This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Columbus"

From OWASP
Jump to: navigation, search
(Added Kevin's slides)
(Reverting meetup extension changes)
 
(51 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__NOTOC__
+
Welcome to the home site of the Columbus OWASP Chapter. We welcome all technology professionals to our monthly discussions of application security.
  
==== Local News  ====
+
== Upcoming Meetings ==
  
== Q4 Meeting Save The Date ==
+
'''''Upcoming meetings are listed at our new [http://www.meetup.com/Columbus-OWASP/ Meetup.com site].'''''
  
The Q4 meeting for OWASP will be November 17th, 1PM at the fabulous BMW financial facility.  We are looking at programming for secure computing ang beginning cryptography as topics, so it should be an awesome time.  Hope to see everyone there.
+
== Chapter information ==
  
==== Chapter Info ====
+
Columbus OWASP meets monthly on the fourth Thursday of the month, with two different meeting formats. Some months are Sessions, where we have two speakers, and an open discussion of news of the day. Others are Code Jams, where we work on projects, bug bounty programs, or other geeky stuff. All of it is described on [http://www.meetup.com/Columbus-OWASP/ Meetup.com]. There will be opportunities for Columbus OWASP members to meet other local security groups through event cross-participation and cooperation.
  
== Stay in touch with Columbus OWASP  ==
+
=== OWASP Membership ===
  
*The first stop to connecting with the community is our [http://lists.owasp.org/mailman/listinfo/owasp-columbus mailing list], feel free to contribute and interact with the list - it's not just for listening!
+
There have been a lot of questions about membership.  Membership supports the many projects that OWASP in involved in, including ESAPI. [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Learn more about membership here].  Remember to tell them you are interested in membership in the Columbus chapter.
  
*We're a group on [http://www.linkedin.com/groups?home=&gid=2796025 LinkedIn] as well, please join us. Facebook is coming soon.
+
=== Stay in touch with Columbus OWASP  ===
  
== Become a voting member  ==
+
*The first stop to connecting with the community is our [https://www.meetup.com/Columbus-OWASP/messages/boards/ Meetup message board], feel free to contribute and interact with the forum - it's not just for listening!
 +
 
 +
*We're a group on [http://www.linkedin.com/groups?home=&gid=2796025 LinkedIn] as well, please join us.
 +
 
 +
=== Become a voting member  ===
  
 
We encourage organization and individual supporters of our [http://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project ethics & principals] to become a voting '''[http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters MEMBER]'''. Please review the [[Chapter Rules]] and the [http://www.owasp.org/images/9/9f/2009-OWASP_KeyNote-V2.pdf OWASP overview], and [mailto:columbusowasp(at)gmail.com contact the chapter leaders] for more information.  
 
We encourage organization and individual supporters of our [http://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project ethics & principals] to become a voting '''[http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters MEMBER]'''. Please review the [[Chapter Rules]] and the [http://www.owasp.org/images/9/9f/2009-OWASP_KeyNote-V2.pdf OWASP overview], and [mailto:columbusowasp(at)gmail.com contact the chapter leaders] for more information.  
Line 21: Line 25:
 
''The professional association of OWASP Foundation Inc., is always free and open to anyone interested in learning more about application security.''  
 
''The professional association of OWASP Foundation Inc., is always free and open to anyone interested in learning more about application security.''  
  
== We want your participation!  ==
+
=== We want your participation!  ===
  
 
To submit educational topics for upcoming meetings, [mailto:columbusowasp(at)gmail.com submit your ideas and slide deck] (if available) using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. It doesn't have to be formal, we're happy to provide some assistance in organizing your thoughts. You only need an interest and knowledge of your independent research or related software security topic.  
 
To submit educational topics for upcoming meetings, [mailto:columbusowasp(at)gmail.com submit your ideas and slide deck] (if available) using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. It doesn't have to be formal, we're happy to provide some assistance in organizing your thoughts. You only need an interest and knowledge of your independent research or related software security topic.  
Line 27: Line 31:
 
=== Sponsorship, too!  ===
 
=== Sponsorship, too!  ===
  
There are myriad opportunities to sponsor the chapter, including meeting space, food, marketing, and monetary donations. We're always looking for assistance. Inquiries regarding chapter or per-meeting sponsorship opportunities can be directed to [mailto:columbusowasp(at)gmail.com the chapter leaders]. As a [http://www.owasp.org/index.php/About_OWASP 501(3)c non-profit professional association] your support and sponsorship of a meeting venue and/or refreshments is tax-deductible and all financial contributions can be made online right now: ''<paypal>Columbus</paypal>''
+
There are myriad opportunities to sponsor the chapter, including meeting space, food, marketing, and monetary donations. We're always looking for assistance. Inquiries regarding chapter or per-meeting sponsorship opportunities can be directed to [mailto:columbusowasp(at)gmail.com the chapter leaders]. As a [http://www.owasp.org/index.php/About_OWASP 501(3)c non-profit professional association] your support and sponsorship of a meeting venue and/or refreshments is tax-deductible and all financial contributions can be [https://www.owasp.org/index.php/Single_Meeting_Supporter made online right now].
 
 
==== Current Meetings  ====
 
 
 
The Q4 meeting for OWASP will be November 17th, 1PM at the fabulous BMW financial facility.  We are looking at programming for secure computing ang beginning cryptography as topics, so it should be an awesome time.  Hope to see everyone there.
 
 
 
=== Meeting details  ===
 
 
 
Our chapter meets ''quarterly''; we're organizing several different event styles in addition to traditional presentations. There will be opportunities for Columbus OWASP members to meet other local security groups through event cross-participation and cooperation. The next quarterly meeting is being planned for August 18th, 2011.
 
 
 
Feel free to contact us at [email protected] with any questions.
 
 
 
==== Previous Meetings  ====
 
 
 
== Q3 Meeting August 18, 2011 at 1PM ==
 
 
 
On August 18, 2011, from 1PM to 4PM at the Conference Center of BMW Financial. Two speakers were featured:
 
 
 
Speaker: '''Brent Huston''' CEO & Security Evangelist of MicroSolved, Inc. (MSI)
 
 
 
This presentation will discuss PHP and ASP malware, discovery techniques, how the attackers are staging and processing malware-based attacks, as well as the relevance of anti-virus against these forms of malware. Drawn from real world attacks and compromises, examples will be displayed and discussed. Take aways will include the architecture of attacker cells, their targeting and use of compromised hosts and insight into how simple, basic controls can assist us in fighting these forms of assault.
 
 
 
Speaker: '''Kevin Wall''' - ESAPI Committer / Owner at OWASP & Staff Security Engineer at CenturyLink
 
 
 
[https://www.owasp.org/index.php/File:OWASP_ESAPI-2011.ppt Kevin's Presentation and Materials]
 
 
 
OWASP Enterprise Security API (ESAPI) is one of the flagship projects at OWASP, but as of yet, not many application development teams have adopted it. This presentation will provide a brief history and overview of ESAPI, including its goals and all its language implementations, before taking a deeper dive into ESAPI for Java.
 
 
 
The ESAPI for Java portion will discuss major changes from ESAPI 1.4 to ESAPI 2.0 and how the various ESAPI 2.0 security controls map as mitigations for the OWASP Top Ten. We will also examine the relative maturity of each security control.
 
 
 
This will be followed by a few examples of how to use ESAPI, including an in-depth one of using ESAPI's symmetric encryption. Finally, we will briefly describe how the OWASP AppSensor project
 
has the ESAPI's Intrustion Detection mechanism to provid an powerful intrustion detection system at the application layer and describe some of the advantanges of this versus an more
 
traditional IDS.
 
 
 
=== Q2 Meeting - June 10th, 1PM - Defensible .NET  ===
 
 
 
'''Presented by Jason Montgomery, Sr. Security Specialist, Active Technologies Group, Inc.'''
 
 
 
ASP.NET and the .NET framework have become the preferred foundation underlying enterprise applications. While Microsoft has prioritized integrating security into the ASP.NET framework, attacks at the application layer are dramatically increasing. How effective are the security controls built into the ASP.NET framework? Application developers must understand the limitations of the framework and ensure their code is secure. Focusing on the OWASP top ten, Jason Montgomery will explain the latest defensive techniques specific to the ASP.NET environment. Jason is Sr. Security Specialist at Active Technologies Group, Inc. (ATGi). He is a SANS instructor in .NET application security and co-author of the secure coding certification, GSSP.NET. Jason has spent the past five years guiding software security practices at the Department of Defense, and currently leads ATGi’s secure software development and assessment practice.
 
 
 
=== 3rd Annual Central Ohio Infosec Summit  ===
 
 
 
The goal of this event is to educate regional Information Security professionals and support collaboration by bringing leading speakers in the information security field together to educate the community on the latest industry trends and issues.  
 
  
This Information Security Conference will provide information security professionals with the most up-to-date information, tools, trends, legislative information, products, services, and strategies for addressing information security issues. The conference will focus on key topics related to information security with presentations provided by recognized experts and exhibits by some of the nation’s leading organizations.
+
== Previous Meetings  ==
  
=== 2010 Q1 Meeting  ===
+
The previous meetings, including materials and photos, can be accessed on our [https://www.meetup.com/Columbus-OWASP/ Meetup page]
  
*'''PHP Security''' presented by Jon Canady, Web Application Developer, [http://www.innova-partners.com/ Innova Partners], March 23rd, 2010
+
== Columbus OWASP Chapter Leaders  ==
 
 
'''Meeting Summary:''' PHP is a widely used, general-purpose scripting language, originally designed to produce dynamic web pages. In 2007, The PHP Group reported it was utilized on over 20 million websites and 1 million web servers. In 2008, the National Vulnerability Database claimed PHP accounted for 35% of software vulnerabilities, with nearly all caused by poor programming practices. Every PHP developer, hoster, and security professional should understand the primary attack vectors being used by attackers against PHP applications. During this OWASP meeting we dived deep into PHP security - specifically the OWASP Top 10 in the context of PHP.
 
 
 
In addition to the presentation, chapter leadership changes were announced as well as the new leadership's plans for increasing the visibility and participation of the chapter.
 
 
 
The Columbus OWASP Chapter leadership would like to thank [http://www.bmwfs.com/ BMW Financial Services] for hosting this event and [http://www.innova-partners.com/ Innova Partners] for providing lunch.
 
 
 
'''Presentation slide deck: [[Media:OWASP_Q12010_PHP.pdf|OWASP_Q12010_PHP]]''' (pdf, 4.5M)
 
 
 
==== Columbus OWASP Chapter Leaders  ====
 
  
 
Please feel free to contact the chapter leaders at any time.  
 
Please feel free to contact the chapter leaders at any time.  
  
*[mailto:Aaron.Ansari(at)bmwfs.com Aaron Ansari]  
+
*[mailto:aaronansari@gmail.com Aaron Ansari]  
*[mailto:cmatthews(at)microsolved.com Constance Matthews]  
+
*[mailto:Connie.Matthews(at)securicon.com Connie Matthews]  
 
*[mailto:bill(at)pointweb.net Bill Sempf]
 
*[mailto:bill(at)pointweb.net Bill Sempf]
  
You can also reach the chapter leadership at [email protected].
 
 
==== Other Local InfoSec Resources  ====
 
 
*[http://infragard.columbus.oh.us/ Central Ohio InfraGard]
 
*[http://www.isaca-centralohio.org/ Central Ohio ISACA]
 
*[http://centralohioissa.org/ Central Ohio ISSA]
 
*[http://thesecuritymba.org/ Security MBA (Masters of Beer Appreciation)]
 
 
__NOTOC__ <headertabs />
 
  
 
[[Category:OWASP_Chapter]] [[Category:Ohio]]
 
[[Category:OWASP_Chapter]] [[Category:Ohio]]

Latest revision as of 04:53, 29 December 2017

Welcome to the home site of the Columbus OWASP Chapter. We welcome all technology professionals to our monthly discussions of application security.

Upcoming Meetings

Upcoming meetings are listed at our new Meetup.com site.

Chapter information

Columbus OWASP meets monthly on the fourth Thursday of the month, with two different meeting formats. Some months are Sessions, where we have two speakers, and an open discussion of news of the day. Others are Code Jams, where we work on projects, bug bounty programs, or other geeky stuff. All of it is described on Meetup.com. There will be opportunities for Columbus OWASP members to meet other local security groups through event cross-participation and cooperation.

OWASP Membership

There have been a lot of questions about membership. Membership supports the many projects that OWASP in involved in, including ESAPI. Learn more about membership here. Remember to tell them you are interested in membership in the Columbus chapter.

Stay in touch with Columbus OWASP

  • The first stop to connecting with the community is our Meetup message board, feel free to contribute and interact with the forum - it's not just for listening!
  • We're a group on LinkedIn as well, please join us.

Become a voting member

We encourage organization and individual supporters of our ethics & principals to become a voting MEMBER. Please review the Chapter Rules and the OWASP overview, and contact the chapter leaders for more information.

The professional association of OWASP Foundation Inc., is always free and open to anyone interested in learning more about application security.

We want your participation!

To submit educational topics for upcoming meetings, submit your ideas and slide deck (if available) using the OWASP Template and include a speaker BIO. It doesn't have to be formal, we're happy to provide some assistance in organizing your thoughts. You only need an interest and knowledge of your independent research or related software security topic.

Sponsorship, too!

There are myriad opportunities to sponsor the chapter, including meeting space, food, marketing, and monetary donations. We're always looking for assistance. Inquiries regarding chapter or per-meeting sponsorship opportunities can be directed to the chapter leaders. As a 501(3)c non-profit professional association your support and sponsorship of a meeting venue and/or refreshments is tax-deductible and all financial contributions can be made online right now.

Previous Meetings

The previous meetings, including materials and photos, can be accessed on our Meetup page

Columbus OWASP Chapter Leaders

Please feel free to contact the chapter leaders at any time.

Retrieved from "https://wiki.owasp.org/index.php?title=Columbus&oldid=236453"