This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Dublin
OWASP Ireland
Welcome to the Ireland chapter homepage.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
become a Member or Annual Chapter Sponsor(s).
FEB 2010
OWASP Ireland Event - What is the O2 Platform?
This is a informal gathering to meet others in information security and have a pint ;) all are welcome
When: 19/2/2010 3:00pm - 5:00pm
Where: Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland
Sponsors: <insert your logo here>
Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.
Presenter: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG .
APPSEC INFORMAL MEET-UP - 2/26/2010
This is a informal gathering to meet others in information security and collaborate ;) all are welcome
When: 2/26/2010 9:00am - 12:00pm
Where: IHOP in Parsippany at 792 US Highway 46 West, Parsippany
$15.00 Donation all-you-can-eat
Sponsors: <insert your logo here>
MAR 2010
APPSEC INFORMAL MEET-UP - 3/29/2010
This is a informal gathering to meet others in information security and have a pint ;) all are welcome
When: 2/29/2010 7:00pm - 10:00pm
Where: Mustang Harry's 352 7 Avenue, New York, NY 10001-5012
Cash Bar
Sponsors: <insert your logo here>
APPSEC INFORMAL MEET-UP - 3/30/2010
This is a informal gathering to meet others in information security and collaborate ;) all are welcome
When: 3/30/2010 9:00am - 12:00pm
Where: IHOP in Parsippany at 792 US Highway 46 West, Parsippany
$15.00 Donation all-you-can-eat
Sponsors: <insert your logo here>
APR 2010
APPSEC NYC FORMAL MEET-UP
Sponsors: 
, 
, <insert your logo here>
When: April 14th 6pm-9pm
Where: RSVP REQUIRED 
Time Allocated / Speaker / Agenda
TBD - Abstract TBD
Speaker: Marcin Wielgoszewski BIO
Ruby for Pentesters - Getting up to speed quickly on projects where you're down deep reversing protocols or applications can be challenging at best and catastrophic at worst. In this talk we highlight our use of Ruby to solve the problems we're faced with every day. We use Ruby because it's easy to leverage its flexibility and power for everything from reverse engineering network protocols to fuzzing to static and dynamic analysis, all the way to attacking exotic proprietary enterprise network applications. Having a great set of tools available to meet your needs might be the difference between a successful result for your customer and updating your resume with the details of your former employer.
If you're not familiar with Ruby, we'll lead off by illustrating why Ruby is so powerful, making a case for rapidly prototyping everything from reversing tools to hacked up network clients using our not-so-patented "bag-o-tricks" approach. Then we dive into our real-world experiences using Ruby to quickly get up and running on a wide range of tasks. Real discussion of real problem solving on topics like:
• Ripping apart static binaries and bending them to your will
• Getting up close and personal with proprietary file formats
• Becoming the puppet-master of both native and Java applications at runtime
• Exposing the most intimate parts of exotic network services like JRMI and Web services
• Trimming the time you spend decoding proprietary protocols and cutting directly to fuzzing them
As if all that wasn't enough, we'll show you how to make Ruby mash-ups of the stuff you already love. Make the tools you already rely on new again by getting them to work together, harder and smarter. When you're asked to get twice as much done in half the time, smile confidently knowing you have a secret weapon and the job will get done.
Speaker: David Goldsmith - BIO
Threat Modeling - How will attackers break your web application? How much security testing is enough? Do I have to worry about insiders? Threat modeling, applied with a risk management approach can answer both of these questions if done correctly. This talk will present advanced threat modeling step-wise through examples and exercises using the Java EE platform and focusing on authentication, authorization, and session management. Participants will learn, through interactive exercise on real software architectures, how to use diagramming techniques to explicitly document threats their applications face, identify how assets worth protecting manifest themselves within the system, and enumerate the attack vectors these threats take advantage of. Participants will then engage in secure design activities, learning how to use the threat model to specify compensating controls for specified attack vectors. Finally, we'll discuss how the model can drive security testing and validate an application resists specified attack.
Speaker: John Stevens - BIO
NEW JERSEY MEETING - TBD
Venue Sponsor: <your logo here>
Meeting Sponsor TBD
When: TBD
Where: RSVP REQUIRED
Time Allocated / Speaker / Agenda
TRAINING MAY 2010
HANDS-ON TRAINING
Location: TBD
Date: TBD
Fee: TBD (OWASP Members will get reduced rates)
Do you want to teach a class? Do you want to host the training at your facility? Get in touch with us!
CLASS #1 Introduction to Web Application Security
This workshop provides an overview of the fundamental principles of Web application security. It presents students with an understanding of how Web applications work, how vulnerabilities manifest in them, how to find and exploit those vulnerabilities, and solutions for protecting Web applications.
CLASS #2 Secure Coding for Java Developers
This two-day course is designed to show Web application developers the dangers of insecure coding practices, specific ways their code can be exploited, and how to write code to avoid introducing vulnerabilities
CLASS #3 .NET
The two-day course is designed to implement security as a culture amongst the developers and will also include two main components: a review of the secure coding guidelines for .Net as well as .Net specific features like anti-XSS library
CLASS #4 PHP
The two-day course is designed to help you be a better developer with PHP and have a security focus.
JUL 2010
NYC - KPMG
Venue Sponsor:
Meeting Sponsor(s)
When: TBD
Where: RSVP REQUIRED
Time Allocated / Speaker / Agenda
Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.
Presenter
Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG .
NEW JERSEY MEETING - TBD
Venue Sponsor: <your logo here>
Meeting Sponsor TBD
When: TBD
Where: RSVP REQUIRED
Time Allocated / Speaker / Agenda Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.
Presenter
Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG .
OCT 2010
NYC - KPMG
Venue Sponsor:
Meeting Sponsor(s)
When: TBD
Where: RSVP REQUIRED
Time Allocated / Speaker / Agenda
NEW JERSEY MEETING - TBD
Venue Sponsor: <your logo here>
Meeting Sponsor TBD
When: TBD
Where: RSVP REQUIRED
Time Allocated / Speaker / Agenda
Your Chapter Leaders
-
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below
- President [mailto: fcerullo(at)owasp.org Fabio Cerullo] +353877817468
- Vice President Eoin Keary TBD
- Secretary Rahim Jina TBD
Active Chapter Members
Please insert your name here... Industry Advisors:
Education Please insert industry advisors here... Law Enforcement Please insert list here...
2010 Chapter Plan
OWASP Ireland
759 Bloomfield Ave, Suite 172
West Caldwell, New Jersey 07006
973-795-1046 Tel | 973-795-1047 Fax
<paypal>Ireland</paypal>
CFP for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting.
*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes.
The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the Global Committee as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved
Special Project: Educational Outreach
Summary: Drive education awareness of OWASP with interns with industry. Templates to be created to be used by all industry to work with universities
Plan: <insert plan>
Next Milestone: Update the plan 12/31/09
Participants: Fabio Cerullo
Special Project: Industry Outreach
Summary: Raise awareness of OWASP among industry. Templates to be created to be used by all industry to work with universities
Plan: <insert plan>
Next Milestone: Update the plan 12/31/09
Participants: Eoin Keary
Special Project: Membership Drive
Summary: Increase local chapter members individuals and corporate supporters
Plan: <insert>
Next Milestone: Update the plan 12/31/09
Project Participants: Rahim Jina
Special Project: Hands-On Training
Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes
Next Milestone: Membership Survey and Q&A results at 1/21 event
Project Participants: Fabio Cerullo
Special Project:
Summary:
Next Milestone:
Project Participants:
Special Project:
Summary:
Next Milestone:
Project Participants:
Special Project:
Summary:
Next Milestone:
Project Participants:
