This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cincinnati"
Marco-cincy (talk | contribs) (→Next Meeting) |
Marco-cincy (talk | contribs) (→Next Meeting) |
||
Line 6: | Line 6: | ||
[http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please send an email to the chapter leader. | [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please send an email to the chapter leader. | ||
− | == | + | == February Meeting == |
+ | |||
+ | '''When:''' Febrary 26th, 2008, 5:30pm - 6:45pm | ||
+ | |||
+ | '''General Session Topic: OWASP Top Ten Vulnerabilities and Software Root Causes: solving the software security problem with an information security perspective''' | ||
+ | |||
+ | '''Who:''' Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger) | ||
+ | |||
+ | Before to diagnose the disease and provide the cure a doctor looks at the root causes of the sickness, the risk factors and the symptoms. In case of application security most of the root causes of the security issues are in unsecure software: the risk factors can be found in how | ||
+ | bad the application designed, the software is coded and the application is tested. | ||
+ | The presentation will articulate the problem of secure software, the costs, the risks and how is typically dealt with by most organizations: not very effectively. The solution is complex and requires people, process and tools. From the information security perspective you can also look at enforcing software security throughout your organization as part of information security and risk management processes. A set of software security requirements is the best place to start to address the root causes of web application vulnerabilities. With a categorization of web application vulnerabilities as weakness in the security control of the web application is easier to describe the root case of the vulnerability in term of a coding error. A good place to start is to document root causes for some basic web application vulnerabilities such as the OWASP Top Ten. | ||
+ | |||
+ | == January Meeting == | ||
'''When:''' January 29th, 2008, 11:30am - 1:00pm | '''When:''' January 29th, 2008, 11:30am - 1:00pm |
Revision as of 00:22, 30 January 2008
OWASP Cincinnati
Welcome to the Cincinnati chapter homepage. The chapter leader is Marco Morana
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Local News
The chapter has just started! We are currently setting up the board members and get the local community involved by publicizing the chapter. We are currently planning activities for 2008. To submit educational topic upcoming meetings please submit your powerpoint using the OWASP Template and include a speaker BIO. If you wish to become a sponsor or co-sponsor please send an email to the chapter leader.
February Meeting
When: Febrary 26th, 2008, 5:30pm - 6:45pm
General Session Topic: OWASP Top Ten Vulnerabilities and Software Root Causes: solving the software security problem with an information security perspective
Who: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)
Before to diagnose the disease and provide the cure a doctor looks at the root causes of the sickness, the risk factors and the symptoms. In case of application security most of the root causes of the security issues are in unsecure software: the risk factors can be found in how bad the application designed, the software is coded and the application is tested. The presentation will articulate the problem of secure software, the costs, the risks and how is typically dealt with by most organizations: not very effectively. The solution is complex and requires people, process and tools. From the information security perspective you can also look at enforcing software security throughout your organization as part of information security and risk management processes. A set of software security requirements is the best place to start to address the root causes of web application vulnerabilities. With a categorization of web application vulnerabilities as weakness in the security control of the web application is easier to describe the root case of the vulnerability in term of a coding error. A good place to start is to document root causes for some basic web application vulnerabilities such as the OWASP Top Ten.
January Meeting
When: January 29th, 2008, 11:30am - 1:00pm
General Session Topic: Introduction to OWASP
Who: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)
OWASP plays a special role in the application security ecosystem, is vehicle for sharing knowledge and lead best practices across organizations. As an example OWASP is a community of people passionate about application security. We all share a vision of a world where you can confidently trust the software you use. One of our primary missions is to make application security visible so that people can make informed decisions about risk. OWASP is the most authoritative and resourceful application security organization to share and open source tools, documents, basic information, guidelines, presentations projects worldwide. The OWASP Top Ten list includes a reference for most critical web application security flaws compiled by a variety of security experts from around the world. The list is recommended by U.S. Federal Trade Commission, the U.S. Defense Information Systems Agency and is adopted by Payment Card Industry (PCI) as a requirement for security code reviews.Through OWASP you’ll find a rich community of people to connect through mailing lists, participating in the local chapters, and attending conferences. The people involved in OWASP recognize the world’s software is most likely getting less and less secure. As we increase our interconnections and use more and more powerful computing technologies, the likelihood of introducing vulnerabilities increases exponentially. Whatever the internet becomes, OWASP can play a key role in making sure that it is a place we can trust. This meeting will provide an opportunity to meet local OWASP affiliates and members and know more about how to contribute to OWASP.
Specific Session Topic: Webgoat and Webscarab Security Tools Use Cases
Who: Blaine Wilson (Citigroup, TISO)
The presentation will show how to use popular OWASP tools such as Webscarab web proxy and Webgoat to learn about common security vulnerabilities in applications
Where: Citibank N.A, 9997 Carver Road, Bldg. 1, Cincinnati, Ohio, 45242-5537.
Please access the building from the visitor lobby. There will be signs posted in the lobby to direct you where to go. Your RSVP is provided to the guards that will proof verify you and grant you access to the Buckeyes Lecture Room
Cost: Always Free
Lunch: Free, Courtesy of CitiGroup NA.
Questions or help with Directions... call: Citi Blue Ash Help Desk at (513) 979 900
Cincinnati OWASP Chapter Leaders
-
Officers
- Chapter Leader: Marco Morana
- Vice Chapter Leader: Allison Shubert
- Secretary: Blaine Wilson
- Chairman: Wayne H. Browning
- Board Members:
About OWASP
- How OWASP Works for more information about projects and governance