This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Ottawa"

From OWASP
Jump to: navigation, search
(Next Meeting: Tuesday, March 30th, 2010)
(Next Meeting: Tuesday, March 30th, 2010)
Line 35: Line 35:
 
'''Meeting schedule:'''  
 
'''Meeting schedule:'''  
  
      5:45-6:15 Pizza, wings and pop
+
6:00-6:30 Pizza, wings and pop
  6:15-7:00 Main presentation
+
  6:30-7:30 Main presentation
  7:00-7:30 Open discussion and questions
+
  7:30-8:00 Open discussion and questions
  
'''Speaker: Sherif Koussa'''  
+
'''Speaker: David Mirza Ahmad'''  
  
'''The Dirty Couple: Cross-site Scripting and Cross-site Request Forgery:''' A case-study on how cross-site scripting and cross-site request forgery was used to exploit 18,000 twitter accounts in a couple of days. The presentation also will cover some take-home and practical tips on how to mitigate against these attacks.
+
'''David will be describing the CBC padding oracle attack, originally discovered by Serge Vaudenay and presented at Eurocrypt 2002.  Recent applications of this attack affecting web applications discovered by Juliano Rizzo and Thai Duong, presented at Black Hat Europe in 2010, will be clearly described.  There will also be a live demonstration of POET (padding oracle exploitation tool).
  
'''About The Speaker''' Mr. Sherif Koussa is a Principal Information Security consultant at Software Secured (http://www.softwaresecured.com) specialized in source code driven security application assessment, static code analysis and security code review for Java, ASP.net, Classic ASPs and C++ applications. Mr. Koussa is also the co-founder and co-leader of OWASP Ottawa Chapter, a Member of SANS Steering Committee for GSSP-J and GSSP-NET exams and an Exam Development Consultant for GIAC. Prior to finding Software Secured, Mr. Koussa spent over 10 years designing, implementing and leading large scale software projects for Fortune 500 companies.
+
'''About The Speaker''' David started his career over ten years of professional experience as a founding member of SecurityFocus.com, which was acquired by Symantec in 2002.  David also moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years.  He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications.   David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model.  His current obsession is building a network security startup in Montréal and acting as editor for the Attack Trends section of the IEEE Security & Privacy journal..
  
 
== Previous Meetings ==
 
== Previous Meetings ==

Revision as of 15:11, 4 June 2010

OWASP Ottawa

Welcome to the Ottawa chapter homepage. The chapter leaders are Mike Sues and Sherif Koussa <paypal>Ottawa</paypal>


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Meetings Location

Third Brigade: 40 Hines Rd Suite 200 Ottawa, Ontario, Canada K2K 2M5 Map

RSVP

Please RSVP to [email protected]. Please include name, company and how many attendees.

Next Meeting: Tuesday, March 30th, 2010

Meeting Sponsor:

2keys_%28big%29.jpg TM_logo_red_rgb.jpg






Meeting schedule: 

6:00-6:30 Pizza, wings and pop
6:30-7:30 Main presentation
7:30-8:00 Open discussion and questions

Speaker: David Mirza Ahmad

David will be describing the CBC padding oracle attack, originally discovered by Serge Vaudenay and presented at Eurocrypt 2002. Recent applications of this attack affecting web applications discovered by Juliano Rizzo and Thai Duong, presented at Black Hat Europe in 2010, will be clearly described. There will also be a live demonstration of POET (padding oracle exploitation tool).

About The Speaker David started his career over ten years of professional experience as a founding member of SecurityFocus.com, which was acquired by Symantec in 2002. David also moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model. His current obsession is building a network security startup in Montréal and acting as editor for the Attack Trends section of the IEEE Security & Privacy journal..

Previous Meetings

September 10th, 2009 - Justin Foster - Speaker Notes: Download Here

April 6th, 2009 - Rafal Los - Speaker Notes: Download Here

July 16th, 2008 - John Linehan - Speaker Notes: Download Here

November 28th, 2007 - Eric Klien - Make my day

Retrieved from "https://wiki.owasp.org/index.php?title=Ottawa&oldid=84475"