This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
m (Local News)
(Local News)
Line 3: Line 3:
 
== Local News ==
 
== Local News ==
  
'''!!!PLEASE RSVP TO Anastasia Stamos (mailto:anastasia@isecpartners.com) AS THERE IS LIMITED SPACE!!!'''
+
Please note that this meeting starts later to accomodate our San Jose chapter members. Don't forget to rsvp to anastasia@isecpartners.com
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
WHAT: San Francisco and San Jose OWASP Chapter Meeting  
 
 
 
 
WHAT: San Francisco OWASP Chapter Meeting and Mixer
 
 
 
WHEN: Thursday, January 25th, 2007
 
     
 
6:00-6:30  Social (Food and Drinks) and Chapter Announcements
 
 
 
6:30-8:00  "XML Digital Signature and Encryption: Use and Abuse":  Brad Hill, iSEC Partners
 
 
 
8:00-8:15  Q and A
 
 
 
8:15-8:45  "Commonly Overlooked Cryptographic Vulnerabilities in Web Applications": Patrick Stach, Stach and Liu
 
 
 
8:45-9:00  Q and A and Meeting Wrap Up
 
 
 
WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com)
 
We recommend arriving by public transit as parking is extremely limited.
 
 
 
WHY: To network, socialize and learn more about Web Application Security
 
  
WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill and Patrick Stach will present.
+
WHEN: Tuesday, March 6, 2007
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
6:30-7:00  Social (Food and Drinks) and Chapter Announcements
  
"XML Digital Signature and Encryption: Use and Abuse"
+
7:00-8:30  Presentation and Q and A- Dinis Cruz (Chief OWASP
 +
Evangelist)
  
Abstract:
+
WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com ). We recommend arriving by public transit as parking is extremely limited.
The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world.  This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications.   Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.
 
 
 
Security Consultant - Brad Hill
 
 
 
Brad Hill is a Security Consultant with iSEC Partners. Brad Hill brings
 
to iSEC a decade-plus background working with Internet technologies,
 
including serving as the lead developer of Web applications and
 
frameworks for one of the premier private label recordkeeping and
 
management companies in the financial services industry, where his
 
responsibilities also included security training, policy development and
 
compliance.  With iSEC he has performed penetration testing and design
 
review for a wide spectrum of products and technologies, most recently
 
participating in the Final Security Review of Microsoft Windows Vista.
 
Brad achieved the Certified Information Systems Security Professional
 
(CISSP) credential in 2004.
 
  
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  
"Commonly Overlooked Cryptographic Vulnerabilities in Web Applications"
+
*OWASP, the Open Web Application Security Project
 
+
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.  
Abstract:
 
This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications. The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.
 
 
 
Director of Research and Development- Patrick Stach
 
  
Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.
+
*Buffer Overflows on .Net and Asp.Net
 +
One of the common myths about the .Net Framework is that it is immune to Buffer Overflows.  Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code.  In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).
 
   
 
   
Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.
+
*Owning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done
 +
In this presentation Dinis will explore the missed opportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small difference, ideas and solutions for the future will also be presented.

Revision as of 18:21, 1 March 2007

OWASP San Francisco

Welcome to the San Francisco chapter homepage. The chapter leader is Brian Christian


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

Please note that this meeting starts later to accomodate our San Jose chapter members. Don't forget to rsvp to anastasia@isecpartners.com

WHAT: San Francisco and San Jose OWASP Chapter Meeting

WHEN: Tuesday, March 6, 2007

6:30-7:00 Social (Food and Drinks) and Chapter Announcements

7:00-8:30 Presentation and Q and A- Dinis Cruz (Chief OWASP Evangelist)

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com ). We recommend arriving by public transit as parking is extremely limited.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  • OWASP, the Open Web Application Security Project

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.

  • Buffer Overflows on .Net and Asp.Net

One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).

  • Owning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done

In this presentation Dinis will explore the missed opportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small difference, ideas and solutions for the future will also be presented.

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area&oldid=16813"