This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Minneapolis St Paul"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{{Chapter Template|chaptername=Minneapolis/St. Paul|extra=The chapter leader is Kuai Hinojosa |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-twincities|emailarchives=http://lists.owasp.org/pipermail/owasp-twincities}}
+
'''Bruce Schneier will be presenting on "The Econimics of Information Security" at OWASP's January meeting. Because we expect
  
== Local News ==
+
this to be a large meeting RSVPs are required. You will be sent a confirmation e-mail and a reminder e-mail for the event.'''
 +
 +
== Topic overview: ==
 +
 +
'''The Economics of Information Security - Ten Trends '''
 +
 +
Surveying  current trends in information security, it's clear that a myriad of forces are at work.Fundamentally, security is
  
'''Next meeting: Tuesday, October 16, 6:00pm at Metropolitan State University MNSCU, Minneapolis'''
+
all about economics: both attacker and defender are trying to maximize the return on their investments. Understanding
  
== Agenda October 16 ==
+
economics is critical to understanding IT security; it explains why security fails so often, and can offer new solutions for  
6:00pm - Food, Introduction and optional sign-in for CISSP credits. <br>
 
6:10pm - GSSP Certification initiative Gov/SANS (Joe Teff)<br>
 
6:20pm - Continuous Testing (Andre Gironda)<br>
 
7:05pm – Java Open Review OWASP project (Fredrick Lee)<br>
 
7:50pm - Book Giveaway: (Secure Programming with Static Analysis)<br>
 
7:55pm - Upcoming Events
 
  
 +
security success. For example, often the people who could protect a system are not the ones who suffer the costs of failure.
  
=== Continuous Testing: Andre Gironda ===
+
Changing those economic incentives will do more to improve security than technology.
Continuous testing presents methodologies and tools that developers,
 
quality engineers, and security professionals can all share and use
 
effectively to their own unique approach.  The tools presented are
 
cross-discipline, meaning they can be utilized by a developer as a
 
development tool, by a qa-tester as a quality assurance tool, and by a
 
vulnerability assessor as a security assurance tool. Whether you're
 
trying to build better code faster, demonstrate the power of automated
 
testing using a data-driven test framework, or find security-related
 
defects - Continuous testing has something for you.
 
=== Java Open Review: OWASP & Fortify ===
 
Fortify has sought to develop a set of metrics that combine lessons learned from our experience working on various enterprise code bases and our work on the Java Open Review project. The metrics are designed to incorporate diverse criteria, including the size of the application, and the types of vulnerabilities identified. The metrics provide a mechanism to rate software components for security concerns and enable enterprises to:
 
- Evaluate which open source projects offer an acceptable level of security
 
- Compare competing open source software solutions based on their security
 
- Measure internal development efforts against open source counterparts
 
  
== Speaker Bios : Andre Gironda ==
+
'''Event Sponsors'''
Andre Gironda is an independent security researcher involved mostly in
+
<table width="100%">
web application security projects. His recent contributions include
+
<tr>
the OWASP Top Ten 2007, OWASP Tools team, and speaking engagements at
+
<td>
local OWASP events on topics ranging from automated scanning tools to
+
[http://www.owasp.org/index.php/Main_Page http://blogs.owasp.org/dacort/wp-content/themes/default/images/ologo.gif]
problems with trusting the same-origin policyAndre has worked for a
+
</td>
number of companies in security-qa-developer or network testing roles,
+
<td>
including labs deep within Cisco Systems and many years in an
+
[http://go-integral.com http://go-integral.com/files/integral_logo.png]
operations role at a major online auction site.
+
</td>
== Speaker Bios: Fredrick Lee ==
+
<td>[http://www.strategicit.org http://ccdc.minnesota.edu/images/csits-logo.gif]
Fredrick Lee is a member of Fortify Software's Security Research Group, where he manages the Java Open Review Project. Scanning the code of over 100 applications so far, Fredrick is helping assess and improve the security of open source software. Fredrick also helps the Security Research Group develop the secure coding rules that are used to run Fortify's suite of products.
+
</td>
Prior to joining Fortify Software, Fredrick was a Senior Information Security Engineer at Bank of America, where he helped roll out a secure development framework, performed security assessments, and developed enterprise security solutions.
+
</tr>
 +
</table>
 +
 +
==OWASP Chapter meeting==
 +
'''DATE: January 14th 2008'''
 +
'''TIME:  6 p.m.'''
 +
LOCATION: MnSCU room L3100 in the Whitney Hall 3rd Floor Conference Center (building "L" on the map). Parking is available in
  
Fredrick graduated from the University of Oklahoma, with a BS in Computer Engineering.
+
the attached ramp on 14th and Hennepin.  
 +
Directions: http://www.metrostate.edu/bldgservices/location.html#mpls
  
== Location: ==
+
 +
RSVP:
 +
<b>https://www.go-integral.net/?q=OWASPJan_BruceSchneier</b>
  
Metropolitan State University, Minneapolis
+
== Agenda January 14 2008 ==
MEC Building, 2nd floor, Room M2800.
+
6:00pm - Introduction and optional sign-in for CISSP credits. <br>
 +
6:10pm - Welcome: Introduction to OWASP chapter and future goals (Kuai Hinojosa).<br>
 +
6:30pm - The Economics of Information Security (Bruce Schneier). <br>
 +
7:45pm - Center for Strategic IT & Security <br>
 +
7:55pm - Book Giveaway <br>
 +
8:00pm - Upcoming Events reminder and meeting wrap-up <br>
 +
 +
   
 +
I hope to see you at our first meeting of 2008. I have many plans for an exciting year for the Twin Cities OWASP group, and
  
Check the .pdf map to see which building is the MEC building.
+
can't wait to share them with you. Don't forget to RSVP for the event we expect this event to fill the auditorium and due to
I've waited for a meter (free after 6) but had the best success parking in the ramp, then crossing Hennepin (skyway) then crossing Spruce (street-level) the the MEC building.
 
  
== Directions: ==
+
fire codes will not be able to accept walkins for this meeting.
From West: Exit at Lyndale/Hennepin Avenue. Veer right following the Lyndale and Lyndale North signs. Once on Lyndale North, stay in one of the two right lanes until you reach the third stoplight (Hennepin Avenue). Turn right and follow Hennepin to the MCTC parking ramp on the left side of the street.
+
 +
Sincerely,
 +
 
  
From East: I.394 . Exit onto Dunwoody Blvd/Hennepin Avenue (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.
+
Kuai Hinojosa <br>
 
+
<b>OWASP Chapter Leader</b>
From East: I.94 . Exit onto Hennepin /Lyndale Avenue. At the first stoplight (Dunwoody Blvd.), turn left (Dunwoody Blvd. changes into Hennepin Avenue). Follow Hennepin to the MCTC parking ramp on the left side of the street.
 
 
 
Map here:
 
http://www.metrostate.edu/bldgservices/location.html#mpls
 
 
 
== Book Giveaway: ==
 
 
 
Thanks to Fortify for supplying a copy of the new book: <br>
 
'''Securing Software through Static Analysis'''<br>
 
by Brian Chess and Jacob West. <BR>
 
Thanks to Ray Kaplan for yet another book:<br>
 
'''SOA in Practice - The art of distributed system design'''
 
<br>by Nicolai Josuttis O'Reilly - 2007
 
<br>There will be a drawing for any books. You must be present but you do not need to provide your contact information to win.
 
 
 
== Upcoming Events: ==
 
OWASP Nov 12-15 at eBay in San Jose
 
http://www.owasp.org/index.php/OWASP_%26_WASC_AppSec_2007_Conference<br>
 
Add your event here, Wiki registration is required.<br>
 
Approval of a new Chapter Leader, the passing of the password.
 
 
 
== Food: ==
 
 
 
The food is provided by Integral Business Solutions. Bring an appetite.
 
 
 
[[Category:OWASP Chapter]]
 

Revision as of 05:57, 20 December 2007

Bruce Schneier will be presenting on "The Econimics of Information Security" at OWASP's January meeting. Because we expect

this to be a large meeting RSVPs are required. You will be sent a confirmation e-mail and a reminder e-mail for the event.

Topic overview:

The Economics of Information Security - Ten Trends

Surveying current trends in information security, it's clear that a myriad of forces are at work.Fundamentally, security is

all about economics: both attacker and defender are trying to maximize the return on their investments. Understanding

economics is critical to understanding IT security; it explains why security fails so often, and can offer new solutions for

security success. For example, often the people who could protect a system are not the ones who suffer the costs of failure.

Changing those economic incentives will do more to improve security than technology.

Event Sponsors

ologo.gif

integral_logo.png

csits-logo.gif

OWASP Chapter meeting

DATE: January 14th 2008 TIME: 6 p.m. LOCATION: MnSCU room L3100 in the Whitney Hall 3rd Floor Conference Center (building "L" on the map). Parking is available in

the attached ramp on 14th and Hennepin. Directions: http://www.metrostate.edu/bldgservices/location.html#mpls


RSVP: https://www.go-integral.net/?q=OWASPJan_BruceSchneier

Agenda January 14 2008

6:00pm - Introduction and optional sign-in for CISSP credits.
6:10pm - Welcome: Introduction to OWASP chapter and future goals (Kuai Hinojosa).
6:30pm - The Economics of Information Security (Bruce Schneier).
7:45pm - Center for Strategic IT & Security
7:55pm - Book Giveaway
8:00pm - Upcoming Events reminder and meeting wrap-up


I hope to see you at our first meeting of 2008. I have many plans for an exciting year for the Twin Cities OWASP group, and

can't wait to share them with you. Don't forget to RSVP for the event we expect this event to fill the auditorium and due to

fire codes will not be able to accept walkins for this meeting.

Sincerely,


Kuai Hinojosa
OWASP Chapter Leader