This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "France"

From OWASP
Jump to: navigation, search
Line 4: Line 4:
 
'''The French Chapter is also available on LinkedIn''': [http://www.linkedin.com/groupInvitation?gid=1638517  '''Join us''', it only takes a minute!]
 
'''The French Chapter is also available on LinkedIn''': [http://www.linkedin.com/groupInvitation?gid=1638517  '''Join us''', it only takes a minute!]
  
 +
== Contacts et Propositions de Présentations/Contributions ==
 +
 +
*[mailto:[email protected] Sébastien Gioria] et [mailto:[email protected] Ludovic Petit] sont à votre disposition si vous souhaitez des informations sur l'OWASP, ainsi que pour des sessions de sensibilisation/formation sur la sécurité des Applications Web.
 +
 +
N'hésitez pas à nous solliciter si vous souhaitez discuter d'un sujet particulier en foncton de vos besoins, ou si vous souhaitez effectuer une présentation lors d'un meeting du Chapitre France.
 +
 +
Amis de la presse écrite et/ou multimedia, n'hésitez pas à faire appel à nous si vous souhaitez notre concours, vous êtes les bienvenus, '''Ensembles, Chacun fait plus'''!
 +
 +
'''TEAM stands for... Together Each Achieves More!'''
 +
 +
 +
= News =
 +
 +
== [[http://www.microsoft.com/france/mstechdays/ Techdays Microsoft 2012 - Palais des congrès de Paris] ==
 +
 +
Sébastien présentera un talk sur [http://www.microsoft.com/france/mstechdays/programmes/parcours.aspx?SessionID=62e02774-6045-4be8-80ff-8332a793ad4f HTML5] et les points d'attention Sécurité le 7 Février 2012 à 17h30.
 +
Plus d'informations sur la page dédiée aux TechDays Microsoft 2012.
 +
 +
 +
== [[OWASP BeNeLux 2011 Conference - University of Luxembourg]] ==
 +
 +
Ludovic had a talk about "[https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#tab=Conference.2C_December_2nd WebApp Security and Legal aspects]"  on Dec 2.
 +
 +
*'''Overview'''
 +
**This presentation aims to be used by anybody willing to spread the voice of OWASP. See this as an Awareness session.
 +
**Use it and use it again.
 +
**Try to open your mind, just met me know if I can help.
 +
 +
*'''Abstract Title: "[https://www.owasp.org/images/5/55/Do_you..._Legal_-_OWASP_BeNeLux_Day_-_2_Dec_2011.pptx Do you... Legal?]"'''
 +
**The OWASP core mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. However, if you do not pay enough attention to many aspects of Legal compliance, you'll see why Web Application Security is somehow linked to Legal and Regulatory aspects as well as... Corporate Responsability, so yours. Who is accountable for what, what about each other's responsibility? Nowadays, the legal constraints oblige us to comply via technical means, whatever the local framework, and this is specially true for Web Application Security, many sensitive informations having to be handled through these web interfaces. A such, what do you think about your Security Policy compliance with your local Legal framework? Compliant? Sure? Really? Interesting isn't it? Let's have a talk about this.
 +
 +
 +
 +
=== [[EUROPE - ENISA’s Who-is-Who Directory on Network and Information Security]] ===
  
== Next Meetings ==
+
We are pleased to announce that OWASP France is part of the [http://www.enisa.europa.eu/publications/studies/who-is-who-directory-2011 ENISA’s Who-is-Who Directory].
  
=== Q1 2012 ===
+
The ENISA is the European Network and Information Security Agency.
 +
[http://www.enisa.europa.eu/publications/studies/who-is-who-directory-2011/at_download/fullReport The ENISA Who-is-Who Directory on Network and Information Security 2011] contains information on NIS stakeholders, such as national and European authorities and NIS organisations, contact details, websites, and areas of responsibilities or activities.
 +
This Directory serves as the "yellow pages" of Network and Information Security (NIS) in Europe. As such, it is a useful tool for those working closely with NIS issues in Europe.
 +
 
 +
 
 +
* 2009-06-09 : [http://www.owasp.org/images/d/d2/20090609-CERT-IST-WAF-v0.1.pdf Intervention sur les WAF] lors du Forum [http://www.cert-ist.com CERT-IST]
 +
* 2009-02-03 : L'OWASP France sera présent à [http://www.pci-portal.com/events/event-info/paris PCI Paris]. La présentation est : [https://www.owasp.org/images/f/fb/20090203-OWASP_PCI-Global_2009_Paris_-_v03.ppt l'OWASP et l'exigence 6.5 de PCI-DSS]
 +
* 2008-11-19 : L'OWASP France sera présent sur  [http://www.infosecurity.com.fr/FR/badge?ref=OWAW Infosecurity France] à Paris :
 +
[http://www.infosecurity.com.fr/index.php?argRedirect=FR|badge&Lang=FR&ref=OWAW https://www.owasp.org/images/8/88/Infosecurity.gif]
 +
 
 +
* 2008-07-08 : L'OWASP France a présenté le projet OWASP à l'[http://www.ossir.org OSSIR]. La présentation est disponible sur le site de [https://www.owasp.org/images/9/94/20080708-OWASP_OSSIR.ppt l'OWASP]
 +
* 2008-02-15 : Le Top10 2007 est en version Francaise
 +
* 2008-02-11 : Présentation aux [http://www.owasp.org/images/0/09/20080129-OWASP_TechDays_France_.ppt  TechDays 2008 Microsoft ]
 +
* 2007-11-22 : Présentation a Infosecurity France [http://www.owasp.org/images/8/85/20071122-OWASP_Infosecurity_France.ppt de l'OWASP]
 +
* 2007-11-07 : Interview dans le  [http://www.journaldunet.com/developpeur/itws/071106-securite-applicative-owasp.shtml Journal du Net]
 +
* 2007-10-05 : L'OWASP France présentera les enjeux de la sécurité des [http://www.infosecurity.com.fr/?Jpto=116&KM_Session=f345bb91df954e6cbc0148328f109e94&CurrentNode=518&Lang=FR&IdNode=708 Services WEB à Infosecurity France le 22/11/2007]
 +
* 2006-12-18 : Mise en place de l'association pour supporter le groupe OWASP
 +
* 2006-12-14 : Le Hub OWASP Viaduc a vu le jour http://www.viadeo.com/hub/affichehub/?hubId=002fj37grgb7o7n
 +
* 2006-12-13 : Naissance du chapitre Francais de l'OWASP. Une liste de diffusion est disponible.[http://lists.owasp.org/mailman/listinfo/owasp-france Abonnez vous]
 +
 
 +
 
 +
= 2012 Meetings =
 +
 
 +
== Q1 2012 ==
 
* Date : 28th or 29th March 2012
 
* Date : 28th or 29th March 2012
 
* Time : To be defined
 
* Time : To be defined
Line 21: Line 78:
  
 
   
 
   
=== Q2 2012 ===  
+
== Q2 2012 ==
 
* Date : To be defined
 
* Date : To be defined
 
* Time : To be defined
 
* Time : To be defined
Line 34: Line 91:
 
*** Lang :  
 
*** Lang :  
  
=== Q3 2012 ===
+
== Q3 2012 ==
 
* Date : To be defined
 
* Date : To be defined
 
* Time : To be defined
 
* Time : To be defined
Line 47: Line 104:
 
*** Lang :  
 
*** Lang :  
  
=== Q4 2012 ===
+
== Q4 2012 ==
 
* Date : To be defined
 
* Date : To be defined
 
* Time : To be defined
 
* Time : To be defined
Line 60: Line 117:
 
*** Lang :  
 
*** Lang :  
  
== News ==
+
= 2011 Meetings =
 
 
=== [[OWASP BeNeLux 2011 Conference - University of Luxembourg]] ===
 
 
 
Ludovic had a talk about "[https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#tab=Conference.2C_December_2nd WebApp Security and Legal aspects]"  on Dec 2.
 
 
 
*'''Overview'''
 
**This presentation aims to be used by anybody willing to spread the voice of OWASP. See this as an Awareness session.
 
**Use it and use it again.
 
**Try to open your mind, just met me know if I can help.
 
 
 
*'''Abstract Title: "[https://www.owasp.org/images/5/55/Do_you..._Legal_-_OWASP_BeNeLux_Day_-_2_Dec_2011.pptx Do you... Legal?]"'''
 
**The OWASP core mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. However, if you do not pay enough attention to many aspects of Legal compliance, you'll see why Web Application Security is somehow linked to Legal and Regulatory aspects as well as... Corporate Responsability, so yours. Who is accountable for what, what about each other's responsibility? Nowadays, the legal constraints oblige us to comply via technical means, whatever the local framework, and this is specially true for Web Application Security, many sensitive informations having to be handled through these web interfaces. A such, what do you think about your Security Policy compliance with your local Legal framework? Compliant? Sure? Really? Interesting isn't it? Let's have a talk about this.
 
  
 
=== [[May 2011 - Paris Meeting]] ===
 
=== [[May 2011 - Paris Meeting]] ===
Line 101: Line 146:
 
**[http://www.regonline.com/Register/Checkin.aspx?EventID=971375 Click here]
 
**[http://www.regonline.com/Register/Checkin.aspx?EventID=971375 Click here]
  
=== [[EUROPE - ENISA’s Who-is-Who Directory on Network and Information Security]] ===
 
  
We are pleased to announce that OWASP France is part of the [http://www.enisa.europa.eu/publications/studies/who-is-who-directory-2011 ENISA’s Who-is-Who Directory].
+
== 26 Avril 2011 ==
 
 
The ENISA is the European Network and Information Security Agency.
 
[http://www.enisa.europa.eu/publications/studies/who-is-who-directory-2011/at_download/fullReport The ENISA Who-is-Who Directory on Network and Information Security 2011] contains information on NIS stakeholders, such as national and European authorities and NIS organisations, contact details, websites, and areas of responsibilities or activities.
 
This Directory serves as the "yellow pages" of Network and Information Security (NIS) in Europe. As such, it is a useful tool for those working closely with NIS issues in Europe.
 
 
 
 
 
== Top Ten 2010 Translation ==
 
 
 
The '''OWASP TOP Ten 2010 in French''' is [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf available]
 
 
 
== Meetings ==
 
  
 
'''Le 26 Avril 2011 dans les locaux de [http://www.groupey.fr/nos-cabinets-paris.html GROUPE Y] :'''
 
'''Le 26 Avril 2011 dans les locaux de [http://www.groupey.fr/nos-cabinets-paris.html GROUPE Y] :'''
Line 126: Line 159:
 
* 16:30: [https://www.owasp.org/images/9/96/OWASP-Paris2011-VV-CodeReview.pdf OWASP Code Review] - '''Victor Vuillard'''
 
* 16:30: [https://www.owasp.org/images/9/96/OWASP-Paris2011-VV-CodeReview.pdf OWASP Code Review] - '''Victor Vuillard'''
  
 +
= 2009 Meetings =
  
 
'''Le 6 Mai 2009 à 17h30 à [http://www.epitech.eu L'EPITECH] :'''
 
'''Le 6 Mai 2009 à 17h30 à [http://www.epitech.eu L'EPITECH] :'''
Line 164: Line 198:
  
  
== Contacts et Propositions de Présentations/Contributions ==
 
  
*[mailto:[email protected] Sébastien Gioria] et [mailto:[email protected] Ludovic Petit] sont à votre disposition si vous souhaitez des informations sur l'OWASP, ainsi que pour des sessions de sensibilisation/formation sur la sécurité des Applications Web.
 
  
N'hésitez pas à nous solliciter si vous souhaitez discuter d'un sujet particulier en foncton de vos besoins, ou si vous souhaitez effectuer une présentation lors d'un meeting du Chapitre France.
+
= Translation effort =
 
 
Amis de la presse écrite et/ou multimedia, n'hésitez pas à faire appel à nous si vous souhaitez notre concours, vous êtes les bienvenus, '''Ensembles, Chacun fait plus'''!
 
 
 
'''TEAM stands for... Together Each Achieves More!'''
 
 
 
== Informations locales  ==
 
 
 
* 2009-06-09 : [http://www.owasp.org/images/d/d2/20090609-CERT-IST-WAF-v0.1.pdf Intervention sur les WAF] lors du Forum [http://www.cert-ist.com CERT-IST]
 
* 2009-02-03 : L'OWASP France sera présent à [http://www.pci-portal.com/events/event-info/paris PCI Paris]. La présentation est : [https://www.owasp.org/images/f/fb/20090203-OWASP_PCI-Global_2009_Paris_-_v03.ppt l'OWASP et l'exigence 6.5 de PCI-DSS]
 
* 2008-11-19 : L'OWASP France sera présent sur  [http://www.infosecurity.com.fr/FR/badge?ref=OWAW Infosecurity France] à Paris :
 
[http://www.infosecurity.com.fr/index.php?argRedirect=FR|badge&Lang=FR&ref=OWAW https://www.owasp.org/images/8/88/Infosecurity.gif]
 
 
 
* 2008-07-08 : L'OWASP France a présenté le projet OWASP à l'[http://www.ossir.org OSSIR]. La présentation est disponible sur le site de [https://www.owasp.org/images/9/94/20080708-OWASP_OSSIR.ppt l'OWASP]
 
* 2008-02-15 : Le Top10 2007 est en version Francaise
 
* 2008-02-11 : Présentation aux [http://www.owasp.org/images/0/09/20080129-OWASP_TechDays_France_.ppt  TechDays 2008 Microsoft ]
 
* 2007-11-22 : Présentation a Infosecurity France [http://www.owasp.org/images/8/85/20071122-OWASP_Infosecurity_France.ppt de l'OWASP]
 
* 2007-11-07 : Interview dans le  [http://www.journaldunet.com/developpeur/itws/071106-securite-applicative-owasp.shtml Journal du Net]
 
* 2007-10-05 : L'OWASP France présentera les enjeux de la sécurité des [http://www.infosecurity.com.fr/?Jpto=116&KM_Session=f345bb91df954e6cbc0148328f109e94&CurrentNode=518&Lang=FR&IdNode=708 Services WEB à Infosecurity France le 22/11/2007]
 
* 2006-12-18 : Mise en place de l'association pour supporter le groupe OWASP
 
* 2006-12-14 : Le Hub OWASP Viaduc a vu le jour http://www.viadeo.com/hub/affichehub/?hubId=002fj37grgb7o7n
 
* 2006-12-13 : Naissance du chapitre Francais de l'OWASP. Une liste de diffusion est disponible.[http://lists.owasp.org/mailman/listinfo/owasp-france Abonnez vous]
 
 
 
== Documents Francais ==
 
  
 +
* The '''OWASP TOP Ten 2010 in French''' is [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf available]
 
* 2010-08-30 : La version française du Top 10 2010 est disponible [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project]  
 
* 2010-08-30 : La version française du Top 10 2010 est disponible [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project]  
 
* 2008-02-15 : Le Top10 2007 est en version Française [https://www.owasp.org/index.php/Image:OWASP_Top_10_2007_-_French.pdf Format PDF], [https://www.owasp.org/index.php/Image:OWASP_Top_10_2007_-_French.doc Format Word]
 
* 2008-02-15 : Le Top10 2007 est en version Française [https://www.owasp.org/index.php/Image:OWASP_Top_10_2007_-_French.pdf Format PDF], [https://www.owasp.org/index.php/Image:OWASP_Top_10_2007_-_French.doc Format Word]
Line 199: Line 209:
 
* 2007-06-20 : Présentation de l'OWASP faite à NY en Juin 2007 [https://www.owasp.org/images/7/71/20070620-FR-OWASP_NY_Keynote.ppt]
 
* 2007-06-20 : Présentation de l'OWASP faite à NY en Juin 2007 [https://www.owasp.org/images/7/71/20070620-FR-OWASP_NY_Keynote.ppt]
 
[[Category:Europe]]
 
[[Category:Europe]]
 +
 +
 +
 +
  
 
<br> __NOTOC__ <headertabs />
 
<br> __NOTOC__ <headertabs />

Revision as of 09:42, 13 January 2012

OWASP France

Welcome to the France chapter homepage. The Chapter Leaders are Sebastien Gioria and Ludovic Petit


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG <paypal>France Chapter</paypal>

The French Chapter is also available on LinkedIn: Join us, it only takes a minute!

Contacts et Propositions de Présentations/Contributions

  • Sébastien Gioria et Ludovic Petit sont à votre disposition si vous souhaitez des informations sur l'OWASP, ainsi que pour des sessions de sensibilisation/formation sur la sécurité des Applications Web.

N'hésitez pas à nous solliciter si vous souhaitez discuter d'un sujet particulier en foncton de vos besoins, ou si vous souhaitez effectuer une présentation lors d'un meeting du Chapitre France.

Amis de la presse écrite et/ou multimedia, n'hésitez pas à faire appel à nous si vous souhaitez notre concours, vous êtes les bienvenus, Ensembles, Chacun fait plus!

TEAM stands for... Together Each Achieves More!


[Techdays Microsoft 2012 - Palais des congrès de Paris

Sébastien présentera un talk sur HTML5 et les points d'attention Sécurité le 7 Février 2012 à 17h30. Plus d'informations sur la page dédiée aux TechDays Microsoft 2012.


OWASP BeNeLux 2011 Conference - University of Luxembourg

Ludovic had a talk about "WebApp Security and Legal aspects" on Dec 2.

  • Overview
    • This presentation aims to be used by anybody willing to spread the voice of OWASP. See this as an Awareness session.
    • Use it and use it again.
    • Try to open your mind, just met me know if I can help.
  • Abstract Title: "Do you... Legal?"
    • The OWASP core mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. However, if you do not pay enough attention to many aspects of Legal compliance, you'll see why Web Application Security is somehow linked to Legal and Regulatory aspects as well as... Corporate Responsability, so yours. Who is accountable for what, what about each other's responsibility? Nowadays, the legal constraints oblige us to comply via technical means, whatever the local framework, and this is specially true for Web Application Security, many sensitive informations having to be handled through these web interfaces. A such, what do you think about your Security Policy compliance with your local Legal framework? Compliant? Sure? Really? Interesting isn't it? Let's have a talk about this.


EUROPE - ENISA’s Who-is-Who Directory on Network and Information Security

We are pleased to announce that OWASP France is part of the ENISA’s Who-is-Who Directory.

The ENISA is the European Network and Information Security Agency. The ENISA Who-is-Who Directory on Network and Information Security 2011 contains information on NIS stakeholders, such as national and European authorities and NIS organisations, contact details, websites, and areas of responsibilities or activities. This Directory serves as the "yellow pages" of Network and Information Security (NIS) in Europe. As such, it is a useful tool for those working closely with NIS issues in Europe.


Infosecurity.gif


Q1 2012

  • Date : 28th or 29th March 2012
  • Time : To be defined
  • Venue : Groupe Y Audit - 69 Rue de la Boëtie - 75008 Paris
  • Program :
    • Talk 1 : assigned
      • Lang : English
      • Speaker bio
    • Talk 2 :
      • Speaker bio
      • Lang :


Q2 2012

  • Date : To be defined
  • Time : To be defined
  • Venue : Groupe Y Audit - 69 Rue de la Boëtie - 75008 Paris
  • Program :
    • Talk 1 :
      • Lang :
      • Speaker bio
    • Talk 2 :
      • Speaker bio
      • Lang :

Q3 2012

  • Date : To be defined
  • Time : To be defined
  • Venue : Groupe Y Audit - 69 Rue de la Boëtie - 75008 Paris
  • Program :
    • Talk 1 :
      • Lang :
      • Speaker bio
    • Talk 2 :
      • Speaker bio
      • Lang :

Q4 2012

  • Date : To be defined
  • Time : To be defined
  • Venue : Groupe Y Audit - 69 Rue de la Boëtie - 75008 Paris
  • Program :
    • Talk 1 :
      • Lang :
      • Speaker bio
    • Talk 2 :
      • Speaker bio
      • Lang :

May 2011 - Paris Meeting

[Logo to be placed here]

We are honored to welcome Jim Manico during his European Tour in the Netherlands, Belgium and France.

  • Overview
    • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
    • This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
    • The course will be very practical where demonstration and hands-on exercises will be provided for the tools covered.
    • If you are interested in participating in the hands on portion of the course, please bring a laptop.
  • Abstract Title: "The Ghost of XSS Past, Present and Future. A Defensive Tale"
    • This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.
  • Speaker
    • Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience. Jim is also the Chair of the OWASP Connections Committee, one of the Project Managers of the OWASP ESAPI Project, a participant and manager of the OWASP Cheatsheet series, the Producer and host of the OWASP Podcast Series, the Manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project. When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey.
  • Date
    • May 24, 2011
  • Venue
    • Paris


26 Avril 2011

Le 26 Avril 2011 dans les locaux de GROUPE Y :

Le 6 Mai 2009 à 17h30 à L'EPITECH :

A propos des Speakers :


Renaud Bidou : Directeur Technique de DenyAll. Il travaille depuis plus de 10 ans dans la sécurité et a publié de nombreux articles et white-papers touchant à des sujets aussi variés que les dénis de service, les portknockers, les botnets, la mise en place d’un SOC, l’analyse graphique d’attaques ou encore les techniques de contournements.


Claudio Merloni : Claudio Merloni est Software Security Consultant chez Fortify Software. Ses expériences dans le domaine de la sécurité embrassent la sécurité applicative, revue de code, architectures sécurisées, analyse des risques, conformité, test de sécurité à niveau réseau, système et applicatif, monitoring, contrôle d'accès. Il a participé a plusieurs conférences, entre lesquelles BlackHat et CONFidence.


Le Lieu : EPITECH

Amphi 2

14-16 rue Voltaire

94276 Kremlin Bicêtre Cedex


Moyens d'accès Métro

  • ligne 7 : Porte d'Italie

Bus

  • ligne 47, 125, 131, 185 : Roger Salengro
  • ligne 186 : Pierre Brossolette

Voiture

  • périphérique : sortie Porte d'Italie