France

''' France Chapter

The French Chapter is also available on LinkedIn: Join us, it only takes a minute!

OWASP BeNeLux 2011 Conference - University of Luxembourg
Ludovic had a talk about "WebApp Security and Legal aspects" on Dec 2.


 * Overview
 * This presentation aims to be used by anybody willing to spread the voice of OWASP. See this as an Awareness session.
 * Use it and use it again.
 * Try to open your mind, just met me know if I can help.

However, if you do not pay enough attention to many aspects of Legal compliance, you'll see why Web Application Security is somehow linked to Legal and Regulatory aspects as well as... Corporate Responsability, so yours. Who is accountable for what, what about each other's responsibility? Nowadays, the legal constraints oblige us to comply via technical means, whatever the local framework, and this is specially true for Web Application Security, many sensitive informations having to be handled through these web interfaces. A such, what do you think about your Security Policy compliance with your local Legal framework? Compliant? Sure? Really? Interesting isn't it? Let's have a talk about this.
 * Abstract Title: "Do you... Legal?"
 * The OWASP core mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.

May 2011 - Paris Meeting
[Logo to be placed here]

We are honored to welcome Jim Manico during his European Tour in the Netherlands, Belgium and France.


 * Overview
 * Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
 * This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
 * The course will be very practical where demonstration and hands-on exercises will be provided for the tools covered.
 * If you are interested in participating in the hands on portion of the course, please bring a laptop.


 * Abstract Title: "The Ghost of XSS Past, Present and Future. A Defensive Tale"
 * This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.


 * Speaker
 * Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience. Jim is also the Chair of the OWASP Connections Committee, one of the Project Managers of the OWASP ESAPI Project, a participant and manager of the OWASP Cheatsheet series, the Producer and host of the OWASP Podcast Series, the Manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project. When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey.


 * Date
 * May 24, 2011


 * Venue
 * Paris


 * Registration
 * Click here

EUROPE - ENISA’s Who-is-Who Directory on Network and Information Security
We are pleased to announce that OWASP France is part of the ENISA’s Who-is-Who Directory.

The ENISA is the European Network and Information Security Agency. The ENISA Who-is-Who Directory on Network and Information Security 2011 contains information on NIS stakeholders, such as national and European authorities and NIS organisations, contact details, websites, and areas of responsibilities or activities. This Directory serves as the "yellow pages" of Network and Information Security (NIS) in Europe. As such, it is a useful tool for those working closely with NIS issues in Europe.

Top Ten 2010 Translation
The OWASP TOP Ten 2010 in French is available

Meetings
Le 26 Avril 2011 dans les locaux de GROUPE Y :


 * 9:00: Introduction - Ludovic Petit & Sébastien Gioria
 * 9:30: OpenSAMM - Antonio Fontes (Chapter Leader OWASP Geneva)
 * 11:00: OWASP Cloud Top 10 Project - Ludovic Petit (Chapter Leader OWASP France & OWASP Global Education Committee Member)
 * 11:45: OWASP ESAPI - Fabio Cerullo (Chapter Leader OWASP Ireland & Global Education Committee)
 * 14:15: OWASP Testing Guide - Sébastien Gioria (French Chapter Leader & OWASP Global Education Committee Member)
 * 15:15: OWASP 02 Platform - Live Session - Dinis Cruz (OWASP O2 Project Leader)
 * 16:30: OWASP Code Review - Victor Vuillard

Le 6 Mai 2009 à 17h30 à L'EPITECH :


 * 17h30 : Accueil des participants
 * 18h - 18h 15 : Welcome et overview of agenda (Board OWASP France)
 * 18h30 - 19h : Attaques sur les Web Services - Renaud Bidou
 * 19h15 - 19h45 : Software Security Initiatives in the Real World - Claudio Merloni
 * 20h : Close

A propos des Speakers :

Renaud Bidou : Directeur Technique de DenyAll. Il travaille depuis plus de 10 ans dans la sécurité et a publié de nombreux articles et white-papers touchant à des sujets aussi variés que les dénis de service, les portknockers, les botnets, la mise en place d’un SOC, l’analyse graphique d’attaques ou encore les techniques de contournements.

Claudio Merloni : Claudio Merloni est Software Security Consultant chez Fortify Software. Ses expériences dans le domaine de la sécurité embrassent la sécurité applicative, revue de code, architectures sécurisées, analyse des risques, conformité, test de sécurité à niveau réseau, système et applicatif, monitoring, contrôle d'accès. Il a participé a plusieurs conférences, entre lesquelles BlackHat et CONFidence.

Le Lieu : EPITECH

Amphi 2

14-16 rue Voltaire

94276 Kremlin Bicêtre Cedex

Moyens d'accès Métro
 * ligne 7 : Porte d'Italie

Bus
 * ligne 47, 125, 131, 185 : Roger Salengro
 * ligne 186 : Pierre Brossolette

Voiture
 * périphérique : sortie Porte d'Italie

Contacts et Propositions de Présentations/Contributions

 * [mailto:sebastien.gioria@owasp.fr S&eacute;bastien Gioria] et [mailto:ludovic.petit@owasp.org Ludovic Petit] sont à votre disposition si vous souhaitez des informations sur l'OWASP, ainsi que pour des sessions de sensibilisation/formation sur la sécurité des Applications Web.

N'hésitez pas à nous solliciter si vous souhaitez discuter d'un sujet particulier en foncton de vos besoins, ou si vous souhaitez effectuer une présentation lors d'un meeting du Chapitre France.

Amis de la presse écrite et/ou multimedia, n'hésitez pas à faire appel à nous si vous souhaitez notre concours, vous êtes les bienvenus, Ensembles, Chacun fait plus!

'''TEAM stands for... Together Each Achieves More!'''

Informations locales
|badge&Lang=FR&ref=OWAW https://www.owasp.org/images/8/88/Infosecurity.gif
 * 2009-06-09 : Intervention sur les WAF lors du Forum CERT-IST
 * 2009-02-03 : L'OWASP France sera présent à PCI Paris. La présentation est : l'OWASP et l'exigence 6.5 de PCI-DSS
 * 2008-11-19 : L'OWASP France sera présent sur Infosecurity France à Paris :


 * 2008-07-08 : L'OWASP France a présenté le projet OWASP à l'OSSIR. La présentation est disponible sur le site de l'OWASP
 * 2008-02-15 : Le Top10 2007 est en version Francaise
 * 2008-02-11 : Présentation aux TechDays 2008 Microsoft
 * 2007-11-22 : Présentation a Infosecurity France de l'OWASP
 * 2007-11-07 : Interview dans le Journal du Net
 * 2007-10-05 : L'OWASP France présentera les enjeux de la sécurité des Services WEB à Infosecurity France le 22/11/2007
 * 2006-12-18 : Mise en place de l'association pour supporter le groupe OWASP
 * 2006-12-14 : Le Hub OWASP Viaduc a vu le jour http://www.viadeo.com/hub/affichehub/?hubId=002fj37grgb7o7n
 * 2006-12-13 : Naissance du chapitre Francais de l'OWASP. Une liste de diffusion est disponible.Abonnez vous

Documents Francais

 * 2010-08-30 : La version française du Top 10 2010 est disponible
 * 2008-02-15 : Le Top10 2007 est en version Française Format PDF, Format Word
 * 2007-11-16 : Folio 2 pages Recto/verso de présentation pour Infosecurity.
 * 2007-02-27 : Newsletter_francaise_num%C3%A9ro_1
 * 2007-06-20 : Présentation de l'OWASP faite à NY en Juin 2007