Columbus

Local News
– NOTICE – Next chapter meeting - 7/7/2008; details below We are still seeking one or two more board members and to get the local community involved by publicizing the chapter. We are currently planning activities for the remainder of 2008; at least one chapter meeting per quarter - more if interest warrants.

To submit educational topics for upcoming meetings, please submit your powerpoint using the OWASP Template and include a speaker BIO. Any inquiries regarding chapter or meeting sponsors can be directed to [mailto:owasp(at)hayesdf.com Chris Hayes]. Please begin the subject header with: [OWASP COLUMBUS].

Thank you!

March 2008 Meeting
When: March 24th, 2008, 6:00 PM - 7:30 PM, Doors open at 5:30 PM

Where: Heritage Room, One Nationwide Plaza, Columbus, OH 43215

Parking: Recommend parking in the Front St. Garage; take the Skywalk from the garage over to the Nationwide Plazas. Signs will be posted.

*** General Session Topic: Introduction to OWASP ***

Who: Chris Hayes (Nationwide Insurance, CISSP, OWASP Columbus, OH Chapter Leader)

OWASP plays a special role in the application security ecosystem, is vehicle for sharing knowledge and lead best practices across organizations. As an example, OWASP is a community of people passionate about application security. We all share a vision of a world where you can confidently trust the software you use. One of our primary missions is to make application security visible so that people can make informed decisions about risk. OWASP is the most authoritative and resourceful application security organization to share and open source tools, documents, basic information, guidelines, presentations projects worldwide. The OWASP Top Ten list includes a reference for most critical web application security flaws compiled by a variety of security experts from around the world. The list is recommended by U.S. Federal Trade Commission, the U.S. Defense Information Systems Agency and is adopted by Payment Card Industry (PCI) as a requirement for security code reviews. Through OWASP you’ll find a rich community of people to connect through mailing lists, participating in the local chapters, and attending conferences. The people involved in OWASP recognize the world’s software is most likely getting less and less secure. As we increase our interconnections and use more and more powerful computing technologies, the likelihood of introducing vulnerabilities increases exponentially. Whatever the internet becomes, OWASP can play a key role in making sure that it is a place we can trust. This meeting will provide an opportunity to meet local OWASP affiliates and members and know more about how to contribute to OWASP.

*** Specific Session Topic: Web Session Token Security (OWASP Top 10 - Broken Authentication and Session Management) ***

Who: Greg Green (CISSP, Senior Security Consultant, Nationwide Insurance)

During this presentation we will briefly cover web application sessions. Attendees will be introduced to the OWASP WebGoat application and the session management flaw exercise labeled “Spoof an Authentication Cookie”. Besides WebGoat, attendees will also be exposed to the OWASP tool WebScarab (intercepting proxy), and some simple JAVA code.