Difference between revisions of "Montréal"

Revision as of 23:49, 20 January 2010

OWASP Montreal

Welcome to the Montreal chapter homepage. The chapter leader is Benoit Guerette

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

<paypal>Montreal</paypal>

OWASP Montreal News

2010-01-21 : The Board elected Philippe Gamache as Vice Chapter Leader!

2010-xx-xx : Look at the tabs, 2 meeting date are scheduled

2009-11-03 : November 3rd 2009, Pravir Chandra present Software Assurance Maturity Model (OpenSAMM)

2009-09-17 : Next meeting on September 17th 2009!

2009-07-13 : We are preparing the next meeting, it will be held on September.

2009-04-07 : Next meeting on April 7th 2009 in Montreal!

2009-02-25 : Already working for the 2nd meeting in 3 months, more details to come on this site.

2009-02-24 : OWASP meeting on February 24th 2009 in Montreal!

2009-01-20 : Board meeting

2008-12-04 : Creation of the chapter board

2008-11-28 : The new chapter leader is Benoit Guerette

2008-10-14 : First meeting preparation.

2007-10-09 : First meeting preparation. (Cancelled)

2007-08-06 : Email list installation.

2007-07-13 : Start-up of the Montreal Chapter. Welcome!

Montreal OWASP Board

Scope of the board is to discuss and approve local activities, meetings and plans.

• In alphabetical order:
• Chapter Leader Benoit Guerette
• Vice Chapter Leader Philippe Gamache
• Board Member Philippe Blondin
• Board Member Sean Coates
• Board Member Laurent Desaulniers
• Board Member Jean-Marc Robert

Meeting February 2nd 2010

OWASP Montreal - February 2nd 2010 - Authentification forte

• MAIN PRESENTER:Philippe Gamache, CEO at Parler Haut, Interagir Librement
• WHEN: February 2nd 2010, 18h00
• WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
• REGISTRATION: OwaspMontrealFebruary.eventbrite.com Registration is mandatory.
• SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS.
• PROGRAM:
• * Please note there is no lunch offered, but prizes will be offered by sponsors

    18:00-18:15 Welcome speech by Chapter Leader & sponsors
    18:15-19:45 Main presentation
    19:45-20:00 Open discussion
    20:00-...   End of the meeting at the ETS Pub

This presentation will be in french, with bilingual slides.

Meeting March 9th 2010

OWASP Montreal - March 9th 2010 - OWASP Application Security Verification Standard (ASVS) Project

• MAIN PRESENTER: Sebastien Gioria, OWASP French Chapter Leader
• WHEN: March 9th 2010, 18h00
• WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
• REGISTRATION: OwaspMontrealMarch.eventbrite.com Registration is mandatory.
• SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS.
• PROGRAM:
• * Please note there is no lunch offered, but prizes will be offered by sponsors

    18:00-18:15 Welcome speech by Chapter Leader & sponsors
    18:15-19:00 Main presentation
    19:00-19:15 Open discussion
    19:15-...   End of the meeting at the ETS Pub

Past mettings

Meeting on November 3rd 2009 in Montreal (Pravir Chandra present Software Assurance Maturity Model (OpenSAMM))

• MAIN PRESENTER: Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.

• SUBJECT: The Software Assurance Maturity Model (SAMM) into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/

• WHEN: Tuesday, November 3rd 2009, 18h00
• WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
• REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
• PROGRAM:
• * Please note there is no lunch offered, but prizes will be offered by all the sponsors, and all attendees get a copy of the SAMM on a USB stick (~90+ page document))

    18:00-18:05 Welcome speech by Chapter Leader
    18:05-18:15 Welcome speech by sponsors
    18:15-19:15 Main presentation
    19:15-19:30 Open discussion
    19:30-...   End of the meeting at the ETS Pub

Meeting on September 17th 2009 in Montreal (Crossing the Border – Javascript Exploits)

• MAIN PRESENTER: Justin Foster, CISSP - Third Brigade/Trend Micro
• SUBJECT: Crossing the Border – Javascript Exploits JavaScript-based exploits are a serious threat on the Internet today. This talk explores how the countermeasures to deal with script based attacks parallel 2200 years of Chinese border security. The speaker will cover the benefits and drawbacks of current prevention methods and introduce future techniques to keep bad scripts at bay.
• WHEN: Thursday, September 17th 2009, 18h00
• WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
• REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
• SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS.
• PROGRAM:
• * Please note there is no lunch offered, but prizes will be offered by Gardien Virtuel (3 security books) and the Chapter will offer some OWASP gears.

    18:00-18:05 Welcome speech by Chapter Leader
    18:05-18:15 Welcome speech by sponsors
    18:15-19:00 Main presentation
    19:00-19:15 Open discussion
    19:15-...   End of the meeting at the ETS Pub

April 7th 2009 in Montreal (Introduction to Web Application Hacking LIVE!)

• MAIN PRESENTER: Rafal Los, Sr. Web Security Specialist at HP (Topic: Intro to Web Application Hacking LIVE!)
• BIO: Rafal Los is currently a Sr. Security Consultant with Hewlett-Packard’s Application Security Center (ASC). Rafal has over 13 years of experience in network and system design, security policy and process design, risk analysis, penetration testing and consulting. Over the past eight years, he has focused on Information Security and Risk Management, leading security architecture teams and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously Rafal spent three years in-house with GE Consumer Finance, leading its security programs.

• WHEN: Tuesday, April 7th 2009, 18h00
• WHERE: CN Building, 935 De la Gauchetière Street West (Downtown), Montreal , Quebec H3B 2M9, Transcontinental room (ground floor)
• REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory . Please include name, company and how many attendees.
• SPONSORS: This meeting is sponsored by Gardien Virtuel and CN.
• PROGRAM:

     18:00-18:15 Food and drinks 
     18:15-18:30 Welcome 
     18:30-20:00 Main presentation
     20:00-20:30 Open discussion

First meeting on February 24th 2009 in Montreal (Security Development Lifecycle for IT)

• MAIN PRESENTER: Rob Labbe, Microsoft (Topic: Security Development Lifecycle for IT)

• WHEN: Tuesday, February 24th 2009, 18h00

• WHERE: 111 Duke 7th floor, Montreal, QC, H3C 2M1 (room 734.1)

• REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.

• SPONSORS: This meeting is sponsored by Microsoft, CGI.

• PROGRAM:

     18:00-18:15 Food and drinks
     18:15-19:00 OWASP Goal and Top Ten 2007 for Managers (by Benoit Guerette)
     19:00-20:00 Security Development Lifecycle for IT (by Rob Labbe, Microsoft)
     20:00-20:30 Open discussion

Presentations For Download

Software Assurance Maturity Model (OpenSAMM) by Pravir Chandra (03/11/2009)

Crossing the Border – Javascript Exploits by Justin Foster (17/09/2009)

A Laugh RIAt by Rafal Los (07/04/2009)

Microsoft Security Development Lifecycle for IT by Rob Labbe (24/02/2009)

OWASP Goal and Top Ten 2007 for Managers - French version by Benoit Guerette (24/02/2009)

OWASP Goal and Top Ten 2007 for Managers - English version by Benoit Guerette (24/02/2009)