OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Special Event! Front Range OWASP Conference, 10 June 2008!
The Denver OWASP Chapter, in conjunction with the Boulder OWASP Chapter, is proud to present the FROC this June. We have an assortment of top notch speakers but have managed to keep this a *free conference*! Please register now at the FROC website
The next meeting of the DENVER OWASP chapter will be held Wednesday 21 May 2008 at Raytheon Polar Services, 7400 S. Tucson Way, Centennial, CO 80112. [gMaps Link]
Topic: Cross Site Scripting, Exploits and Defenses
6-6:30 Dinner (at RPSC; provided by Fishnet Security.
6:30 - 6:40 Chapter business
6:40 - 8:00 Presentation and Q&A
Following the meeting we will have informal discussions over beverages at a local pub TBD.
Chapter leaders David Campbell and Eric Duprey will be presenting on the up and coming threat of cross site scripting (XSS) vulnerabilities.
For a long time, the impact of XSS vulnerabilities has been grossly underestimated. During this presentation, we will demonstrate exactly how effective XSS vulns can be. We intend to make this presentation interactive, so bring a laptop and be prepared to join in the fun.
David Campbell is a ten plus year veteran of the infosec industry, with experience ranging from penetration testing for Fortune-100's to architecting security solutions for large multinational financials to security consulting for US government agencies. DC is presently head of security engineering for Raytheon Polar Services, and is also on the board of directors of Psiframe Inc., a San Francisco based security consultancy.
Eric Duprey is head of application security at Echostar, and is presently working on an open source vulnerability scanner which will debut at Blackhat this summer.
Questions can be directed to