This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Bay Area

From OWASP
Revision as of 18:43, 18 January 2007 by Anastasia Stamos (talk | contribs) (OWASP Chapter Meeting Notice for 1/25)

Jump to: navigation, search

OWASP San Francisco

Welcome to the San Francisco chapter homepage. The chapter leader is Brian Christian


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

!!!PLEASE RSVP TO Anastasia Stamos (mailto:anastasia@isecpartners.com) AS THERE IS LIMITED SPACE!!!

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


WHAT: San Francisco OWASP Chapter Meeting and Mixer

WHEN: Thursday, January 25th, 2007

6:00-6:30 Social (Food and Drinks) and Chapter Announcements

6:30-8:00 Presentation I "XML Digital Signature and Encryption: Use and Abuse": Brad Hill, iSEC Partners

8:00-8:15 Q and A

8:15-9:00 Presentation II: Patrick Stach, Stach and Liu

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com) We recommend arriving by public transit as parking is extremely limited.

WHY: To network, socialize and learn more about Web Application Security

WHO: Brian Christian, Chapter President, will give chapter details and Brad Hill of iSEC Partners will deliver the presentation "XML Digital Signature and Encryption: Use and Abuse".


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"XML Digital Signature and Encryption: Use and Abuse"

Abstract: The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world. This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications. Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Security Consultant - Brad Hill

Brad Hill is a Security Consultant with iSEC Partners. Brad Hill brings to iSEC a decade-plus background working with Internet technologies, including serving as the lead developer of Web applications and frameworks for one of the premier private label recordkeeping and management companies in the financial services industry, where his responsibilities also included security training, policy development and compliance. With iSEC he has performed penetration testing and design review for a wide spectrum of products and technologies, most recently participating in the Final Security Review of Microsoft Windows Vista. Brad achieved the Certified Information Systems Security Professional (CISSP) credential in 2004.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Presentation II

Abstract: This talk aims to outline a few commonly overlooked cryptographic vulnerabilities in web applications. The problems presented will range from attacks against authentication various authentication schemes to improper certificate generation.

Director of Research and Development- Patrick Stach

Patrick Stach is Director of Research and Development at Stach & Liu, a firm providing advanced IT security consulting to the Fortune 500 and multi-national financial institutions. Before founding Stach & Liu, Patrick aided in the development of multiple industry leading security scanning engines. In addition to providing security consulting services to Mitsui Zaibatsu, he has led the network security teams for a number of major hosting providers.

Patrick has lectured on cryptanalysis at Kyoto University, taught as adjunct faculty at Network Associates' Japan Security Academy, and performs government-funded cryptanalysis. He is a developer of the Metasploit Framework and has presented at DefCon, Interz0ne, AtlantaCon, ToorCon, and PhreakNIC.

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area&oldid=15575"