This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Ottawa"

From OWASP
Jump to: navigation, search
Line 59: Line 59:
 
==== Next Meeting September 27th ====
 
==== Next Meeting September 27th ====
  
Session 1: TBA
+
Microsoft Silverlight Security - A Hacker's Perspective
 +
 
 +
'''Abstract'''
 +
 
 +
It’s not news for anyone how the internet has revolutionized all aspects of our lives. In the past few years there has been unprecedented growth in web applications and their user base. One of the core technologies driving this widespread phenomenon is Rich Internet Applications (RIAs) because it offers the same level of responsiveness & interactivity on web that is available to desktop applications. Microsoft offered its vision of RIA through Silverlight - a framework that allows web applications running in a browser to behave more like desktop applications.
 +
 
 +
One of the major enhancements in Silverlight was the incorporation of mini-CLR engine, that on one hand, adds amazing capabilities for web developers but, on the other hand, also broadens the surface area of attack by opening previously nonexistent entry points into web applications. In this presentation Angelo & Kamran will demonstrate how modern hackers can use reverse engineering techniques to take advantage of weak security implementation. They will also show some effective ways of defending against these types of attacks.
 +
 
 +
'''Speakers:'''
 +
 
 +
Angelo Chan is an experienced versatile software developer who has developed applications, middleware and low-level software for various platforms. With an initial background in Telecom, Angelo has since worked with different technologies and has discovered a passion for .NET. His interests include virtual machines, operating systems, network/application reverse engineering and security. Angelo can be reached at [email protected]
 +
 
 +
Kamran Bilgrami is a seasoned software developer with proven track record of transforming complex business problems into viable technical solution. He has been instrumental in orchestrating highly available, performance centric, fault-tolerant real-time systems in a wide variety of industries including Telecom, Security and Human/Health Services. His areas of expertise include .NET, CLR Internals, Patterns and Security. Kamran can be reached at [email protected]
 +
 
 +
 
  
 
==== May, Thursday 12th 2011 ====
 
==== May, Thursday 12th 2011 ====
Line 101: Line 115:
 
Montréal.
 
Montréal.
 
<br>  
 
<br>  
 +
 +
==== March, Thursday 10th 2011 ====
 +
 +
Shan Gu - Accenture
  
 
==== Previous Meetings  ====
 
==== Previous Meetings  ====

Revision as of 19:42, 7 September 2011

OWASP Ottawa

Welcome to the Ottawa chapter homepage. The chapter leaders are Sherif Koussa and Karim Nathoo [1]

<paypal>Ottawa</paypal>


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Meeting Sponsor:

2keys (big).jpg






Chapter Elections

Chapter Chair

  • Add your name, email and platform here:
  • Add your name, email and platform here:
  • Add your name, email and platform here:

Chapter Committee Candidates

Candidate: Sergei Frankoff

Hello OWASP Ottawa,

I would like to put myself forward as a candidate for the OWASP Ottawa chapter board. I've been enjoying the fruits of OWASP for a few years now and I feel it's time to give something back.

Some of you might be wondering why you don't know me from past meetings.. this is because I didn't know there was an Ottawa chapter until recently.. something I would strive to fix if elected. I know Ottawa is full of security nerds, sysadmins, and software developers who would like to be a part of this community, we just need to get the word out.

If elected, the first idea I bring to the table is to establish an official OWASP Ottawa twitter account, I know Sharif (@skoussa) does mention OWASP events on his stream but I would like to have a centralized location where #infosecOttawa can learn of upcoming events, exchange ideas, and discuss issues that effect us.

The second idea is that we live stream our meetings, allow people to call into them (Skype, jabber, whatever). Many people in the information security community are _busy_, we travel, and when we are at home we would like to spend the time with our families. If OWASP took our meetings online, those who can not be there physically could still participate.

Help me make OWASP Ottawa a community.

Candidate: Other
  • Add your name, email and platform here:
  • Add your name, email and platform here:
  • Add your name, email and platform here:
  • Add your name, email and platform here:


Next Meeting September 27th

Microsoft Silverlight Security - A Hacker's Perspective

Abstract

It’s not news for anyone how the internet has revolutionized all aspects of our lives. In the past few years there has been unprecedented growth in web applications and their user base. One of the core technologies driving this widespread phenomenon is Rich Internet Applications (RIAs) because it offers the same level of responsiveness & interactivity on web that is available to desktop applications. Microsoft offered its vision of RIA through Silverlight - a framework that allows web applications running in a browser to behave more like desktop applications.

One of the major enhancements in Silverlight was the incorporation of mini-CLR engine, that on one hand, adds amazing capabilities for web developers but, on the other hand, also broadens the surface area of attack by opening previously nonexistent entry points into web applications. In this presentation Angelo & Kamran will demonstrate how modern hackers can use reverse engineering techniques to take advantage of weak security implementation. They will also show some effective ways of defending against these types of attacks.

Speakers:

Angelo Chan is an experienced versatile software developer who has developed applications, middleware and low-level software for various platforms. With an initial background in Telecom, Angelo has since worked with different technologies and has discovered a passion for .NET. His interests include virtual machines, operating systems, network/application reverse engineering and security. Angelo can be reached at [email protected]

Kamran Bilgrami is a seasoned software developer with proven track record of transforming complex business problems into viable technical solution. He has been instrumental in orchestrating highly available, performance centric, fault-tolerant real-time systems in a wide variety of industries including Telecom, Security and Human/Health Services. His areas of expertise include .NET, CLR Internals, Patterns and Security. Kamran can be reached at [email protected]


May, Thursday 12th 2011

Location: Bell - 160 Elgin St, Ottawa

Session 1 - Chris Pierre: Beyond Facebook: How Hackers Might Obtain Information Individual for Social Engineering attacks
As the old saying goes “Know your enemy as you know yourself.” This discussion will examine several sources of publicly available information which an attacker might use to gain background information on a target for the purposes of a social engineering attack. The talk is expected to be interactive, lively and will provoke a discussion on how these systems and processes can be hardened against this type of attack.


About The Speaker

Chris Pierre BA, CFE, CISSP is an Ottawa-based forensic investigation professional. Having worked with several forensic firms prior to starting Evince Services, Inc., he has experience in many types of engagements in both the private & public sectors & specializes in investigations involving the internet. Forensic engagements have included information leaks, general corporate fraud investigations, investor fraud, intellectual property cases, administrative/internal investigations, background investigations, grants & contributions fraud, corruption investigations & the provision of training on the use of the Internet as an investigative tool. Preventative engagements have included training, background due diligence & compliance consulting.

Chris is an instructor at Algonquin College, the Canadian Police College, Past-President of the Ottawa Chapter of the High Tech Crime Investigators Association (HTCIA) & a member of the Ottawa Chapter of the Association of Certified Fraud Examiners.

Session 2: - David Mirza Ahmed: Introducing Vega, a New Open Source Web Vulnerability Scanner

David will be presenting Vega, a new free and open source vulnerability scanner for web applications developed by Subgraph, his Montreal-based security startup. Vega allows anyone to scan their web applications for vulnerabilities such as cross-site scripting or SQL injection. Written in Java, Vega is cross-platform. It's also extensible, with a built-in Javascript interpreter and API for custom module development. Vega also includes an intercepting proxy for manual inspection of possible vulnerabilities and penetration testing.


About The Speaker David has over 10 years in the information security business. He started his professional experience as a founding member of Security Focus, which was acquired by Symantec in 2002. David also moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and was an editor for IEEE Security & Privacy. His current obsession is building Subgraph, his information security startup in Montréal.

March, Thursday 10th 2011

Shan Gu - Accenture

Previous Meetings