This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Minneapolis St Paul"

Jump to: navigation, search
m (Pointing Tony Stieber link to updated video which maintains original aspect ratio.)
m (Updating video link for Gunnar Peterson part 1 of 2.)
Line 10: Line 10:
[ Handout for the presentation (PDF)]
[ Handout for the presentation (PDF)]
Video (1 of 2) of the presentation (Google Video) (Coming Soon)
[ Video (1 of 2) of the presentation (Google Video - original aspect ratio)]
[ Video (2 of 2) of the presentation (Google Video)]
[  Video (2 of 2) of the presentation (Google Video - distorted aspect ratio)]
==== Topic Overview ====
==== Topic Overview ====

Revision as of 02:42, 29 July 2008

OWASP Minneapolis St Paul

Welcome to the Minneapolis St Paul chapter homepage. The chapter leader is [Kuai]


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

<paypal>Minneapolis St Paul</paypal>

NEWS - OWASP becomes an affiliate of UMSA in support of the Secure 360 conference.

Secure360°™ is an annual conference providing high quality educational sessions and networking opportunities while working to identify developing trends in risk management, physical security, governance, audit, information security, contingency planning and human capital. As the host of Secure360°, UMSA strives to provide expert speakers, informative educational sessions and a wide range of exhibits for the collective membership and resources of individual associations, supplier partners and general public. (See the Members & Affiliates page for further information.)

July meeting: Monday, July 7 at 6:00 pm

Gunnar Peterson - Breaking Web Services

Handout for the presentation (PDF)

Video (1 of 2) of the presentation (Google Video - original aspect ratio)

Video (2 of 2) of the presentation (Google Video - distorted aspect ratio)

Topic Overview

SOA and Web services promise wonderful interoperability, but distributed systems create lots of room for fantastic failures. This session will explore the gory details of unique vulnerabilities at each layer of the SOA stack - from the WSDL interfaces to XML processing (XSD, XPath and XQuery), to the implementation languages liike Java and C#, to new security standards like WS-Security and SAML.

Gunnar gave this talk with Brian Chess at the 2008 RSA Conference.

Speaker Bio

Gunnar Peterson is a Managing Principal at Arctec Group focused on architecture consulting and training. Peterson is an Associate Editor for IEEE Security & Privacy Journal; leads the OWASP XML Security Gateway Evaluation Criteria project; and contributor to the SEI and DHS Build Security In portal on software security. He maintains a blog at


Minneapolis Community and Technical College
1501 Hennepin Ave, Minneapolis
Whitney Center, Room L3100 (3rd Floor)


Park in the ramp (R) - move through the T building (T) and go to Whitney Hall (L).


 6:00 pm - Introduction and Optional sign-in for CISSP credits
 6:10 pm - Welcome: OWASP chapter updates (Kuai Hinojosa)
 6:20 pm – Breaking Web Services (Gunnar Peterson)
 7:55 pm – Break
 8:05 pm – Book Giveaway
 8:10 pm  - Upcoming Events reminder and meeting wrap – up

Thank You

Center for Strategic Information Technology and Security for sponsoring our location.

Integral will be sponsoring refreshments for the meeting.

We are still looking for a book give-away sponsor and for sponsors for upcoming meetings. Call Lorna at 651-338-0243 if you need directions or have questions.

September Meeting: Wednesday September 3rd

Brian Chess (Fortify Software)

Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.

Highlights include:

  • The most common security short-cuts and why they lead to security failures
  • Why programmers are in the best position to get security right
  • Where to look for security problems
  • How static analysis helps
  • The critical attributes and algorithms that make or break a static analysis tool

We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review.

Other Upcoming Speakers:

Jeff Williams - We are in the process of organizing a mini conference in Minneapolis for the month of October 2008 and we are pleased to announce Jeff Williams has accepted our invitation to be our keynote speaker for this event. Jeff Williams is one of the founders of and is a board member of OWASP. He is also CEO of Aspect Security. Stay tuned for more details!


Videos of several past meetings are available at

Most recent videos:

Gunnar Peterson - Breaking Web Services - OWASP (MSP) - 7 July 2008 (Part 1 of 2 - original aspect ratio) (Part 2 of 2 - distorted aspect ratio)

Tony Stieber - How NOT to Implement Encryption for the OWASP Top 10 - OWASP (MSP) - 16 June 2008

Upcoming Events:

We are working on a mini conference in Minneapolis for the week of October 21st. We are still working on the logistics, but we promise this is going to be an interesting and unique event with lots of great speakers and opportunities to participate. Stay tuned for more information. Also, please feel free to submit suggestions for this event and post an email to the mailing list

We are looking for sponsors! Contact Kuai or Lorna if you are interested - any contributions to the local chapter would be highly appreciated.

DC612 meetings
2nd Thursday of the month

MN ISSA- Meets on Tuesday July 15th at the Four Points Sheraton, 1330 Industrial Blvd. Mpls, MN. For more information on speakers and topics.

There will be a Mini-MinneSec following the ISSA conference

OWASP NYC AppSec 2008 Sept 24-25th - Don't miss the NYC AppSec conference!