This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Washington DC

From OWASP
Revision as of 17:08, 12 May 2006 by WikiSysop (talk | contribs) (Local News)

Jump to: navigation, search

Welcome to the OWASP Washington, DC-Maryland Local Chapter

The original DC Chapter was founded in June 2004 by Jeff Williams and has had members from Virginia to Delaware. In April 2005 a new chapter, DC-Virginia, was formed and the DC Chapter was renamed to DC-Maryland. The two are sister chapters with common members and shared discourse. The chapters meet in opposite halves of the month to facilitate this relationship.

Chapter meetings are held several times a year, typically in the offices of our sponsor. Please subscribe to the mailing list for meeting announcements.

Our chapter is sponsored by Aspect Security.

Participation

OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the DC-Maryland Chapter, send an email to Matt Fisher or Andre Ludwig.

Between meetings we keep the discussion going via mailing list. To join our chapter mailing list, visit our mailing list page. List membership is kept private.

Local News

Meeting: March 23rd Thu Feb 16 15:41:45 EST 2006

March Meeting Announcement

Our next meeting is on Thursday March 23rd at 1800 hours in the offices of Aspect Security.

This is going to be a technical meeting focusing on AJAX Security.

In case you weren't aware, AJAX is a clever use of existing technologies to provide richer interfaces on the web (think Google Maps). It's growing in popularity and "buzz", so be sure to make this meeting and learn all you can about it.

If you have some AJAX science you'd like to drop on us, then email me directly at mfisher at spidynamics dot com

The Agenda:

1. Opening, introductions 2. Presentation by Rick Pries: An introduction to AJAX 3. Overview and Review of the new OWASP AJAX Security Guide 4. BoF discussion on AJAX and AJAX security 5. Everything Else: Current Events, OWASP news, Industry News, Recent Hacks in the News, Closing, etc.

Food:

As usual, geek food will be provided. This usually means pizza and soda.

Getting there

Aspect is located at 9175 Guilford Road (Suite 300) in Columbia. Driving directions are:

From I-95:

Exit 38 B : Rt. 32 West towards Columbia (1.5 miles)

Take the Broken Land Parkway exit

Turn left off the ramp onto Broken Land Parkway

Turn left at the light onto Guilford Road (0.5 miles)


After a sharp left, enter the parking lot at 9175 Guilford Road. [Note: if you go under the bridge, you've gone too far]

We're on the third floor in Suite 300

Unfortunatley being out in the far 'burbs there is very limited public transport.

If you need help getting to the meeting, try emailing the list at: [email protected] asking for a lift.

There are two MARC stations within a twenty minute drive, and the MTA contracted commuter busses drop off within 2 miles of the offices.

Wireless

I am please to announce that we may just have wireless access for the meeting. No promises, but if you're the type who likes to look stuff up realtime then you may want to bring the laptop.

If we *are* lucky to enough to get wireless access, there will be a serious "no playing around" policy in place, and anyone breaking it will be kick/banned for life, y'all hear ? December Meeting Notes Sat Dec 24 09:54:05 EST 2005

[Note: there was no meeting in November due to the holiday crunch. We decided to hold just one meeting in December].

Greetings from the Northern side of the Beltway. I wanted to send out a note to everyone letting them know how great the meeting was last night. The turn out was the perfect size for some "fireside chats".... It was some of the most technical conversation I've had in a long time that didn't involve an instant messenging client.

First of all, Thanks again to the ever-generous Aspect Security whom provided not only meeting space, but pizza and a chaperone as well. I'm glad to say that Chuck was there too .. Chuck is one of our most highly technical meetings, and shows up every time, on time.

For those of you who didn't make it, here's what we discussed. Note that I said *discussed*; not presentations. The smaller size of this meeting really afforded some great technical conversation and the loose interactive format was spectacular. If you missed it , well then you missed out.

1. Susan Suskin gave us her thoughts on the AppSec conference for those you who missed the conference. Apparently the majority of the conference rocked, except for some lam3r presentation on web application worms (mine) .

2. NIST's SAMATE project. This is a government funded project that attempts to a) gain serious expertise in app sec to the point of being able to 2) define key performance capabilities of app sec tools, 3) define metrics for those capabilities, 4) create test environments against those metrics, and then 5) evaluate and report on all app sec tools. Discussion of this spun off of the discussion of the conference.

3. **The recent GMail hack**. This was really well done (props Andre ) . Instead of doing a *presentation* on it, shots from the original 'explanation' site was passed around and we all deciphered it together, making a true learning and discussion opportunity. Unfortunately this also mitigated our ability to mock his lamer slides, but I secretly mocked his lamer xeroxing capabilities. I'm just kidding of course: Andre xerox's like a champ. I think he's certified in it or something.

4. **A Tutorial Walk-Through of SQL Injection and Blind SQL Injection** along with *nasty evasive destructive SQL Injections*, followed by the Web App Sec comedy hour. Those of you who missed the AppSec conference and also missed the meeting last night missed all the humour. Plus, you'll never understand how astute Donald Rumsfeld is with input validation. [ If you read this far, then you get an extra slice of pizza next meeting ]. My next presentation will be stone-cold serious, but equally lame. My presentations should improve once I finish my PowerPoint certification study class.

5. ShmooCon ! The coolest conference you'll find in the area. Be there are be square. http://www.shmoocon.org/ If you are already registered for the conference and aren't staying at the Wardman, , then please consider booking a room - they need this to lock in the hotel for next year. I'm local, and I have a room !

6. **AJAX** - what it is, what is isn't, who's using it, how it works, and the security implications of it. We all agreed that none of us know enough about it and we're looking for someone with some real expertise to educate us on it. I for one am willing to chip in some bucks for a serious education on it. If we all chipped in, we may be able to get someone to give us a couple hours of tutorial on it. Thoughts?

Retrieved from "https://wiki.owasp.org/index.php?title=Washington_DC&oldid=2034"