Austin

Local News
If a link is available, click for more details on directions, speakers, etc. You can also review Email Archives to see what folks have been talking about

Next Meeting
July 2007 Austin OWASP chapter meeting - 7/31, 11:30am - 1:00pm at Whole Foods. Dan Cornell will be presenting on Cross Site Request Forgery

Cost: Always Free

Whole Foods Market (Downtown, plaza level, sign in with receptionist) 550 Bowie Street, Austin, TX 78703. Link to Map 

Abstract: Cross Site Request Forgery  (CSRF) vulnerabilities occur when applications allow an attacker to force a victim's browser to make requests detrimental to the victim's interests. Based on MITRE statistics CSRF vulnerabilities are on the rise, and the inclusion of CSRF on the updated OWASP Top 10 2007 has cemented their position as a serious concern for organizations building secure web applications. This presentation will examine CSRF vulnerabilities in detail, using several examples to illustrate their power and impact. In addition, safeguard measures will be discussed with code examples in both Java and .NET. Bio: Dan Cornell is a Principal of the Denim Group, a Texas-based consultancy providing software development and application security services. He has extensive experience architecting and developing enterprise web applications on a variety of platforms as well as training and mentoring development teams on application security and secure coding techniques. Dan is the creator and primary author of the sprajax open source AJAX security assessment tool. He is an MCSD as well as a Java 2 Certified Programmer.

Questions...call Scott 512-637-9824

Record Hall of Meetings
July 2007 Austin OWASP chapter meeting - 7/31, 11:30am - 1:00pm at Whole Foods. Dan Cornell will be presented on Cross Site Request Forgery

June 2007 Austin OWASP chapter meeting - 6/26, 11:30am - 1:00pm at National Instruments. James Wicket presented on Running Web Application Scans using Watchfire AppScan 7.5.

May 2007 Austin OWASP chapter meeting - 5/29, 11:30am - 1:00pm at Whole Foods Market,downtown (plaza level).

"Bullet Proof UI - A programmer's guide to the complete idiot". Robert will be talking about ways to secure a web-app from aggressive attackers and the unwashed masses alike.

April 2007 Austin OWASP chapter meeting - 4/24, 11:30am - 1:00pm at National Instruments. H.D. Moore (creator of MetaSploit will be presenting)

March 2007 Austin OWASP chapter meeting - 3/27, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

January 2007 Austin Chapter Meeting - 1/30, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S15.

December Meeting - Due to the holidays, there will be no December OWASP meeting. However, we are looking for speakers for the January meeting. If you or anyone you know would be a good candidate, let us know! Happy Holidays!

November 2006 Austin Chapter Meeting - 11/21, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S14.

October 2006 Austin Chapter Meeting - 10/31 - Boo!

September 2006 Austin Chapter Meeting - 9/26, 12-1:00 at Texas ACCESS Alliance building located at the intersection of IH-35 South and Ben White

August 2006 Austin Chapter Meeting - Tuesday- 8/29, 11:30-1:30 on the National Instruments campus, Mopac B (the middle building), conference room 112 (in the Human Resources area to the left of the receptionist). See directions to National Instruments. Hint: It is on your left on Mopac if you were heading up to Fry's from Austin.

Austin OWASP chapter kickoff meeting - Thursday, 7/27, 12-2pm @ Whole Foods Market (downtown, plaza level, sign in with receptionist)

Presentation Archives
The following presentations have been given at local chapter meetings:


 * Single Sign On (7/27)


 * A Rough Start of a Toolset for Assessing Java/J2EE Web Apps (7/27) - MattFranz discussed some custom Python tools he has been writing for conducting security testing of a Struts (and other Java) web applications.


 * AJAX Security: Here we go again - Dan Cornell from Denim Group discussed security issues in the one the popular Web 2.0 technlogy (8/29)