This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Denver"
(→Next Meeting) |
(→Future Meetings) |
||
Line 19: | Line 19: | ||
* Performing security-oriented code reviews | * Performing security-oriented code reviews | ||
* HTTP message spliting attacks | * HTTP message spliting attacks | ||
− | |||
* Sarbanes Oxley (SOX) compliance, relating to web apps | * Sarbanes Oxley (SOX) compliance, relating to web apps | ||
− | |||
== Past Meetings == | == Past Meetings == |
Revision as of 18:44, 5 June 2007
OWASP Denver
Welcome to the Denver chapter homepage. The chapter leaders are David Byrne and Andy Lewis.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Next Meeting
The next meeting of the Denver OWASP chapter will be on June 21st at 7:00PM. The location will be announced shortly. Refreshments will be provided by Symplified.
The technical presentation will be by David Byrne from EchoStar Satellite. He will speak on Anti-DNS pinning attacks, a technique that allows an attacker to leverage cross-site-scripting to turn a web browser into a proxy server. This is done using standard browser functionality; no client-side vulnerabilities are required. The end-result is that internal servers are not well protected by standard network firewalls. The presentation will focus on a live demonstration of an attack.
The non/less technical presentation will be by David Stevens from Symplified. He will discuss methods to calculate Return on Security Investment (ROSI). Considering how difficult it often is to get funding for security initiatives, this is a useful skill for any security professional or security manager.
Future Meetings
Below is a list of potential topics for future meetings. If you are interested in presenting, or at least contributing to the content of a presentation on any topic, please send David Byrne an e-mail. Feel free to submit ideas for other topics as well.
- Common security mistakes and best practices for
- .Net
- J2EE
- Performing security-oriented code reviews
- HTTP message spliting attacks
- Sarbanes Oxley (SOX) compliance, relating to web apps