This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Washington DC

From OWASP
Revision as of 18:58, 4 March 2008 by Andre Ludwig (talk | contribs) (Local News)

Jump to: navigation, search

Welcome to the OWASP Washington, DC-Maryland Local Chapter

The original DC Chapter was founded in June 2004 by Jeff Williams and has had members from Virginia to Delaware. In April 2005 a new chapter, DC-Virginia, was formed and the DC Chapter was renamed to DC-Maryland. The two are sister chapters with common members and shared discourse. The chapters meet in opposite halves of the month to facilitate this relationship.

Chapter meetings are held several times a year, typically in the offices of our sponsor. Please subscribe to the mailing list for meeting announcements. You can also check out the archives of this page here Washington_DC Archives.

Our chapter is sponsored by Aspect Security.

Participation

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the DC-Maryland Chapter, send an email to Andre Ludwig.

Local News

March 20th 6pm OWASP Meeting, Columbia MD

Well it is that time again folks, your monthly OWASP meeting notification email.

This month we will be holding our meeting in Columbia MD at Aspect Securities offices (address below). The meeting will start at 6pm and last to around 9pm or so (depends on the crowd).

The topic for the meeting will be presentation by Jeff Williams on his Enterprise Security API project. (quick overview below)

  Securing Java EE Applications with the OWASP Enterprise Security API (ESAPI)
  Jeff Williams, the CEO of Aspect Security and the volunteer Chair of the
  OWASP Foundation, will present the new OWASP Project he is leading --
  the OWASP Enterprise Security API (ESAPI). ESAPI is an API and reference
  implementation designed to make it as easy as possible for web
  developers to address the most common web application security
  vulnerabilities, including those discussed in the OWASP Top Ten.
  ESAPI defines a simple, well-structured, and obvious interface to all
  the classes and methods a developer needs to build a secure web
  application, and comes with a reference implementation and over 600 test
  cases. ESAPI includes numerous new security mechanisms that are simply
  not present in Java EE today, including intrusion detection!
  Correctness, completeness, and simplicity are the three primary design
  goals of ESAPI.
  ESAPI provides a worked example of most security challenges faced by
  enterprise developers. Developers, architects, and application security
  specialists can use ESAPI as a baseline for what is expected in their
  applications. This presentation will cover the basic structure of the
  API, why using it represents a significant reduction in application
  security costs, and even why it makes projects more agile.


Look forward to seeing everyone there, so dont forget to set your outlook/entourage/notes calendars!

Location information:

  Aspect Security, Inc.
  9175 Guilford Road, Suite 300
  Columbia, MD 21046-2565
  Main: 301-604-4882




February 5th 6pm Meeting, New Location!

This meeting will be held at a new location thanks to a new host Grant Thorton LLP.


Presentations

   I will be giving a presentation on the intersection between web 
   application security and the attackers mindset.  The purpose of which is 
   to drill home that web application security isnt just about SQL 
   Injection, XSS, XSRF, and "web application compromises.  My approach 
   will be to outline various methods of abusing web applications to gain a 
   foot holds onto networks as well as leveraging vuln's to "repurpose" 
   existing web applications to the attackers whim.   The ultimate goal of 
   this presentation is to drill home the fact that web applications (and 
   their insecurities) provide an attacker an amazing attack surface to 
   leverage for various purposes, purposes which I will talk about.
   A few quick highlights include discussions on PHP/ASP* back door shells, 
   PHP based IRC bots, XSS based Attack frameworks, Flash based attack 
   frameworks, IDS evasion etc. 


Location details

  Location:
  333 John Carlyle St
  Alexandria, VA 22314



The Day After

I want to thank everyone who attended as well as the two organizations that made yesterdays LIVE-O mini-con possible. If it was not for these two organizations the event would not have been nearly as enjoyable as it was.


     MITRE HoneyClient Project
     Grant Thornton
     Aspect Security


I would also like to thank the presenters who put together the interesting topics and presented them to our chapter.

For all the presentations, notes, and thoughts of the attendee's and presenters you can use the following link.

Washington_DC_LIVE-O


Thursday Sept 6th LIVE O minicon!!

Well it looks like I have been able to finally secure a location for the LIVEO mini conference. The meeting will be held at 1:00pm at MITRE's McLean Va Offices in the MITRE 1 Building. (map to the location below)


If you haven't already signed up you must do so ahead of time! Feel free to pass this link around to coworkers or friends who may be interested in attending. Seating is limited to 75 people, and as such we will not be able to take any more people once we have reached that limit. If you are not able to come after signing up please use the same link to cancel your RSVP for the meeting. This will free up a seat for someone else to enjoy the awe inspiring presentations we have lined up.  ;)


List of presentations

   Honeyclients and Malicious Web Servers  - Kathy Wang - Mitre
   A malcode perspective on web application privacy - Blake Hartstein - iDefense
   Practical Web Privacy with Firefox - Chuck Willis- Mandiant
   A sneak peak at Jeff's new "Enterprise Security API" - Jeff Williams - Aspect Security/OWASP 
   Digital Rights Management - James Stibbards - Cloakware

Please make sure to have your ID with you for checking in when you arrive.

Map/Directions to Mini Con location http://www.mitre.org/about/locations/mitre1_map.html


Thursday August 23rd 6pm Location Aspect Security, Columbia MD

I will be giving a presentation outlining some of the various "Rich Interactive Application" (RIA's) Frameworks that are being developed.

Here is the rough draft of the presentation.

Topics to go over

  (My unofficial plan- YTBD)
    Offline Web Application frameworks : The fifth horseman?
          I will be going over the basics of the four major "off line web app frameworks" (aka webocalypse)
                Adobe AIR
                Google Gears
                Microsoft Silverlight
                Sun JavaFX
           Try to go over the differences of each framework, where they fit, and why I think they suck
           Point out potential weaknesses of each framework
           Write a group letter to all the developers explaining the coming "webocalypse" (Im joking of course)


Location Information

Aspect is located at 9175 Guilford Road (Suite 300) in Columbia. Driving directions are:

>From I-95:

   * Exit 38 B : Rt. 32 West towards Columbia (1.5 miles)
   * Take the Broken Land Parkway exit
   * Turn left off the ramp onto Broken Land Parkway
   * Turn left at the light onto Guilford Road (0.5 miles)

After a sharp left, enter the parking lot at 9175 Guilford Road. [Note: if you go under the bridge, you've gone too far]

We're on the third floor in Suite 300



Wednesday March 28th 6pm Columbia, MD

This meeting will be held at Aspect Security's offices in Columbia MD. The address is below. Food: As usual, geek food will be provided. This usually means pizza and soda.

Getting there: Aspect is located at 9175 Guilford Road (Suite 300) in Columbia. Driving directions are:

>From I-95:

   * Exit 38 B : Rt. 32 West towards Columbia (1.5 miles)
   * Take the Broken Land Parkway exit
   * Turn left off the ramp onto Broken Land Parkway
   * Turn left at the light onto Guilford Road (0.5 miles)

After a sharp left, enter the parking lot at 9175 Guilford Road. [Note: if you go under the bridge, you've gone too far]

We're on the third floor in Suite 300



Meeting: Feburary 15th 6PM

Andrew van der stock will be giving a presentation on the following three topics.

   OWASP Top 10 2007
   Spring of Code 2007
   an update on OWASP Guide 3.0 status

Watch this space as it will be updated as the meeting nears.


Location information

Our hosts have asked that if you are to show up for the meeting that you patiently wait in the first floor lobby for someone to escort you into the conference room that we will be using.


Here is the address:

SRA Locations

Arlington Center (NEW! Opened 7/17/06)
3434 Washington Boulevard
Arlington, VA 22201-4508
Phone: (703) 284-5000