This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cincinnati"

From OWASP
Jump to: navigation, search
(February Meeting)
(February Meeting)
Line 10: Line 10:
 
'''When:''' Febrary 26th, 2008, 5:30pm - 6:45pm  
 
'''When:''' Febrary 26th, 2008, 5:30pm - 6:45pm  
  
'''General Session Topic: OWASP Top Ten Vulnerabilities and Software Root Causes: solving the software security problem with an information security perspective'''
+
'''General Session Topic: OWASP Top Ten Vulnerabilities and Software Root Causes: Solving The Software Security Problem From an Information Security Perspective'''
  
 
'''Who:''' Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)
 
'''Who:''' Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)

Revision as of 00:28, 30 January 2008

OWASP Cincinnati

Welcome to the Cincinnati chapter homepage. The chapter leader is Marco Morana


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

The chapter has just started! We are currently setting up the board members and get the local community involved by publicizing the chapter. We are currently planning activities for 2008. To submit educational topic upcoming meetings please submit your powerpoint using the OWASP Template and include a speaker BIO. If you wish to become a sponsor or co-sponsor please send an email to the chapter leader.

February Meeting

When: Febrary 26th, 2008, 5:30pm - 6:45pm

General Session Topic: OWASP Top Ten Vulnerabilities and Software Root Causes: Solving The Software Security Problem From an Information Security Perspective

Who: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)

Before to diagnose the disease and provide the cure a doctor looks at the root causes of the sickness, the risk factors and the symptoms. In case of application security most of the root causes of the security issues are in unsecure software: the risk factors can be found in how bad the application is designed, the software is coded and the application is tested. The presentation will articulate the problem of secure software, the costs, the risks and how are typically dealt with by most organizations. The solution requires people, process and tools. From the information security perspective we will look at ways to enforcing software security throughout your organization as part of information security and risk management processes. A set of software security requirements is the best place to start to address the root causes of web application vulnerabilities. With a categorization of web application vulnerabilities as weakness in the security controls is easier to describe the root case of each vulnerability in term of a coding error. A good place to start is to document software security requirements for some basic web application vulnerabilities such as the OWASP Top Ten. For each of these vulnerabilities we will cover the threat, the software root cause of the vulnerability, how to find if you are vulnerable, the countermeasure and the risk that suppose to mitigate.

January Meeting

When: January 29th, 2008, 11:30am - 1:00pm

General Session Topic: Introduction to OWASP

Who: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)

OWASP plays a special role in the application security ecosystem, is vehicle for sharing knowledge and lead best practices across organizations. As an example OWASP is a community of people passionate about application security. We all share a vision of a world where you can confidently trust the software you use. One of our primary missions is to make application security visible so that people can make informed decisions about risk. OWASP is the most authoritative and resourceful application security organization to share and open source tools, documents, basic information, guidelines, presentations projects worldwide. The OWASP Top Ten list includes a reference for most critical web application security flaws compiled by a variety of security experts from around the world. The list is recommended by U.S. Federal Trade Commission, the U.S. Defense Information Systems Agency and is adopted by Payment Card Industry (PCI) as a requirement for security code reviews.Through OWASP you’ll find a rich community of people to connect through mailing lists, participating in the local chapters, and attending conferences. The people involved in OWASP recognize the world’s software is most likely getting less and less secure. As we increase our interconnections and use more and more powerful computing technologies, the likelihood of introducing vulnerabilities increases exponentially. Whatever the internet becomes, OWASP can play a key role in making sure that it is a place we can trust. This meeting will provide an opportunity to meet local OWASP affiliates and members and know more about how to contribute to OWASP.

Specific Session Topic: Webgoat and Webscarab Security Tools Use Cases

Who: Blaine Wilson (Citigroup, TISO)

The presentation will show how to use popular OWASP tools such as Webscarab web proxy and Webgoat to learn about common security vulnerabilities in applications

Where: Citibank N.A, 9997 Carver Road, Bldg. 1, Cincinnati, Ohio, 45242-5537. 

Please access the building from the visitor lobby. There will be signs posted in the lobby to direct you where to go. Your RSVP is provided to the guards that will proof verify you and grant you access to the Buckeyes Lecture Room

Cost: Always Free

Lunch: Free, Courtesy of CitiGroup NA.

Questions or help with Directions... call: Citi Blue Ash Help Desk at (513) 979 900

Cincinnati OWASP Chapter Leaders


About OWASP

OWASP News