This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Ottawa"

From OWASP
Jump to: navigation, search
(Next Meeting: Tuesday, November 4th, 2009)
(Next Meeting: Tuesday, March 30th, 2010)
Line 19: Line 19:
 
{| width="900" border="0" align="left" cellpadding="1" cellspacing="1"
 
{| width="900" border="0" align="left" cellpadding="1" cellspacing="1"
 
|-
 
|-
| [http://www.fortify.com http://www.owasp.org/images/7/7e/FORTIFY_LOGO_MED.jpg]
 
 
| [http://www.2keys.ca http://www.owasp.org/images/7/75/2keys_%28big%29.jpg]
 
| [http://www.2keys.ca http://www.owasp.org/images/7/75/2keys_%28big%29.jpg]
| [http://www.inverselabs.com http://www.owasp.org/images/0/00/Inverse_labs_logo_white.jpg]
 
| [http://www.flexedge.ca http://www.owasp.org/images/a/a0/FlexEdgeSm.JPG]
 
 
| [http://trendmicro.com http://www.owasp.org/images/9/9a/TM_logo_red_rgb.jpg]
 
| [http://trendmicro.com http://www.owasp.org/images/9/9a/TM_logo_red_rgb.jpg]
 
|}
 
|}
Line 42: Line 39:
 
  7:00-7:30 Open discussion and questions
 
  7:00-7:30 Open discussion and questions
  
'''Speaker: Pravir Chandra'''  
+
'''Speaker: Sherif Koussa'''  
  
'''Software Assurance Maturity Model (OpenSAMM)''' The Software Assurance Maturity Model (SAMM) into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/
+
'''The Dirty Couple: Cross-site Scripting and Cross-site Request Forgery:''' A case-study on how cross-site scripting and cross-site request forgery was used to exploit 18,000 twitter accounts in a couple of days. The presentation also will cover some take-home and practical tips on how to mitigate against these attacks.
  
'''About The Speaker''' Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.
+
'''About The Speaker''' Mr. Sherif Koussa is a Principal Information Security consultant at Software Secured (www.softwaresecured.com) specialized in source code driven security application assessment, static code analysis and security code review for Java, ASP.net, Classic ASPs and C++. Mr. Koussa is also co-founder and co-leader of OWASP Ottawa Chapter, a Member of SANS Steering Committee for GSSP-J and GSSP-NET exams and an Exam Development Consultant for GIAC. Prior to finding Software Secured, Mr. Koussa spent over 10 years designing, implementing and leading large scale software projects for Fortune 500 companies.
Bruce holds a degree in Computer Systems Engineering as well as industry standard qualifications.
 
  
 
== Previous Meetings ==
 
== Previous Meetings ==

Revision as of 15:02, 16 March 2010

OWASP Ottawa

Welcome to the Ottawa chapter homepage. The chapter leaders are Mike Sues and Sherif Koussa <paypal>Ottawa</paypal>


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Meetings Location

Third Brigade: 40 Hines Rd Suite 200 Ottawa, Ontario, Canada K2K 2M5 Map

RSVP

Please RSVP to [email protected]. Please include name, company and how many attendees.

Next Meeting: Wednesday, November 4th, 2009

Meeting Sponsor:

2keys_%28big%29.jpg TM_logo_red_rgb.jpg






Meeting schedule: 

     5:45-6:15 Pizza, wings and pop
6:15-7:00 Main presentation
7:00-7:30 Open discussion and questions

Speaker: Sherif Koussa

The Dirty Couple: Cross-site Scripting and Cross-site Request Forgery: A case-study on how cross-site scripting and cross-site request forgery was used to exploit 18,000 twitter accounts in a couple of days. The presentation also will cover some take-home and practical tips on how to mitigate against these attacks.

About The Speaker Mr. Sherif Koussa is a Principal Information Security consultant at Software Secured (www.softwaresecured.com) specialized in source code driven security application assessment, static code analysis and security code review for Java, ASP.net, Classic ASPs and C++. Mr. Koussa is also co-founder and co-leader of OWASP Ottawa Chapter, a Member of SANS Steering Committee for GSSP-J and GSSP-NET exams and an Exam Development Consultant for GIAC. Prior to finding Software Secured, Mr. Koussa spent over 10 years designing, implementing and leading large scale software projects for Fortune 500 companies.

Previous Meetings

September 10th, 2009 - Justin Foster - Speaker Notes: Download Here

April 6th, 2009 - Rafal Los - Speaker Notes: Download Here

July 16th, 2008 - John Linehan - Speaker Notes: Download Here

November 28th, 2007 - Eric Klien - Make my day

Retrieved from "https://wiki.owasp.org/index.php?title=Ottawa&oldid=79988"