This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Minneapolis St Paul"

From OWASP
Jump to: navigation, search
(Agenda:)
(Next meeting: Monday, July 7 at 6:00 pm)
Line 21: Line 21:
 
'''Andrew van der Stock''' has agreed to visit our chapter and discuss the new Enterprise Security API. We do not have an exact day yet, so stay tuned.
 
'''Andrew van der Stock''' has agreed to visit our chapter and discuss the new Enterprise Security API. We do not have an exact day yet, so stay tuned.
  
== Next meeting: Monday, June 16th at 6:00 pm ==
+
== Next meeting: Monday, July 7 at 6:00 pm ==
  
=== Tony Stieber – How NOT to Implement Encryption for the OWASP Top 10 ===
+
=== Gunnar Peterson - Breaking Web Services ===
  
 
==== Topic Overview ====
 
==== Topic Overview ====
Three out of the ten items in the OWASP Top Ten are related to encryption. These items, A7, A8, and A9, are merely misuse or non-use of well-known and readily available tools. Best practices will be explained and illustrated with counter-examples with the goal of explaining how web applications and cryptography meet.
+
SOA and Web services promise wonderful interoperability, but distributed systems create lots of room for fantastic failures. This session will explore the gory details of unique vulnerabilities at each layer of the SOA stack - from the WSDL interfaces to XML processing (XSD, XPath and XQuery), to the implementation languages liike Java and C#, to new security standards like WS-Security and SAML.
 +
 
 +
Gunnar gave this talk with Brian Chess at the [https://cm.rsaconference.com/US08/catalog/controller/catalog 2008 RSA Conference].
  
 
==== Speaker Bio ====
 
==== Speaker Bio ====
Tony Stieber has been working in the information security industry for over 12 years, with 8 of those years in the Fortune 100. His past experience includes mainframes, supercomputers, military and commercial firewalls, medical diagnostic systems, dot com ventures, retail environments, large financial systems, and cryptology.
+
 
 +
Gunnar Peterson is a Managing Principal at Arctec Group focused on architecture consulting and training. Peterson is an Associate Editor for IEEE Security & Privacy Journal; leads the OWASP XML Security Gateway Evaluation Criteria project; and contributor to the SEI and DHS Build Security In portal on software security. He maintains a blog at http://1raindrop.typepad.com.
  
 
==== Location ====
 
==== Location ====
Line 44: Line 47:
  
 
   6:00 pm - Introduction and Optional sign-in for CISSP credits
 
   6:00 pm - Introduction and Optional sign-in for CISSP credits
   6:10 pm - Welcome: OWASP chapter updates (Lorna Alamri)
+
   6:10 pm - Welcome: OWASP chapter updates (Kuai Hinojosa)
   6:20 pm – Encryption (Tony Stieber)
+
   6:20 pm – Breaking Web Services (Gunnar Peterson)
   7:55 pm – break
+
   7:55 pm – Break
 
   8:05 pm – Book Giveaway
 
   8:05 pm – Book Giveaway
 
   8:10 pm  - Upcoming Events reminder and meeting wrap – up
 
   8:10 pm  - Upcoming Events reminder and meeting wrap – up
  
 
==== RSVP ====
 
==== RSVP ====
Please RSVP at https://www.go-integral.net/?q=TonySJune
+
An RSVP web page will be set up shortly.
  
 
==== Thank You ====
 
==== Thank You ====

Revision as of 02:22, 24 June 2008

NEWS - OWASP becomes an affiliate of UMSA in support of the Secure 360 conference.

Secure360°™ is an annual conference providing high quality educational sessions and networking opportunities while working to identify developing trends in risk management, physical security, governance, audit, information security, contingency planning and human capital. As the host of Secure360°, UMSA strives to provide expert speakers, informative educational sessions and a wide range of exhibits for the collective membership and resources of individual associations, supplier partners and general public. (See the Members & Affiliates page for further information.) http://www.secure360.org/index.html

Videos:

I uploaded the videos and I will follow up with their presentations soon. I apologize for the delay. The video and sound quality is not the best but works. You can get to both videos here: https://www.owasp.org/index.php/Category:OWASP_Video#Videos

Upcoming Speakers:

Tony Stieber will be speaking on Encryption on June 16. See announcement below.

Gunnar Peterson will be presenting "Breaking Web Services" on July 7.

Brian Chess will speak Wednesday September 3rd -"Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution".

Gary McGraw - As I have mentioned previously, we are in the process of organizing a mini conference in Minneapolis for the month of October. I am pleased to announce Gary McGraw has accepted our invitation to be our keynote speaker for this event. He has confirmed so, stay tuned for more details!!

Andrew van der Stock has agreed to visit our chapter and discuss the new Enterprise Security API. We do not have an exact day yet, so stay tuned.

Next meeting: Monday, July 7 at 6:00 pm

Gunnar Peterson - Breaking Web Services

Topic Overview

SOA and Web services promise wonderful interoperability, but distributed systems create lots of room for fantastic failures. This session will explore the gory details of unique vulnerabilities at each layer of the SOA stack - from the WSDL interfaces to XML processing (XSD, XPath and XQuery), to the implementation languages liike Java and C#, to new security standards like WS-Security and SAML.

Gunnar gave this talk with Brian Chess at the 2008 RSA Conference.

Speaker Bio

Gunnar Peterson is a Managing Principal at Arctec Group focused on architecture consulting and training. Peterson is an Associate Editor for IEEE Security & Privacy Journal; leads the OWASP XML Security Gateway Evaluation Criteria project; and contributor to the SEI and DHS Build Security In portal on software security. He maintains a blog at http://1raindrop.typepad.com.

Location

Minneapolis Community and Technical College
1501 Hennepin Ave, Minneapolis
Whitney Center, Room L3100 (3rd Floor)

Map: http://www.minneapolis.edu/campusmaps/index.cfm

Park in the ramp (R) - move through the T building (T) and go to Whitney Hall (L).

Agenda:

 6:00 pm - Introduction and Optional sign-in for CISSP credits
 6:10 pm - Welcome: OWASP chapter updates (Kuai Hinojosa)
 6:20 pm – Breaking Web Services (Gunnar Peterson)
 7:55 pm – Break
 8:05 pm – Book Giveaway
 8:10 pm  - Upcoming Events reminder and meeting wrap – up

RSVP

An RSVP web page will be set up shortly.

Thank You

Center for Strategic Information Technology and Security for sponsoring our location.

Integral will be sponsoring refreshments for the meeting.

We are still looking for a book give-away sponsor and for sponsors for upcoming meetings. Call Lorna at 651-338-0243 if you need directions or have questions.

July Meeting: Monday, July 7, 6:00 p.m.

Gunnar Peterson (Arctec) will be presenting "Breaking Web Services". Gunnar gave this talk with Brian Chess at the past RSA conference. Another interesting topic don't forget to bring lots of questions to this presentation as well.

September Meeting: Wednesday September 3rd

Brian Chess (Fortify Software)

Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.

Highlights include:

  • The most common security short-cuts and why they lead to security failures
  • Why programmers are in the best position to get security right
  • Where to look for security problems
  • How static analysis helps
  • The critical attributes and algorithms that make or break a static analysis tool

We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review.

Other Industry Events:

OWASP NYC AppSec 2008 Don't miss the NYC AppSec conference! https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference

MN ISSA- Meets on Tuesday July 15th at the Four Points Sheraton, 1330 Industrial Blvd. Mpls, MN. For more information on speakers and topics. http://www.mn-issa.org/html/chaptermeetings.html

TCJUG (Twin Cities Java Users Group) meets June 16 and July 14 at Intertech, Inc in Eagan. http://www.intertechtraining.com/UserGroups/JavaUserGroup.aspx