Difference between revisions of "Minneapolis St Paul"

Revision as of 11:55, 9 June 2006

Welcome to the OWASP Minneapolis/St. Paul Local Chapter

Welcome to the Minneapolis/St. Paul local chapter homepage.

The chapter leader is Robert Sullivan.

Participation

OWASP chapter meetings are free and open. Anybody interested in web application security is welcome. We encourage attendees to give presentations on specific topics, however please review rules.

To join the chapter mailing list, please visit our mailing list homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Local News

Next meeting: Tuesday, June 20th Location: Metro State University, MPLS

Agenda June 10

6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Metropolitan State University programs

6:15pm - Open Source Security Testing Tools, (Tim McGuire, see below)

7:00pm - Fortify, a commercial source code analysis tool (Joe Teff, see below)

7:30pm - Report on AppSec Europe 2006 (pending presenter confirmation)

7:45pm - What's new in WebGoat 4.0 (Bob Sullivan)

Location:

Metro State,Management Education Center, 1300 Harmon Place June 20th.Room M.1500 or M.1700 look for the event titled: "Open Web Security Meeting"

Directions:

Directions:[1]

Link to building location: [2]

Rooms are on first floor of the Management Education Center. They are really nice rooms with very comfortable chairs. Street parking is free after 6 pm. If you get there early it's just a $.25 for a half hour. There is also a ramp which is $5.00.

Food:

Lorna will bring pizza and pop.

Open Source Tools Presentation

Tim McGuire – Consultant
Will present: Selected open source web application security testing tools.

Tim will demonstrate these tools:

1. Using Gforge, a fat target for security scanning. It uses CVS module, file uploads, email and SOAP.
2. Using Wikto, a Web Server Assesment Tool
3. Using and customizing WSFuzzer, a penetration testing tool that audits HTTP based SOAP targets.
4. Using Oedipus, a web application scanner written in Ruby.
5. Using and customizing Rats, a source code scanner.
6. Using and customizing spike proxy, a HTTP proxy for finding security flaws in web sites.

Fortify, a commercial source code analysis tool

Joe Teff, Wells Fargo

Fortify Source Code Analysis Suite is a set of industry-proven tools that enables you to find, track, and fix security vulnerabilities in your software applications. Fortify is built to work with your development and audit tools and processes. Joe will demonstrate how to use the tool to find source code vulnerabilities.

Thanks to the folks at Metropolitan State U for the room and Integral Business solutions for the food.