Washington DC

Welcome to the OWASP DC Local Chapter
The original DC Chapter was founded in June 2004 by [mailto:jeff.williams@owasp.org Jeff Williams] and has had members from Virginia to Delaware. In April 2005 a new chapter, DC-Virginia, was formed and the DC Chapter was renamed to DC-Maryland. The two are sister chapters with common members and shared discourse. The chapters meet in opposite halves of the month to facilitate this relationship.

Chapter meetings are held several times a year, typically in the offices of our facility sponsor. Please subscribe to the mailing list for meeting announcements. You can also check out the archives of this page here Washington_DC Archives.

Chapter Sponsors

Facility Sponsor: George Washington University       Refreshment Sponsor:

Washington DC

Participation
OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the DC-Maryland Chapter, send an email to one of the chapter co-chairs or the [mailto:owasp-washington__AT__lists.owasp.org Mailing List].

Chapter Co-Chairs

[mailto:Rex.Booth__AT__GT.com Rex Booth]

[mailto:mark.bristow__AT___owasp.org Mark Bristow]

[mailto:dougwilson.lists__AT__gmail.com Doug Wilson]

The new chapter Co-Chairs would like to extend our deepest thanks to Andre Ludwig for serving as the chapter chair for the the past 3 years. You've done a great job Dre and we hope to continue to see you at chapter meetings.

Local News
February 5th 6:30 PM OWASP Meeting, Washington DC

This month we will be holding our meeting at The George Washington University in downtown DC.

The meeting is in Duques Hall, Room 553, which is located at 2201 G St. NW Washington, DC 20037

This month's agenda:


 * 6:30 - 6:45 Introductions and OWASP Business - Mark Bristow
 * 6:45 - 7:45 WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity - Ryan Barnett
 * 7:45 - 8:00 Break
 * 8:00 - 9:00 Software Assurance Maturity Model (SAMM) - Pravir Chandra

You can RSVP for the event on Upcoming.org: http://upcoming.yahoo.com/event/1494008

Note on Transportation and Parking

Parking on campus is at a premium and visitors are encouraged to use public transportation when visiting the campus. The nearest METRO stop, Foggy Bottom/GWU located on the Orange/Blue lines, is a short 3 block walk from the Marvin Center

The Marvin Center Garage operates from 7am - midnight Monday through Friday and is closed on weekends. Make sure you have your car out by 11:45pm. A visitor's parking garage is located between 23rd and 22nd Streets and H and Eye Streets. The visitor entrance is on Eye Street.

December Meeting Debrief

I'd like to take this opportunity to once again thank Kevin for coming out to talk to us at the meeting Wednesday. I thought his presentation on Samurai, Yokoso!, Laudanum, and Social butterfly demonstrated some of the great up and coming tools that are available to the community. As promised, I uploaded the PDF of the presentation to the Wiki, but the slides don't do the commentary justice. It can be found.

We also took care of some housekeeping stuff:
 * We'd like to thank Mike from Deloitte for offering up his space the last few months but our next meeting will instead be held at George Washington University Gelman Library. Everyone remember to thank Amy for offering up GW's meeting spaces to us.
 * The OWASP DC Chapter will be hosting OWASP AppSec 2009 sometime in October 09. More details will come out as we firm up dates/speakers/locations and calls for volunteers!
 * Rex talked for a few minutes about the Portugal Summit. The debrief from the summit can be found here
 * Our next chapter meeting will be held in Feburary, topics TBD but we are [mailto:mark.bristow__AT___owasp.org soliciting speakers].

To those who attended the meeting on Wednesday, thanks for coming out, we had a great turnout and I hope to have even more attendees next time. For those who were unable to attend, I hope to see you all at our next meeting.

December 10th 6:30pm OWASP Meeting, Washington DC

This month we will be holding our meeting at the DC offices of Deloitte & Touche (1001 G St NW Washington DC 20001).

The meeting will start at 1830. Upon arriving, please go to the 9th floor and sign in, someone will escort you to the meeting location, Rm. 8S026. If you are late and can not get in, please call 202.270.8715.

This month's agenda is as follows:


 * Presentation by Kevin Johnson, InGuardians
 * Round table Discussion of Portugal Summit
 * Open discussion

Kevin Johnson is a Senior Security Analyst with InGuardians. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and contributes to a large number of open source security projects. Kevin founded and leads the development on B.A.S.E., Samurai, SecTools and Yokoso! projects.

Kevin is an instructor for SANS, authoring and teaching Security 542, Web Application Pen-Testing In-Depth and teaching other SANS classes such as the Incident Handling and Hacker Techniques class. He has presented to many organizations, including InfraGard, ISACA, ISSA and the University of Florida.

You can RSVP to the event on Upcoming.org: http://upcoming.yahoo.com/event/1334575

October 15th 6:30pm OWASP Meeting, Washington DC

This month we will be holding our meeting at the DC offices of Deloitte & Touche (1001 G St NW Washington DC 20001).

The meeting will start at 1830. Upon arriving, please go to the 9th floor and sign in, someone will escort you to the meeting location, Rm. 8S026. If you are late and can not get in, please call 202.270.8715.

This month's agenda is as follows:


 * Adam Vincent, Hacking and Hardening Web Services
 * Doug Wilson, Report on AppSec NYC 2008
 * Open discussion

Adam Vincent will be presenting on Hacking and Hardening Web Services. He has presented this to other OWASP chapters, including NoVa, and we are pleased to have him be able to bring it to our DC audience.

Doug Wilson will also be reporting back from the OWASP AppSec NYC 2008 conference. He will cover some of the themes that emerged from that, and talk about some of the directions that OWASP is looking to take in the coming year.


 * Washington_DC Archives