This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "France"

From OWASP
Jump to: navigation, search
Line 125: Line 125:
 
  '''Présentation''' : Sécurité Applicative: l’Organisation, clé de la réussite!, Gérôme Billois
 
  '''Présentation''' : Sécurité Applicative: l’Organisation, clé de la réussite!, Gérôme Billois
 
  '''Présentation''' : OWASP News & Update, Ludovic Petit & Sébastien Gioria
 
  '''Présentation''' : OWASP News & Update, Ludovic Petit & Sébastien Gioria
'''Présentation''' : Adhésions et Partenariats, Ely de Travieso
 
 
  '''Appel à contribution''' : '''Traduction OWASP Top Ten 2013''', Ludovic & Sébastien
 
  '''Appel à contribution''' : '''Traduction OWASP Top Ten 2013''', Ludovic & Sébastien
  
Les sujets suivants seront abordés par Jim Manico:   
+
'''Présentation globale''' : '''Chapter Meeting OWASP France 12 Mars'''[[https://www.owasp.org/images/2/2d/Chapter_Meeting_OWASP_France_12_Mars.pdf]]
 +
 
 +
Les sujets abordés par Jim Manico:   
 
'''Authentication Best Practices for Developers:''' This module will discuss the security mechanisms found within an authentication (AuthN) layer of a web application.  We will review a series of historical authentication threats. We will also discuss a variety of authentication design patterns necessary to build a low-risk high-security web application. Session management threats and best practices will also be covered. This module will include several technical demonstrations and code review labs.  
 
'''Authentication Best Practices for Developers:''' This module will discuss the security mechanisms found within an authentication (AuthN) layer of a web application.  We will review a series of historical authentication threats. We will also discuss a variety of authentication design patterns necessary to build a low-risk high-security web application. Session management threats and best practices will also be covered. This module will include several technical demonstrations and code review labs.  
  
 
'''Access Control Design Best Practices:''' Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
 
'''Access Control Design Best Practices:''' Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
  
  ''''''Speakers'''''' : Jim Manico, Gérôme Billois, Ludovic Petit, Sébastien Gioria, Ely de Travieso
+
  ''''''Speakers'''''' : Jim Manico, Gérôme Billois, Ludovic Petit, Sébastien Gioria
 
  '''Enregistrement en ligne obligatoire''' : http://owaspfrance12mars2013.eventbrite.com/
 
  '''Enregistrement en ligne obligatoire''' : http://owaspfrance12mars2013.eventbrite.com/
  

Revision as of 15:39, 12 March 2013

OWASP France

Welcome to the France chapter homepage. The Chapter Leaders are Ludovic Petit and Sebastien Gioria


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG <paypal>France Chapter</paypal>

The French Chapter is also available on LinkedIn: Join us, it only takes a minute!

Contacts, Présentations, Contributions & Partenariats

  • Sebastien Gioria et Ludovic Petit sont à votre disposition si vous souhaitez des informations et discuter de la plus-value proposée par la Fondation OWASP, ainsi que sur la Sécurité des Applications Web.

Entreprises, Individuels, Monde Académique, Sponsors, Supports, tout le monde est bienvenu à l'OWASP! L'accès à nos Chapter meetings est gratuit et ouvert à tous.

Pour les Entreprises souhaitant adhérer à l'OWASP, le montant de l'adhésion annuelle de base est de $5000 US (dont 40% sont reversés au Projet ou au Chapitre de votre choix), déductible à 100% aux USA, et déductible à 60% en France

Les fonds collectés servent à organiser les meetings du Chapitre, mais aussi et surtout à construire et organiser avec vous une approche collégiale spécifique répondant à vos souhaits (sessions de sensibilisation, meetings internes, interventions de Speakers, etc.). Tout cela peut être discuté avec le Chapitre Français et acté conjointement avec vous si vous souhaitez adhérer à l'OWASP.

N'hésitez pas à nous solliciter si vous souhaitez discuter d'un sujet particulier, ou si vous souhaitez effectuer une présentation lors d'un meeting du Chapitre France.

Amis de la Presse écrite et du Multimédia, n'hésitez pas à faire appel à nous si vous souhaitez notre concours pour vos articles et reportages, vous êtes les bienvenus et nous en serions honorés. Utilisez notre savoir-faire dans une perspective gagnant-gagnant!

Nous restons modestes dans notre approche, nous souhaitons que le Chapitre OWASP France devienne un de vos contacts de référence. Ensembles, Chacun fait plus! 

                                     TEAM stands for... Together Each Achieves More!


Looking Forward… and Beyond, Distinctiveness Through Security Excellence

Présentation : "Looking Forward… and Beyond"
Résumé :

Here is a presentation I gave in Sept for a big Software maker in an internal meeting. This presentation aims to be re-used at your convenience depending the needs / your context. Designed into 3 parts, this presentation is / could be useful for local Chapters, any Security Awareness purposes, or people and firms interested about OWASP and willing to join the Foundation as Member. The first 2 parts are more an update for those who are not yet familiar with OWASP, the 3rd part being more specific because about a hot topic that is gaining importance in the context of Application Security. 1st part is about OWASP. 2nd part is an update about the main OWASP Projects and Reboot. 3rd part is about Legal, the evolution of the legal framework, with a focus on the question "Developers, Software makers held liable for code?" I hope this helps anyway. Enjoy and feel free to email me, all comments welcome! 

Speaker : Ludovic Petit

28 Mars 2012 Meeting du premier trimestre

Lieu : Groupe Y Audit - 69 Rue de la Boëtie - 75 Paris - Métro Saint Philippe du Roule 
Horaire : Ouverture des portes 17h30 - Début de la présentation 18h
Présentation : "Top Ten Web Defenses"
Résumé :

Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threatscape. This talk will discuss the 10 most important security-centric computer programming techniques necessary to build low-risk web-based applications. Access Control is a necessary security control at almost every layer within a web application. This talk will also detail several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism. 

Speaker : Jim Manico

Jim Manico is the VP of Security Architecture at WhiteHat Security. Jim has been a web application developer since 1997. He has also been an active member of OWASP since 2008 supporting projects that help developers write secure code. 

Enregistrement en ligne sur : http://201203owaspfr.eventbrite.com/

7 et 8 Février 2012 - Techdays Microsoft 2012

Sébastien présentera un talk sur HTML5et la Sécurité le 7 Février 2012 à 17h30. Plus d'informations sur la page dédiée aux TechDays Microsoft 2012. ==

6 Janvier 2012 - Nouveau Groupe de Travail sur la Sécurité des Web Services au CLUSIF

Dans la continuité du Groupe de Travail sur la Sécurité des Application Web initialement créé en 2009, le CLUSIF a lancé un nouveau groupe de travail autour de la sécurité des WebServices. N'hésitez pas à participer si vous êtes intéressés. Le CLUSIF recherche des utilisateurs pour ce groupe de travail et des personnes en environnements Microsoft pour disposer d'un panel le plus large possible pour ce document

Contact : Sébastien Gioria

19 Décembre 2011 - Publication du deuxième document du CLUSIF sur la Sécurité des Applications Web

Le CLUSIF a publié son deuxième document sur la Défense en profondeur des applications Web. Ce document fait suite au premier document publié en 2009

15 Décembre 2011 Conférence du CLUSIF sur la sécurité des applications Web

Le CLUSIF a présenté la conférence Sécurité des Applications Web le jeudi 15 décembre 2011 au cercle National des Armées. Le programme était :

  • Mise en place d'une politique de sécurité applicative : retour d'expérience d'un RSSI par Philippe LARUE - Responsable Sécurité - CBP
  • Revue de code source, ou test sécurité applicatif, quel est le plus efficient pour évaluer un niveau de sécurité applicatif ? par Sébastien GIORIA - Consultant Senior Groupe Y et leader du chapitre Français de l'OWASP - OWASP France
  • Les enjeux réglementaires de la protection des informations en ligne par Garance MATHIAS - Avocat - Cabinet d'Avocats

Les présentations sont disponibles sur le site du CLUSIF, les vidéos de l'intervention seront aussi disponible.

2 Décembre 2011 - OWASP BeNeLux 2011 Conference - University of Luxembourg

Ludovic had a talk about "WebApp Security and Legal aspects" on Dec 2.

  • Overview
    • This presentation aims to be used by anybody willing to spread the voice of OWASP. See this as an Awareness session.
    • Use it and use it again.
    • Try to open your mind, just met me know if I can help.
  • Abstract Title: "Do you... Legal?"
    • The OWASP core mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. However, if you do not pay enough attention to many aspects of Legal compliance, you'll see why Web Application Security is somehow linked to Legal and Regulatory aspects as well as... Corporate Responsability, so yours. Who is accountable for what, what about each other's responsibility? Nowadays, the legal constraints oblige us to comply via technical means, whatever the local framework, and this is specially true for Web Application Security, many sensitive informations having to be handled through these web interfaces. A such, what do you think about your Security Policy compliance with your local Legal framework? Compliant? Sure? Really? Interesting isn't it? Let's have a talk about this.


EUROPE - ENISA’s Who-is-Who Directory on Network and Information Security

We are pleased to announce that OWASP France is part of the ENISA’s Who-is-Who Directory.

The ENISA is the European Network and Information Security Agency. The ENISA Who-is-Who Directory on Network and Information Security 2011 contains information on NIS stakeholders, such as national and European authorities and NIS organisations, contact details, websites, and areas of responsibilities or activities. This Directory serves as the "yellow pages" of Network and Information Security (NIS) in Europe. As such, it is a useful tool for those working closely with NIS issues in Europe.


Retrieved from "https://wiki.owasp.org/index.php?title=France&oldid=147675"