This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Columbus"

From OWASP
Jump to: navigation, search
(Local News)
(July 2008 Meeting)
Line 10: Line 10:
 
Thank you!
 
Thank you!
  
== March 2008 Meeting ==
+
== July 2008 Meeting ==
  
'''When:''' March 24th, 2008, 6:00 PM - 7:30 PM, Doors open at 5:30 PM
+
'''When:''' July 7th, 2008, 11:00 AM - 1:00 PM, Doors open at 10:30 AM; ** Refreshments Provided **
  
 
'''Where:''' Heritage Room, One Nationwide Plaza, Columbus, OH 43215
 
'''Where:''' Heritage Room, One Nationwide Plaza, Columbus, OH 43215
  
'''Parking:''' Recommend parking in the Front St. Garage; take the Skywalk from the garage over to the Nationwide Plazas. Signs will be posted.
+
'''Parking:''' Recommend parking the Front St. Garage; take Skywalk from the garage over to the Nationwide Plazas. Signs will be posted.
  
'''*** General Session Topic: Introduction to OWASP ***'''
+
'''General Session Topic: A2 - Injection Flaws - SQL Injection'''
  
'''Who:''' Chris Hayes (Nationwide Insurance, CISSP, OWASP Columbus, OH Chapter Leader)
+
'''Who:''' Chris Hayes & Greg Green (Nationwide - OWASP Columbus, OH - Chapter Leaders)
  
OWASP plays a special role in the application security ecosystem, is vehicle for sharing knowledge and lead best practices across organizations. As an example, OWASP is a community of people passionate about application security. We all share a vision of a world where you can confidently trust the software you use. One of our primary missions is to make application security visible so that people can make informed decisions about risk.
+
Chris and Greg will be collaborating to present an in-depth presentation on SQL injection. Per OWASP: "Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data."
OWASP is the most authoritative and resourceful application security organization to share and open source tools, documents, basic information, guidelines, presentations projects worldwide. The OWASP Top Ten list includes a reference for most critical web application security flaws compiled by a variety of security experts from around the world. The list is recommended by U.S. Federal Trade Commission, the U.S. Defense Information Systems Agency and is adopted by Payment Card Industry (PCI) as a requirement for security code reviews.
 
Through OWASP you’ll find a rich community of people to connect through mailing lists, participating in the local chapters, and attending conferences.
 
The people involved in OWASP recognize the world’s software is most likely getting less and less secure. As we increase our interconnections and use more and more powerful computing technologies, the likelihood of introducing vulnerabilities increases exponentially.
 
Whatever the internet becomes, OWASP can play a key role in making sure that it is a place we can trust. This meeting will provide an opportunity to meet local OWASP affiliates and members and know more about how to contribute to OWASP.  
 
  
'''*** Specific Session Topic: Web Session Token Security (OWASP Top 10 - Broken Authentication and Session Management) ***'''
+
The presentation will consist of:
  
'''Who:''' Greg Green (CISSP, Senior Security Consultant, Nationwide Insurance)
+
  1. A brief overview of injection flaws.
 
+
  2. Different types of SQL injection.
During this presentation we will briefly cover web application sessions. Attendees will be introduced to the OWASP WebGoat application and the session management flaw exercise labeled “Spoof an Authentication Cookie”. Besides WebGoat, attendees will also be exposed to the OWASP tool WebScarab (intercepting proxy), and some simple JAVA code.
+
  3. Common methods / technologies to prevent SQL injection
 +
  4. Examples of input validation at the following tiers (http://en.wikipedia.org/wiki/N-tier):
 +
      a. Client side
 +
      b. Presentation tier
 +
      c. Application tier
 +
      d. Data tier
 +
  5. Q&A / General Discussion
  
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]

Revision as of 02:01, 20 May 2008

OWASP Columbus, OH

Welcome to the Columbus, OH chapter homepage. The chapter leader is Chris Hayes


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

– NOTICE – Next chapter meeting - 7/7/2008; details below

We are still seeking one or two more board members and to get the local community involved by publicizing the chapter. We are currently planning activities for the remainder of 2008; at least one chapter meeting per quarter - more if interest warrants.

To submit educational topics for upcoming meetings, please submit your powerpoint using the OWASP Template and include a speaker BIO. Any inquiries regarding chapter or meeting sponsors can be directed to Chris Hayes. Please begin the subject header with: [OWASP COLUMBUS].

Thank you!

July 2008 Meeting

When: July 7th, 2008, 11:00 AM - 1:00 PM, Doors open at 10:30 AM; ** Refreshments Provided **

Where: Heritage Room, One Nationwide Plaza, Columbus, OH 43215

Parking: Recommend parking the Front St. Garage; take Skywalk from the garage over to the Nationwide Plazas. Signs will be posted.

General Session Topic: A2 - Injection Flaws - SQL Injection

Who: Chris Hayes & Greg Green (Nationwide - OWASP Columbus, OH - Chapter Leaders)

Chris and Greg will be collaborating to present an in-depth presentation on SQL injection. Per OWASP: "Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data."

The presentation will consist of: 

  1. A brief overview of injection flaws.
  2. Different types of SQL injection.
  3. Common methods / technologies to prevent SQL injection
  4. Examples of input validation at the following tiers (http://en.wikipedia.org/wiki/N-tier):
     a. Client side
     b. Presentation tier
     c. Application tier
     d. Data tier
  5. Q&A / General Discussion
Retrieved from "https://wiki.owasp.org/index.php?title=Columbus&oldid=29561"