Kitchener/Waterloo

Upcoming Meetings & Presentations
Thursday March 28th, 2013 6:00-7:30 Location: McAfee Anti-Virus, 565 Kumpf Drive, Waterloo - Basically Northfield & Expressway. Agenda:
 * 1) Introductions
 * 2) Presentation: (Dave Ockwell-Jenner) Annoying Persistent Threat edition

Presentation Brief: China: All up in your business - Annoying Persistent Threat edition

For the past few years, I've been involved in examining intrusions by a group informally known as Comment Crew -- which are now better known as 'APT1' following the recent release of the report from Mandiant. This group falls into the class of the 'Advanced Persistent Threat' and are known to use compromised web sites to supply command/control to compromised systems. I have a live demo of an annotated attack against a fictitious company, using custom malware and metasploit. It shows how attackers initially compromise a system, supply commands, install additional malware, gain privileges in post-exploit and loot the network for fun and profit! All-in-all it takes about an hour including questions as we go. It's targeted toward beginner/intermediate and we can focus on the demo-malware code itself if we have lots of devs - advanced pentesters will find it pretty typical.

Dave's Bio:

''Dave Ockwell-Jenner has an extensive background in technology: from building one of the Internet’s earliest major web sites, to helping secure some of the world’s most critical systems. He has led the development of solutions for some of Canada’s most prominent technology companies, including Research In Motion and Nortel.''

''He currently works for a Swiss-based company that specializes in IT and communications for the Air Transport Industry. In this role he has focused on designing and delivering the company's secure software development lifecycle. Through this, Dave regularly trains developers in secure software techniques, and has co-authored the SANS course on Developing Defensible Java EE Solutions.''

''Dave also runs a boutique security consultancy called Prime Information Security, concentrating on information security within Small-to-Medium Businesses. He is a security blogger for TELUS and also co-founded a business networking organization called the Small Business Community Network (SBCN).''

 We would like to provide some food & bervage so if you're planning on attending please RSVP so we can plan accordingly

Please RSVP to [mailto:colin.delaney@owasp.org Colin Delaney] OR [mailto:Chris.Howell@owasp.org Chris Howell] To Confirm your presence.

Speakers
We are always looking for security minded speakers to present on a topic of your choice, Developers, Quality Assurance, Project Managers, Managers are all welcome, if you're interested please contact one of the chapter leaders.

Meetings
Meetings are open, free and welcoming for all to attend. Some Beverages & food will be provided.

Previous Meetings
Tuesday February 26th 2013, 6:00-8:00pm

Location: Morty's Pub (Basement) 272 King Street North, Waterloo Ontario

Agenda:


 * 1) Introductions


 * 1) OWASP Mission & Meetings


 * 1) Guest Presentation & Discussions


 * 1) OWASP Materials
 * 2) OWASP Membership

When: Wednesday, November 16th, 8pm '- Local Chapter Kickoff Meeting + Presentation ( Steve Hendrikse - Introduction To Web Services Security Testing )

Location: RumRunnerPub, 1 King Street W., Kitchener (Basement of Walper Hotel, corner of King and Queen- Map/Directions Please

Description: For this informal meeting, we will have brief introductions, complete some general housekeeping, and discuss what we would like to get out of our local chapter. For the second half, our guest speaker will present an introduction to web services security testing

Welcome &amp; Introductions - OWASP Mission &amp; Goals - OWASP Meetings - OWASP resources and materials - OWASP Membership

Guest Speaker - Steve Hendrikse - Intro to testing Web Services - Q&amp;A - Open Discussion - Feedback &amp; Closing Comments

Speaker Bio: Steve Hendrikse is a Technical Security Analyst with Research In Motion. He specializes in web application security assessment and testing. Steve also has a leading role within the Corporate Security Department in developing and extending the Secure Development Lifecycle at RIM. Steve studied Computer Science at the University of Western Ontario and attained an MSc. in Information Security from the Royal Holloway. His interests include application/system usability and accessibility, reverse engineering, and design for security.

 Outcome / Update: Our first meeting was a great success. We had 9 people attend, including our speaker. We had some techical diffictulties with our projector setup, but were able to overcome it due to the small crowd. The presentation was very interesting and the speaker was Class One. Thanks Steve for a great / informative presentation. Below is a link to the slideshow portion of the presentation for anyone intersted in the topic to view. We are looking forward to our next meeting, hoping some time in May / June. Stay tuned.

Past Presentations
Steve's Presentation on Web Service Security Testing [Presentation Slide Show]

= Contact Chapter Leaders & Committee =

Feel free to contact our chapter leaders via email... [mailto:colin.delaney@owasp.org Colin Delaney] [mailto:Chris.Howell@owasp.org Chris Howell]

If you're interested in getting involved we are interested in hearing from you, we're looking to build a great committee to set direction and vision for KW OWASP into the future.

Also feel free to join our mailing list and contact us through it in a public / open fashion. https://lists.owasp.org/mailman/listinfo/owasp-kitchener-waterloo

= Donations =

OWASP is a non-profit vendor neutral organization we are committed to raising the collective security awareness and knowledge in the Kitchener-Waterloo IT community, globally working with our OWASP parent organization to provide the IT community with tools & resources to better make the IT professional aware of security vulnerabilities. If you're a security dedicated individual and you would like to help the Kitchener-Waterloo chapter, put on events, educate the IT professionals and the public. Please consider making a donation through the donate button on this page.

= Social Media= You can follow us on Twitter @OWASP_KW

= Other Chapter Events=

We partner with other chapters, and display their upcoming events in this section in case you are visiting our chapter from somewhere else or you will be in their area, feel free to stop by their events and see what is new and happening at their meetings.