This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Toronto"

From OWASP
Jump to: navigation, search
(Upcoming Meetings June 18th 2008)
(Upcoming Meetings June 18th 2008)
Line 15: Line 15:
 
== Upcoming Meetings June 18th 2008 ==
 
== Upcoming Meetings June 18th 2008 ==
  
Location: The next chapter meeting will be held on June 18th June at D&T, 4-179B, 121 King Street West, Toronto.
+
'''Location:''' The next chapter meeting will be held on June 18th June at D&T, 4-179B, 121 King Street West, Toronto.
  
Description: Testing for certain web application vulnerabilities is tedious and time-consuming, and when combined with time constraints, full testing coverage is often not achieved.  ExploitMe is a series of Open Source Firefox plugins released by Security Compass for this purpose - automated detection of XSS, SQL Injection, and access control (including the recently released HTTP verb tampering) vulnerabilities.  
+
'''Date/Time:''' June 18th 2008, 6:00-7:30 PM EST
 +
 
 +
'''Description:''' Testing for certain web application vulnerabilities is tedious and time-consuming, and when combined with time constraints, full testing coverage is often not achieved.  ExploitMe is a series of Open Source Firefox plugins released by Security Compass for this purpose - automated detection of XSS, SQL Injection, and access control (including the recently released HTTP verb tampering) vulnerabilities.  
  
 
In this presentation Tom Aratyn and Sahba Kazerooni of Security Compass will demonstrate how the Exploit-Me series of tools can be used during penetration testing to find security vulnerabilities in real web applications.
 
In this presentation Tom Aratyn and Sahba Kazerooni of Security Compass will demonstrate how the Exploit-Me series of tools can be used during penetration testing to find security vulnerabilities in real web applications.
  
Presenters: Tom Aratyn (Lead Developer ExploitMe Series), Sahba Kazerooni (Security Consultant, Security Compass)
+
'''Presenters:''' Tom Aratyn (Lead Developer ExploitMe Series), Sahba Kazerooni (Security Consultant, Security Compass)
  
 
== May 13th 2008 Meeting ==
 
== May 13th 2008 Meeting ==

Revision as of 07:16, 9 June 2008

OWASP Toronto

Welcome to the Toronto chapter homepage. The chapter leader is Nish Bhalla


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


The mailing list archive can be accessed from here.

Upcoming Meetings

July 2008 Whitehat Security will have consultant speaking in July.

Sep - Dec 2008

We are looking for speakers, if you are interested in speaking on security topics please email Nish Bhalla

Upcoming Meetings June 18th 2008

Location: The next chapter meeting will be held on June 18th June at D&T, 4-179B, 121 King Street West, Toronto.

Date/Time: June 18th 2008, 6:00-7:30 PM EST

Description: Testing for certain web application vulnerabilities is tedious and time-consuming, and when combined with time constraints, full testing coverage is often not achieved. ExploitMe is a series of Open Source Firefox plugins released by Security Compass for this purpose - automated detection of XSS, SQL Injection, and access control (including the recently released HTTP verb tampering) vulnerabilities.

In this presentation Tom Aratyn and Sahba Kazerooni of Security Compass will demonstrate how the Exploit-Me series of tools can be used during penetration testing to find security vulnerabilities in real web applications.

Presenters: Tom Aratyn (Lead Developer ExploitMe Series), Sahba Kazerooni (Security Consultant, Security Compass)

May 13th 2008 Meeting


The next chapter meeting will be held on May 13th at a Different Location Delta Meadowvale Resort & Conference Center, 6750 Mississauga Road, Mississauga, ON CA, Phone: 905-821-1981 Directions to the meetings

Topic: A Distributed Web Application Honeypot

Date/Time: May 13th 2008, 6:00-7:00 PM EST

Description: DShield.org has been extremely helpful in understanding network based attacks. However, over the last few years many interesting attacks target specific web application flaws which are not detected by DShield's sensor system. Collecting similar data for web applications has been challenging for a number of reasons. First of all, the data needed to understand a web application attack is much richer and a simple efficient data model as the one used by DShield will not provide sufficient details. If more detailed data, like complete requests, are collected, data privacy issues become more of a problem. Simple obfuscation or pattern replacement techniques are usually not sufficient to safeguard this information, or they will make it impossible to understand the attack. Lastly, many web application attacks use search engines to find vulnerable systems, instead of just attacking random servers. Over the next few months we plan to roll out a distributed web application honeypot. We will describe how this honeypot will be implemented to address these issues.


Speaker BIO: Dr. Johannes Ullrich SANS Institute As Chief Research Officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a Ph.D. in Physics from SUNY Albany and is located in Jacksonville FL.

OWASP Toronto chapter meetings are open to the public RSVP is requested by sending an email

22nd January 2008 Meeting

The next chapter meeting will be held on Jan 22nd at 20the floor, 79 Wellington Street West, Toronto, ON M5K 1B9 . Directions to the meetings

Topic: Modern Trends in Network Fingerprinting


Description:

Speaker BIO: Jay Graver and Ryan Poppa are Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities.

Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques.

Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com


OWASP Toronto chapter meetings are open to the public RSVP is requested by sending an email

Sponsorship

Many thanks to Deloitte & Touche LLP. for sponsoring the location and food for these meetings.


Speakers

We are always looking for speakers to present on their topic of choice. If you are interested please contact Nish Bhalla


OWASP Toronto Chapter Committee

The OWASP Toronto Chapter has formed a committee which would help with direction of the chapter. Deloitte & Touches' Application Security Group and Security Compass's Professional Services Group are helping lead this initiative. We are looking for additional members to expand our chapter.


Current Committe Members

Nish Bhalla (Chapter Leader)
Reza Kopaee

Meetings

Everyone is welcome to join us at our chapter meetings. These meetings are held every Second Wednesday of the month. We meet at the conference room at Deloitte & Touche. Beverages and snacks are provided.


Address and Directions to the meeting are:

20th floor, the TLC Room (signs will be provided on the floor)
TD Centre, TD Waterhouse Tower
79 Wellington Rd. W.
Toronto



Directions to the meetings

OWASP Toronto chapter meetings are open to the public RSVP is requested by sending an email

Past Presentations For Download

The past presentations are avaiable for download from here. If you have any comments on the presentations please send them to us.

Basic Web Application Testing Methodology by Nish Bhalla Security Compass

Basic Web Services Security by Rohit Sethi Security Compass

Authentication Security by Hui Zhu

Identity Management Basics by Derek Browne