|
|
| Line 6: |
Line 6: |
| | | | |
| | | | |
| − | Future Scheduled Meetings
| + | [[Category:Chapters]] |
| − | * Oct 21, 2015 - Presentation topic: "Tracking Protection", by: Francois Marier [https://www.eventbrite.ca/e/owasp-vancouver-october-chapter-meeting-tickets-19111550161]
| |
| − | * Nov 18, 2015 - Presentation topic: "Effective Password Hashing", by: Colin Keigher
| |
| − | * Dec 16, 2015 - *CANCELLED* Holiday Social Event
| |
| − | * Jan 27, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
| |
| − | * Feb 24, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
| |
| − | * Mar 16, 2016 - OWASP Social Event during BSidesVancouver / CanSecWest
| |
| − | * Apr 20, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
| |
| − | * May 25, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
| |
| − | * Jun 15, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
| |
| − | * Jul 16, 2016 - Speaker TBD - [https://docs.google.com/forms/d/1bI7ZdUjv7HxvOb1uq9Ked594qOW3tbRoTsQhEncsb3E/viewform Why not you?]
| |
| − | | |
| − | == 2015 Meetings ==
| |
| − | | |
| − | OWASP Vancouver Chapter meetings take place once per month and include guest speakers as well as social events. Please view our calendar for listing of upcoming events in 2015/2016.
| |
| − | | |
| − | HTML: https://www.google.com/calendar/embed?src=mmrurcujdqvdaum77itfbb5aoo%40group.calendar.google.com&ctz=America/Vancouver
| |
| − | | |
| − | iCAL: https://www.google.com/calendar/ical/mmrurcujdqvdaum77itfbb5aoo%40group.calendar.google.com/public/basic.ics
| |
| − | | |
| − | XML: https://www.google.com/calendar/feeds/mmrurcujdqvdaum77itfbb5aoo%40group.calendar.google.com/public/basic
| |
| − | | |
| − | == 2013 Meetings ==
| |
| − | | |
| − | {| class="wikitable"
| |
| − | |-
| |
| − | ! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
| |
| − | |-
| |
| − | | November 6, 2013 || Mozilla Vancouver || Brian Campbell || Introduction to emerging JSON-based ID and Security protocols ||
| |
| − | |-
| |
| − | | August 7, 2013 || Mozilla Vancouver || Raymond Forbes || Owasp Canada Intro & Bug Bounty Programs || [[http://www.eventbrite.ca/event/7683697145 Register Here!]]
| |
| − | |-
| |
| − | | May 28, 2013 || Mozilla Vancouver || San-Tsai Sung || OAuth-based single sign-on in Real-world Implementations ||
| |
| − | |-
| |
| − | | February 20, 2013 || Ping Identity || Rui Periera || How to own a BILLION identities in less time than it takes to boil an egg
| |
| − | || <closed>
| |
| − | |}
| |
| − | | |
| − | === November 6, 2013 - Brian Campbell, Introduction to emerging JSON-based ID and Security protocols ===
| |
| − | | |
| − | This talk will look at JOSE and emerging JSON based ID protocols.
| |
| − | | |
| − | Brian Campbell is a Portfolio Architect for Ping Identity. He contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee (SAML) and a current focus on OAuth 2.0, JOSE and OpenID Connect.
| |
| − | | |
| − | === August 7, 2013 ===
| |
| − | | |
| − | | |
| − | === May 28, 2013, San-Tsai Sung, OAuth-based single sign-on in Real-world Implementations ===
| |
| − | | |
| − | Millions of web users today employ their Facebook accounts to sign
| |
| − | into more than one million relying party (RP) websites. This web-based
| |
| − | single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource
| |
| − | authorization protocol that has been adopted by major service
| |
| − | providers. The OAuth 2.0 protocol has proven secure by several formal
| |
| − | methods, but whether it is indeed secure in practice remains an open
| |
| − | question. We examine the implementations of three major OAuth identity
| |
| − | providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
| |
| − | websites that support the use of Facebook accounts for login. Our
| |
| − | results uncover several critical vulnerabilities that allow an
| |
| − | attacker to gain unauthorized access to the victim user's profile and
| |
| − | social graph, and impersonate the victim on the RP website. Closer
| |
| − | examination reveals that these vulnerabilities are caused by a set of
| |
| − | design decisions that trade security for implementation simplicity. To
| |
| − | improve the security of OAuth 2.0 SSO systems in real-world settings,
| |
| − | we suggest simple and practical improvements to the design and
| |
| − | implementation of IdPs and RPs that can be adopted gradually by
| |
| − | individual sites.
| |
| − | | |
| − | === February 20, 2013, Rui Periera, How to own a BILLION identities ... ===
| |
| − | | |
| − | Unless you've been living under a rock over the last few years, you can't help but notice that a lot of hacking seems to be going on - and personal information like e-mail addresses, passwords and credit card numbers are going out the door at several large organizations (Sony anyone?). This presentation deals with a web application hacking technique called SQL Injection (SQLi), and how it was used in various recent hacks such as Epsilon, Heartland Payment Systems, Pirate Bay, eHarmony, Sony and HBGary.
| |
| − | | |
| − | We cover the how's of it: How it is done and how you can protect your organization from being the next big (or little) name on an ever-growing list. This presentation was also given at the IT4BC conference earlier this year.
| |
| − | | |
| − | == 2012 Meetings ==
| |
| − | You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].
| |
| − | | |
| − | === May 2012 ===
| |
| − | | |
| − | '''OAuth-based single sign-on in Real-world Implementations'''
| |
| − | | |
| − | '''Speaker:''' San-Tsai Sung
| |
| − | | |
| − | '''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm
| |
| − | | |
| − | Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
| |
| − | single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
| |
| − | question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
| |
| − | websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
| |
| − | examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.
| |
| − | | |
| − | '''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!
| |
| − | | |
| − | Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
| |
| − | ''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''
| |
| − | | |
| − | '''Location:'''
| |
| − | Mozilla Vancouver, Suite 209, 163 West Hastings,
| |
| − | Vancouver, BC (Buzzer code is in the directory)
| |
| − | | |
| − | | |
| − | === January 2012 ===
| |
| − | | |
| − | '''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''
| |
| − | | |
| − | '''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation
| |
| − | | |
| − | '''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm
| |
| − | | |
| − | Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.
| |
| − | | |
| − | '''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!
| |
| − | | |
| − | Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
| |
| − | ''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''
| |
| − | | |
| − | '''Location:'''
| |
| − | Ping Identity,
| |
| − | 200 - 788 Beatty St,
| |
| − | Vancouver
| |
| − | | |
| − | '''About Ping Identity
| |
| − | '''
| |
| − | Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.
| |
| − | | |
| − | | |
| − | | |
| | [[Category:British Columbia]] | | [[Category:British Columbia]] |
Welcome to the Vancouver chapter homepage. The chapter leader position is OPEN.
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
