This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Dublin"
Line 1: | Line 1: | ||
− | {{Chapter Template|chaptername=Ireland|extra= | + | {{Chapter Template|chaptername=Ireland|extra= | mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-ireland}} become a [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Member or Annual Chapter Sponsor(s)]. |
+ | <br> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ==== FEB 2010==== | |
− | + | <h2>OWASP Ireland Event - What is the O2 Platform?</h2> | |
+ | This is a informal gathering to meet others in information security and have a pint ;) all are welcome <br> | ||
+ | <b>When:</b> 19/2/2010 3:00pm - 5:00pm <br> | ||
− | + | <b>Where:</b> Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland | |
− | + | <b>Cash Bar</b> | |
− | + | <b>Sponsors:</b> <insert your logo here> | |
+ | <br> | ||
− | + | <hr> | |
+ | |||
+ | <h2>APPSEC INFORMAL MEET-UP - 2/26/2010 </h2> | ||
+ | |||
+ | This is a informal gathering to meet others in information security and collaborate ;) all are welcome <br> | ||
+ | |||
+ | <b>When:</b> 2/26/2010 9:00am - 12:00pm <br> | ||
+ | |||
+ | <b>Where:</b> IHOP in Parsippany at 792 US Highway 46 West, Parsippany | ||
+ | <br> | ||
+ | <b>$15.00 Donation all-you-can-eat</b> | ||
+ | |||
+ | <b>Sponsors:</b> <insert your logo here> | ||
+ | <br> | ||
+ | |||
+ | ==== MAR 2010 ==== | ||
+ | |||
+ | <h2>APPSEC INFORMAL MEET-UP - 3/29/2010</h2> | ||
+ | |||
+ | This is a informal gathering to meet others in information security and have a pint ;) all are welcome <br> | ||
+ | |||
+ | <b>When:</b> 2/29/2010 7:00pm - 10:00pm <br> | ||
+ | |||
+ | <b>Where:</b> [http://www.mustangharrys.com/ Mustang Harry's] 352 7 Avenue, New York, NY 10001-5012 | ||
+ | |||
+ | <b>Cash Bar</b> | ||
+ | |||
+ | <b>Sponsors:</b> <insert your logo here> | ||
+ | <br> | ||
+ | |||
+ | <hr> | ||
+ | |||
+ | <h2>APPSEC INFORMAL MEET-UP - 3/30/2010 </h2> | ||
+ | |||
+ | This is a informal gathering to meet others in information security and collaborate ;) all are welcome <br> | ||
+ | |||
+ | <b>When:</b> 3/30/2010 9:00am - 12:00pm <br> | ||
+ | |||
+ | <b>Where:</b> IHOP in Parsippany at 792 US Highway 46 West, Parsippany | ||
+ | <br> | ||
+ | <b>$15.00 Donation all-you-can-eat</b> | ||
+ | |||
+ | <b>Sponsors:</b> <insert your logo here> | ||
+ | <br> | ||
+ | |||
+ | |||
+ | ==== APR 2010 ==== | ||
+ | |||
+ | <h2>APPSEC NYC FORMAL MEET-UP</h2> | ||
+ | |||
+ | <b>Sponsors:</b> [http://www.kpmg.com http://www.owasp.org/images/d/de/Kpmglogo.jpg], [http://www.whitehatsec.com http://www.owasp.org/images/9/9d/Whitehat_security_logo.gif], <insert your logo here> | ||
+ | <br> | ||
+ | |||
+ | <b>When:</b> April 14th 6pm-9pm <br> | ||
+ | |||
+ | <b>Where:</b> <b>RSVP REQUIRED</b> [http://fs7.formsite.com/brennan http://www.owasp.org/images/7/7f/Register.gif]<br> | ||
+ | |||
+ | <u> Time Allocated / Speaker / Agenda </u> | ||
+ | |||
+ | <b>TBD</b> - Abstract TBD | ||
+ | |||
+ | Speaker: Marcin Wielgoszewski [http://www.owasp.org/index.php/User:Marcin BIO] | ||
+ | |||
+ | <br> | ||
+ | <b>Ruby for Pentesters</b> - Getting up to speed quickly on projects where you're down deep reversing protocols or applications can be challenging at best and catastrophic at worst. In this talk we highlight our use of Ruby to solve the problems we're faced with every day. We use Ruby because it's easy to leverage its flexibility and power for everything from reverse engineering network protocols to fuzzing to static and dynamic analysis, all the way to attacking exotic proprietary enterprise network applications. Having a great set of tools available to meet your needs might be the difference between a successful result for your customer and updating your resume with the details of your former employer. | ||
+ | |||
+ | If you're not familiar with Ruby, we'll lead off by illustrating why Ruby is so powerful, making a case for rapidly prototyping everything from reversing tools to hacked up network clients using our not-so-patented "bag-o-tricks" approach. Then we dive into our real-world experiences using Ruby to quickly get up and running on a wide range of tasks. Real discussion of real problem solving on topics like: | ||
+ | |||
+ | • Ripping apart static binaries and bending them to your will | ||
+ | • Getting up close and personal with proprietary file formats | ||
+ | • Becoming the puppet-master of both native and Java applications at runtime | ||
+ | • Exposing the most intimate parts of exotic network services like JRMI and Web services | ||
+ | • Trimming the time you spend decoding proprietary protocols and cutting directly to fuzzing them | ||
+ | |||
+ | As if all that wasn't enough, we'll show you how to make Ruby mash-ups of the stuff you already love. Make the tools you already rely on new again by getting them to work together, harder and smarter. When you're asked to get twice as much done in half the time, smile confidently knowing you have a secret weapon and the job will get done. | ||
+ | |||
+ | Speaker: David Goldsmith - [http://www.matasano.com/team BIO] | ||
+ | |||
+ | <b>Threat Modeling</b> - How will attackers break your web application? How much security testing is enough? Do I have to worry about insiders? Threat modeling, applied with a risk management approach can answer both of these questions if done correctly. This talk will present advanced threat modeling step-wise through examples and exercises using the Java EE platform and focusing on authentication, authorization, and session management. Participants will learn, through interactive exercise on real software architectures, how to use diagramming techniques to explicitly document threats their applications face, identify how assets worth protecting manifest themselves within the system, and enumerate the attack vectors these threats take advantage of. Participants will then engage in secure design activities, learning how to use the threat model to specify compensating controls for specified attack vectors. Finally, we'll discuss how the model can drive security testing and validate an application resists specified attack. | ||
+ | |||
+ | Speaker: John Stevens - [http://www.owasp.org/index.php/Threat_Modeling_by_John_Steven BIO] | ||
+ | |||
+ | |||
+ | <hr> | ||
+ | |||
+ | <h2>NEW JERSEY MEETING - TBD</h2> | ||
+ | |||
+ | <b>Venue Sponsor:</b> <your logo here> <br> | ||
+ | <b>Meeting Sponsor</b> TBD <br> | ||
+ | |||
+ | <b>When:</b> TBD <br> | ||
+ | |||
+ | <b>Where:</b> <b>RSVP REQUIRED</b> [http://fs7.formsite.com/brennan http://www.owasp.org/images/7/7f/Register.gif]<br> | ||
+ | |||
+ | <u> Time Allocated / Speaker / Agenda </u> | ||
+ | |||
+ | ==== TRAINING MAY 2010 ==== | ||
+ | |||
+ | HANDS-ON TRAINING<br> | ||
+ | Location: TBD<br> | ||
+ | Date: TBD<br> | ||
+ | Fee: TBD (OWASP Members will get reduced rates)<br><br> | ||
+ | <br> | ||
+ | Do you want to teach a class? Do you want to host the training at your facility? Get in touch with us! | ||
− | Venue: | + | |
+ | <b>CLASS #1</b> <u>Introduction to Web Application Security</u><br> | ||
+ | |||
+ | This workshop provides an overview of the fundamental principles of Web application security. It presents students with an understanding of how Web applications work, how vulnerabilities manifest in them, how to find and exploit those vulnerabilities, and solutions for protecting Web applications. | ||
+ | <br><br> | ||
+ | |||
+ | <b>CLASS #2</b> <u>Secure Coding for Java Developers </u><br> | ||
+ | |||
+ | This two-day course is designed to show Web application developers the dangers of insecure coding practices, specific ways their code can be exploited, and how to write code to avoid introducing vulnerabilities | ||
+ | <br><br> | ||
+ | |||
+ | <b>CLASS #3</b> <u>.NET </u><br> | ||
+ | |||
+ | The two-day course is designed to implement security as a culture amongst the developers and will also include two main components: a review of the secure coding guidelines for .Net as well as .Net specific features like anti-XSS library | ||
+ | <br><br> | ||
+ | |||
+ | <b>CLASS #4</b> <u>PHP</u><br> | ||
+ | |||
+ | The two-day course is designed to help you be a better developer with PHP and have a security focus. | ||
+ | |||
+ | |||
+ | |||
+ | ==== JUL 2010 ==== | ||
+ | |||
+ | <h2>NYC - KPMG</h2> | ||
+ | |||
+ | <b>Venue Sponsor:</b> [http://www.kpmg.com http://www.owasp.org/images/d/de/Kpmglogo.jpg] <br> | ||
+ | <b>Meeting Sponsor(s)</b> [http://www.whitehatsec.com http://www.owasp.org/images/9/9d/Whitehat_security_logo.gif] | ||
+ | <br> | ||
+ | |||
+ | <b>When:</b> TBD <br> | ||
+ | |||
+ | <b>Where:</b> <b>RSVP REQUIRED</b> [http://fs7.formsite.com/brennan http://www.owasp.org/images/7/7f/Register.gif]<br> | ||
+ | |||
+ | <u> Time Allocated / Speaker / Agenda </u> | ||
+ | |||
+ | Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows | ||
+ | |||
+ | Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC. | ||
+ | |||
+ | ==Presenter== | ||
+ | |||
+ | Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. | ||
+ | Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. | ||
+ | Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG . | ||
+ | |||
+ | |||
+ | <hr> | ||
+ | |||
+ | <h2>NEW JERSEY MEETING - TBD</h2> | ||
+ | |||
+ | <b>Venue Sponsor:</b> <your logo here> <br> | ||
+ | <b>Meeting Sponsor</b> TBD <br> | ||
+ | |||
+ | <b>When:</b> TBD <br> | ||
+ | |||
+ | <b>Where:</b> <b>RSVP REQUIRED</b> [http://fs7.formsite.com/brennan http://www.owasp.org/images/7/7f/Register.gif]<br> | ||
+ | |||
+ | <u> Time Allocated / Speaker / Agenda </u> | ||
+ | Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows | ||
+ | |||
+ | Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC. | ||
+ | |||
+ | ==Presenter== | ||
+ | |||
+ | Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. | ||
+ | Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. | ||
+ | Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG . | ||
+ | |||
+ | |||
+ | ==== OCT 2010 ==== | ||
+ | |||
+ | <h2>NYC - KPMG</h2> | ||
+ | |||
+ | <b>Venue Sponsor:</b> [http://www.kpmg.com http://www.owasp.org/images/d/de/Kpmglogo.jpg] <br> | ||
+ | <b>Meeting Sponsor(s)</b> [http://www.whitehatsec.com http://www.owasp.org/images/9/9d/Whitehat_security_logo.gif] | ||
+ | <br> | ||
+ | |||
+ | <b>When:</b> TBD <br> | ||
+ | |||
+ | <b>Where:</b> <b>RSVP REQUIRED</b> [http://fs7.formsite.com/brennan http://www.owasp.org/images/7/7f/Register.gif]<br> | ||
+ | |||
+ | <u> Time Allocated / Speaker / Agenda </u> | ||
+ | |||
+ | <hr> | ||
+ | |||
+ | <h2>NEW JERSEY MEETING - TBD</h2> | ||
+ | |||
+ | <b>Venue Sponsor:</b> <your logo here> <br> | ||
+ | <b>Meeting Sponsor</b> TBD <br> | ||
+ | |||
+ | <b>When:</b> TBD <br> | ||
+ | |||
+ | <b>Where:</b> <b>RSVP REQUIRED</b> [http://fs7.formsite.com/brennan http://www.owasp.org/images/7/7f/Register.gif]<br> | ||
+ | |||
+ | <u> Time Allocated / Speaker / Agenda </u> | ||
+ | |||
+ | ==== Your Chapter Leaders ==== | ||
+ | <ul> | ||
+ | Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below | ||
+ | <br> | ||
+ | <br> | ||
+ | *<b>President</b> [http://www.linkedin.com/in/tombrennan Tom Brennan] 973-506-9303 | ||
+ | *<b>Vice President</b> [mailto:santon(at)owasp.org Steve Antoniewicz] 212-279-6565 | ||
+ | *<b>Secretary</b> [mailto:doug.shin(at)owasp.org Douglas Shin] 917-267-2399 | ||
+ | <br> | ||
+ | <br> | ||
+ | <b>[http://www.owasp.org/index.php/NYNJMetro#tab=Local_Chapter_Plan Active Chapter Members] </b><br> | ||
− | + | [mailto:peter.dean(at)owasp.org Peter Dean] 201-960-8265<br> | |
+ | [mailto:blake(at)owasp.org Blake Cornell] 212-202-6704 <br> | ||
+ | Arkadiy Goykhberg<br> | ||
+ | William Gebhardt<br> | ||
+ | [mailto:mdontamsetti(@)gmail.com Mahi Dontamsetti] 908-675-2375<br> | ||
+ | [mailto:kuai.hinojosa(at)gmail.com Kuai Hinojosa]<br> | ||
+ | [[User:Dguido|Dan Guido]] <br> | ||
+ | [mailto:marcin(at)owasp.org Marcin Wielgoszewski]<br> | ||
+ | [mailto:peter.perfetti(at)owasp.org Pete Perfetti] 973-576-0530<br> | ||
+ | [mailto:BrianPei(at)yahoo.com Brian Peister] 201-240-9819<br> | ||
+ | [mailto:tom.ryan(at)providesecurity.com Tom Ryan] 732-207-7916 <br> | ||
+ | |||
− | + | <b>Industry Advisors:</b><br> | |
− | + | <u>Education</u> | |
− | + | *<b>Polytechnic University:</b> [mailto:memon(at)poly.edu Nasir Memon] 732-241-6128 | |
− | + | *<b>New Jersey Institute of Technology:</b> [mailto:oe2(at)njit.edu Osama Eljabiri] 973-981-1049 | |
− | + | *<b>Pace University:</b> [mailto:clin(at)pace.edu Chienting Lin, Ph.D] 646-344-2639 | |
− | + | ||
− | + | <u>Law Enforcement</u> | |
− | + | *<b>FBI Cybercrimes</b> [http://www.fbi.gov/contact/fo/focities.htm#n SA Chris Stangl] 917-662-9849 | |
− | + | </ul> | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ==== 2010 Chapter Plan ==== | |
− | + | <br> | |
+ | OWASP NY/NJ Metro <br> | ||
+ | 759 Bloomfield Ave, Suite 172 <br> | ||
+ | West Caldwell, New Jersey 07006 <br> | ||
+ | 973-795-1046 Tel | 973-795-1047 Fax | ||
+ | <paypal>NYNJMetro</paypal> | ||
+ | <br> | ||
+ | |||
+ | CFP for 2010 is now open - please contact tomb(@)owasp.org / 973-506-9303 if you would like to speak or can host a meeting. <br><br> *Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. | ||
+ | The OWASP Foundation, NY/NJ Metro chapter focuses on implementation of efforts defined by the [http://www.owasp.org/index.php/Global_Committee_Pages Global Committee] as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved | ||
+ | <hr> | ||
+ | <br> | ||
+ | |||
+ | <center>[http://www.owasp.org/images/1/13/01_18_10_OWASP_Newsletter.pdf Q1 2010 OWASP Newsletter]</center> | ||
+ | |||
+ | Special Project: Educational Outreach<br> | ||
+ | Summary: Drive education awareness of OWASP with interns with industry. Templates to be created to be used by all industry to work with universities <br> | ||
+ | Plan: <insert plan> <br> | ||
+ | Next Milestone: Update the plan 12/31/09 <br> | ||
+ | Participants: Arkadiy Goykhberg, Mahi Dontamsetti, William Gebhardt, Kuai Hinjosa<br><br> | ||
+ | |||
+ | Special Project: Membership Drive <br> | ||
+ | Summary: Increase local chapter members individuals and corporate supporters <br> | ||
+ | Plan: <insert> <br> | ||
+ | Next Milestone: Update the plan 12/31/09 <br> | ||
+ | Project Participants: Peter Dean<br><br> | ||
+ | |||
+ | Special Project: Hands-On Training<br> | ||
+ | Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes<br> | ||
+ | Next Milestone: Membership Survey and Q&A results at 1/21 event<br> | ||
+ | Project Participants: Tom Brennan<br><br> | ||
+ | |||
+ | Special Project:<br> | ||
+ | Summary:<br> | ||
+ | Next Milestone:<br> | ||
+ | Project Participants:<br><br> | ||
+ | |||
+ | Special Project:<br> | ||
+ | Summary:<br> | ||
+ | Next Milestone:<br> | ||
+ | Project Participants:<br><br> | ||
− | + | Special Project:<br> | |
+ | Summary:<br> | ||
+ | Next Milestone:<br> | ||
+ | Project Participants:<br><br> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
__NOTOC__ | __NOTOC__ | ||
<headertabs/> | <headertabs/> | ||
− | [[Category: | + | |
+ | [[Category:New York]] | ||
+ | [[Category:New Jersey]] |
Revision as of 11:20, 25 January 2010
OWASP Ireland
Welcome to the Ireland chapter homepage.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
become a Member or Annual Chapter Sponsor(s).
FEB 2010
OWASP Ireland Event - What is the O2 Platform?
This is a informal gathering to meet others in information security and have a pint ;) all are welcome
When: 19/2/2010 3:00pm - 5:00pm
Where: Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland
Cash Bar
Sponsors: <insert your logo here>
APPSEC INFORMAL MEET-UP - 2/26/2010
This is a informal gathering to meet others in information security and collaborate ;) all are welcome
When: 2/26/2010 9:00am - 12:00pm
Where: IHOP in Parsippany at 792 US Highway 46 West, Parsippany
$15.00 Donation all-you-can-eat
Sponsors: <insert your logo here>
MAR 2010
APPSEC INFORMAL MEET-UP - 3/29/2010
This is a informal gathering to meet others in information security and have a pint ;) all are welcome
When: 2/29/2010 7:00pm - 10:00pm
Where: Mustang Harry's 352 7 Avenue, New York, NY 10001-5012
Cash Bar
Sponsors: <insert your logo here>
APPSEC INFORMAL MEET-UP - 3/30/2010
This is a informal gathering to meet others in information security and collaborate ;) all are welcome
When: 3/30/2010 9:00am - 12:00pm
Where: IHOP in Parsippany at 792 US Highway 46 West, Parsippany
$15.00 Donation all-you-can-eat
Sponsors: <insert your logo here>
APR 2010
APPSEC NYC FORMAL MEET-UP
Sponsors: , , <insert your logo here>
When: April 14th 6pm-9pm
Time Allocated / Speaker / Agenda
TBD - Abstract TBD
Speaker: Marcin Wielgoszewski BIO
Ruby for Pentesters - Getting up to speed quickly on projects where you're down deep reversing protocols or applications can be challenging at best and catastrophic at worst. In this talk we highlight our use of Ruby to solve the problems we're faced with every day. We use Ruby because it's easy to leverage its flexibility and power for everything from reverse engineering network protocols to fuzzing to static and dynamic analysis, all the way to attacking exotic proprietary enterprise network applications. Having a great set of tools available to meet your needs might be the difference between a successful result for your customer and updating your resume with the details of your former employer.
If you're not familiar with Ruby, we'll lead off by illustrating why Ruby is so powerful, making a case for rapidly prototyping everything from reversing tools to hacked up network clients using our not-so-patented "bag-o-tricks" approach. Then we dive into our real-world experiences using Ruby to quickly get up and running on a wide range of tasks. Real discussion of real problem solving on topics like:
• Ripping apart static binaries and bending them to your will • Getting up close and personal with proprietary file formats • Becoming the puppet-master of both native and Java applications at runtime • Exposing the most intimate parts of exotic network services like JRMI and Web services • Trimming the time you spend decoding proprietary protocols and cutting directly to fuzzing them
As if all that wasn't enough, we'll show you how to make Ruby mash-ups of the stuff you already love. Make the tools you already rely on new again by getting them to work together, harder and smarter. When you're asked to get twice as much done in half the time, smile confidently knowing you have a secret weapon and the job will get done.
Speaker: David Goldsmith - BIO
Threat Modeling - How will attackers break your web application? How much security testing is enough? Do I have to worry about insiders? Threat modeling, applied with a risk management approach can answer both of these questions if done correctly. This talk will present advanced threat modeling step-wise through examples and exercises using the Java EE platform and focusing on authentication, authorization, and session management. Participants will learn, through interactive exercise on real software architectures, how to use diagramming techniques to explicitly document threats their applications face, identify how assets worth protecting manifest themselves within the system, and enumerate the attack vectors these threats take advantage of. Participants will then engage in secure design activities, learning how to use the threat model to specify compensating controls for specified attack vectors. Finally, we'll discuss how the model can drive security testing and validate an application resists specified attack.
Speaker: John Stevens - BIO
NEW JERSEY MEETING - TBD
Venue Sponsor: <your logo here>
Meeting Sponsor TBD
When: TBD
Time Allocated / Speaker / Agenda
TRAINING MAY 2010
HANDS-ON TRAINING
Location: TBD
Date: TBD
Fee: TBD (OWASP Members will get reduced rates)
Do you want to teach a class? Do you want to host the training at your facility? Get in touch with us!
CLASS #1 Introduction to Web Application Security
This workshop provides an overview of the fundamental principles of Web application security. It presents students with an understanding of how Web applications work, how vulnerabilities manifest in them, how to find and exploit those vulnerabilities, and solutions for protecting Web applications.
CLASS #2 Secure Coding for Java Developers
This two-day course is designed to show Web application developers the dangers of insecure coding practices, specific ways their code can be exploited, and how to write code to avoid introducing vulnerabilities
CLASS #3 .NET
The two-day course is designed to implement security as a culture amongst the developers and will also include two main components: a review of the secure coding guidelines for .Net as well as .Net specific features like anti-XSS library
CLASS #4 PHP
The two-day course is designed to help you be a better developer with PHP and have a security focus.
JUL 2010
NYC - KPMG
Venue Sponsor:
Meeting Sponsor(s)
When: TBD
Time Allocated / Speaker / Agenda
Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.
Presenter
Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG .
NEW JERSEY MEETING - TBD
Venue Sponsor: <your logo here>
Meeting Sponsor TBD
When: TBD
Time Allocated / Speaker / Agenda Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.
Presenter
Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG .
OCT 2010
NYC - KPMG
Venue Sponsor:
Meeting Sponsor(s)
When: TBD
Time Allocated / Speaker / Agenda
NEW JERSEY MEETING - TBD
Venue Sponsor: <your logo here>
Meeting Sponsor TBD
When: TBD
Time Allocated / Speaker / Agenda
Your Chapter Leaders
-
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below
- President Tom Brennan 973-506-9303
- Vice President Steve Antoniewicz 212-279-6565
- Secretary Douglas Shin 917-267-2399
- Polytechnic University: Nasir Memon 732-241-6128
- New Jersey Institute of Technology: Osama Eljabiri 973-981-1049
- Pace University: Chienting Lin, Ph.D 646-344-2639
- FBI Cybercrimes SA Chris Stangl 917-662-9849
Active Chapter Members
Peter Dean 201-960-8265
Blake Cornell 212-202-6704
Arkadiy Goykhberg
William Gebhardt
Mahi Dontamsetti 908-675-2375
Kuai Hinojosa
Dan Guido
Marcin Wielgoszewski
Pete Perfetti 973-576-0530
Brian Peister 201-240-9819
Tom Ryan 732-207-7916
Industry Advisors:
Education
2010 Chapter Plan
OWASP NY/NJ Metro
759 Bloomfield Ave, Suite 172
West Caldwell, New Jersey 07006
973-795-1046 Tel | 973-795-1047 Fax
<paypal>NYNJMetro</paypal>
CFP for 2010 is now open - please contact tomb(@)owasp.org / 973-506-9303 if you would like to speak or can host a meeting.
*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes.
The OWASP Foundation, NY/NJ Metro chapter focuses on implementation of efforts defined by the Global Committee as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved
Special Project: Educational Outreach
Summary: Drive education awareness of OWASP with interns with industry. Templates to be created to be used by all industry to work with universities
Plan: <insert plan>
Next Milestone: Update the plan 12/31/09
Participants: Arkadiy Goykhberg, Mahi Dontamsetti, William Gebhardt, Kuai Hinjosa
Special Project: Membership Drive
Summary: Increase local chapter members individuals and corporate supporters
Plan: <insert>
Next Milestone: Update the plan 12/31/09
Project Participants: Peter Dean
Special Project: Hands-On Training
Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes
Next Milestone: Membership Survey and Q&A results at 1/21 event
Project Participants: Tom Brennan
Special Project:
Summary:
Next Milestone:
Project Participants:
Special Project:
Summary:
Next Milestone:
Project Participants:
Special Project:
Summary:
Next Milestone:
Project Participants: