St.
Philadelphia, PA 19104
Agenda:
1.) Opening Remarks
2.) Balancing Security & Usability, Justin Klein Keane
3.) Arshan Dabirsiaghi - Aspect Security
4.) Informal meetup afterwards at New Deck
Questions should be directed to Aaron Weaver
User Interface and Security in Web Applications
Security is often seen as a competing priority to good user experience, but the two are not diametrically opposed. Good user experience is essential to good security. Without ease of use, most people simply ignore or bypass security protections in systems. In order to craft effective security measures it is essential to take user experience into consideration. With the meteoric growth of web applications as a medium for service delivery it is critical to deploy good security measures. Web applications offer an always on, globally available target for attackers. Users need to be allies in the drive for application security, but far too often security measures are presented as onerous, time consuming, bothersome add-on's to web applications rather than seamlessly integrated, easy to use, user friendly features. In this talk I propose to explore some of the reasons why good security in web applications matters and how you can make security effective by making it easy to use.
Speaker: Justin Klein Keane
Bio: Justin C. Klein Keane has over 8 years of experience in information security starting with his role as Editor in Chief of the Hack in the Box e-zine. Currently Justin works as in Information Security Specialist with the University of Pennsylvania School of Arts and Sciences' Information Security and Unix Systems group. Justin's past work included several positions as a web application developer, often utilizing PHP. Justin is a regular contributer to the Full-Disclosure mailing list and is credited with dozens of vulnerability discoveries. Justin holds several ethical hacking and penetration testing certifications and regularly posts computer security related articles on his website http://www.MadIrish.net.
Previous Meeting: Thursday, December 3rd, 2009 6:30pm - 8:30pm
OWASP Philly/ Meeting - University of Pennsylvania - Philadelphia
This is a joint meeting with the Philadelphia Area PHP Meetup group. All are welcome to join us on Tuesday as we discuss web application security.
When: December 3rd, 2009 6:30pm - 8:30pm
Where: Wu & Chen Auditorium, Levine Hall, University of Pennsylvania
3330 Walnut St.
Philadelphia, PA 19104
Agenda:
1.) Opening Remarks
2.) Discovering PHP Vulnerabilities Via Code Auditing, Justin Klein Keane
3.) TBD: Bruce Diamond
Questions should be directed to Darian Anthony Patrick
Discovering PHP Vulnerabilities Via Code Auditing
Abstract: PHP provides an accessible, easy to use platform for developing dynamic web applications. As the number of web based applications grow, so too does the threat from external attackers. The open and global nature of the web means that web applications are exposed to attack from around the world around the clock. Automated web application vulnerability scanning technology is still very much in its infancy, and unable to identify complex vulnerabilities that could lead to complete server compromise. While intrusion detection systems prove very valuable in detecting attacks, the best way to prevent vulnerabilities is to engage in active code review. There are many advantages of direct code review over automated testing, from the ability to identify complex edge scenario vulnerabilities to finding non-exploitable flaws and fixing them proactively. Many vulnerabilities in PHP based web applications are introduced with common misuse of the language or misunderstanding of how functions can be safely utilized. By understanding the common ways in which vulnerabilities are introduced into PHP code it becomes easy to quickly and accurately review PHP code and identify problems. In addition to common problems, PHP includes some obscure functionality that can lead developers to unwittingly introduce vulnerabilities into their applications. By understanding the security implications of some common PHP functions, code reviewers can pinpoint the use of such functions in code and inspect them to ensure safety.
Speaker: Justin Klein Keane
Bio: Justin C. Klein Keane has over 8 years of experience in information security starting with his role as Editor in Chief of the Hack in the Box e-zine. Currently Justin works as in Information Security Specialist with the University of Pennsylvania School of Arts and Sciences' Information Security and Unix Systems group. Justin's past work included several positions as a web application developer, often utilizing PHP. Justin is a regular contributer to the Full-Disclosure mailing list and is credited with dozens of vulnerability discoveries. Justin holds several ethical hacking and penetration testing certifications and regularly posts computer security related articles on his website http://www.MadIrish.net.
Previous Meeting: October 27th, 2009 6:00pm - 9:00pm
OWASP Philly Meeting - Comcast - Philadelphia
Presentations:
Agile Practices and Methods
AJAX Security
Adobe AMF
Food and space provided by Comcast.
When: October 27th, 2009 6:00pm - 9:00pm Where: Floor (TBD), Comcast, 1701 John F Kennedy Blvd Philadelphia, PA 08054
Agenda:
1.) OWASP Meeting Opening Remarks: Bruce A. Kaalund Director, Product Security
2.) Development Issues Within AJAX Applications: How to Divert Threats: Tom Tucker, Cenzic
3.) Agile Software Development Principles and Practices : Ravindar Gujral, Agile Philadelphia
4.) Testing Adobe Flex/SWF's, focusing on flash remoting (AMF): Aaron Weaver, Pearson eCollege
Development Issues Within AJAX Applications: How to Divert Threats
Speaker: Tom Tucker
Bio: Tom Tucker has over 25 years of experience within the enterprise hardware, software, network, and security market. As a Senior Systems Engineer at Cenzic, Tom works directly with customers to protect their Web applications from hacker attacks. Previously Tom's worked with Tier 1 and Tier 2 Network Service Providers such as BBN, GTE, AT&T, iPass, New Edge Networks and MegaPath Networks, designing firewall, VPN, WAN, LAN and Hosting solutions. Tom was also the Director of Intranet Engineering for Associates Information Services (now a part of Citigroup) implementing secure Internet technology solutions for both internal and external application delivery.
Previous Meeting: Wednesday June 24th 2009, 6:30 PM - 8:00 PM
OWASP Philly Meeting - AccessIT Group - King of Prussia
Pizza provided by AccessIT Group.
Agenda:
1.) OWASP Introduction
2.) How to Analyze Malicious Flash Programs - Lenny Zeltser
3.) OWASP .NET, OWASP Report Generator,OWASP Cryttr/Encrypted Syndication - Mark Roxberry
2000 Valley Forge Circle
Suite 106
King of Prussia, PA 19406
AccessIT Group is located in the 2000 Building (middle building) of the Valley Forge Towers. The offices are located on the bottom floor of the building. Parking is available in the front or rear of the building.
How to Analyze Malicious Flash Programs
by Lenny Zeltser (http://www.zeltser.com)
About the talk: Attackers increasingly use malicious Flash programs, often in the form of banner ads, as initial infection vectors. Obfuscation techniques and multiple Flash virtual machines complicate this task of analyzing such threats. Come to learn insights, tools and techniques for reverse-engineering this category of browser malware.
Bio: Lenny Zeltser leads the security consulting practice at Savvis. He is also a board of directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books. Lenny is one of the few individuals in the world who've earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. You can stay in touch with him via http://twitter.com/lennyzeltser.
OWASP .NET, OWASP Report Generator, OWASP Cryttr / Encrypted Syndication
by Mark Roxberry
About the talk: Mark is looking to generate some interest in participating in OWASP projects. He will be speaking about projects that he is involved in and hoping to recruit folks who have time, energy and motivation to help out.
Bio: Mark Roxberry is a frequent contributor of research and code to OWASP. His credits include OWASP Testing Guide contributor and reviewer, the OWASP .NET Project Lead, the OWASP Report Generator Lead and just recently the OWASP Encrypted Syndication Lead. He is a Senior Consultant at Database Solutions in King of Prussia. Mark has a B.S. in Russian Technical Translation from the Pennsylvania State University and has the CEH and CISSP certificates hanging in his bunker where he tries to figure out how to hack into Skynet when it comes online.
Previous Meetings
Next Meeting:
October 28th 2008, 6:30 PM - 8:00 PM
OWASP Philly Meeting - Protiviti - Two Libery Place Philadelphia
Come join us in Philadelphia as we discuss web application security.
Agenda:
1.) Web Application Security and PCI requirements (V 1.1 and 1.2)
2.) Clickjacking: What is it and should we be concerned about it?
3.) Summary of OWASP conference in New York.
[Google Directions][1]
Two Libery Place 50 South 16th St
Suite 2900
Philadelphia, PA 19102 USA