This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Kansas City"

Jump to: navigation, search
Line 7: Line 7:
Here is the presentation planned for this meeting:
Here is the presentation planned for this meeting:
Speaker: '''Tom Stripling, CISSP on The Dangers of Third-Party Content'''
It is now commonplace for web applications to include content from other sites, partners, and advertisers.  If this content isn’t handled correctly, applications are left vulnerable to attack.  By examining a variety of attacks that can be executed through third-party content, we can better evaluate application risk and design countermeasures.
Session Learning Objectives
* Determine the threat posed by third-party content, given trends in Internet content and specific risks associated with each form of third-party content inclusion
* Demonstrate attacks against a live web application that exploit flawed security assumptions in the inclusion of third-party content
* Analyze the effectiveness of various application security countermeasures to combat the threat
* Enable developers and penetration testers to better identify and prevent the risks associated with the use of third-party content in web applications
Tom Stripling is a senior application security consultant with an extensive background in web application development, penetration testing, and risk assessment. In his role at Security PS, he helps clients uncover application vulnerabilities and secure the software development process. In his spare time, Tom is an avid researcher of application security attacks, vulnerabilities, and best practices.

Revision as of 15:00, 16 April 2008

OWASP Kansas City

Welcome to the Kansas City chapter homepage. If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader Bruce K. Marshall


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming Meetings

I am pleased to announce that the details for our next OWASP Kansas City chapter meeting have been finalized. We will get together on Wednesday, November 7th starting at 6:00 PM and finishing around 7:30 PM. Add the event to your calendar today so you don't miss this opportunity to learn about web application security and network with your peers.

Here is the presentation planned for this meeting:

  • We have time for another person to give a brief 15-45 minute presentation on web application security. This can be a technical demonstration, conference review, or open discussion about a web application security topic. Please let me know if you'd like to grab this spot.

Date: November 7, 2007 – 6:00 PM – 7:30 PM


Centriq Training

8700 State Line Road

Suite 200

Leawood, KS 66206

(913) 322-7000

Thanks to Centriq Training for volunteering to host another one of our chapter meeting.

Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.

Please note:

  • Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security
  • No registration is required, although RSVPs to the chapter leader are appreciated
  • Professionals with CISSPs, or other certifications, can earn CPE credits by attending

We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to bmarshall[at]securityps com. Or, get a discussion going by posting a message to our mailing list.

Past Meetings

Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries: