Guadalajara

Local News
General Information of OWASP Membership and benefits as well as the Local Chapter offer is here: [[Media:OWASP_Guadalajara_InfoGral.pptx]]

Flyer: [[Media:Membership Flyer Template_Guadalajara.pptx]]

Meeting Location

Everyone is welcome to join us at our chapter meetings.

OWASP Guadalajara Newsletter
OWASP Guadalajara Monthly Newsletter - Jul2012

[[Media:OWASP_Guadalajara_NEWSLETTER_JUL_2012.pdf‎]]

OWASP Guadalajara Monthly Newsletter - May2012

[[Media:OWASP_Guadalajara_NEWSLETTER_MAY_2012.pdf‎]]

OWASP Guadalajara Monthly Newsletter - April 2012

Please find the Monthly Bulleting of the OWASP Guadalajara. Please send us your comments and suggestions.

[[Media:OWASP_Guadalajara_NEWSLETTER_APRIL_2012.pdf]]

Conferences, Meetings and Workshops
OWASP Guadalajara - 4th Chapter Meeting 2012

Location: Intel Guadalajara

GoTo Meeting: 1. Please join my meeting. https://www3.gotomeeting.com/join/169468398

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone. Mexico (toll-free): 01 800 925 0372

Access Code: 169-468-398 Audio PIN: Shown after joining the meeting

Meeting ID: 169-468-398

Address: Anillo Periferico Sur No. 7980 Edif. 4 E, Santa Maria Tequepexpan 44680 Guadalajara, Jalisco. Infront of “Centro Sur” within “Parque Industrial Intermex”.

Meeting Schedule: Tuesday, December 4th, 2012. From 18:00 to 19:30.

Agenda

OWASP Updates

Manuel Lopez and Eduardo Cerna - OWASP Guadalajara

How to secure .NET Web Applications

Raul Villavicencio Hoyos—Sr Analyst - Apps Prog .NET—Bank of America

Objective: Present to IT Developers the .NET Framework built in  features to protect .NET  Web Applications and take advantage of them to avoid the most common attacks,

BIO: Raul Villavicencio is a Developer/hands on Software Development Life Cycle based in Guadalajara Jalisco. His career span over 6 years including BA Continnum Mexico, Softtek, Jatco Mexico, Nissan Mexicana, Intramart and as Independent Consultant, Education includes Bachelor in Computational Systems Engineering from Universidad Autonoma de Aguascalientes, Microsoft Technology Specialist/Microsoft Professional Developer on ASP.NET 3.5.

PenTest con Herramientas Open Source

Santiago Monterrosas—Security Engineer at MCM Telecom

Duramte Julio-Septiembre del presente año se realizo un proyecto de pentesting para un firma de viajes que opera en México y algunos países extranjeros principalmente EU y Europa, la firma se dedica al turismo y vende reservaciones de hotel, avión, transportación, a personas y grupos, vía Internet. Para realizar los hallazgos en esta fase se acudio a herramientas tradicionales de hacking y para realizar ataques a los objetivos con direcciones IP Públicas se utilizo principalmente backtrack 5. En los ataques se utilzarón dos enfoques, uno basado en la métodología propuesta por Stutard Dafydd y Pinto, Marcus y otro en el enfoque de aplicar tantas herramientas como hallazgos se realicen pero siguiendo el top 10 de OWASP.

Festival de Software Libre 2012

Location: Hotel Holiday Inn, Puerto Vallarta, Jalisco, Mexico

Meeting Schedule: November 1st to November 3rd

OWASP Guadalajara - 3rd Chapter Meeting 2012

Location: Tata Consultancy Services Guadalajara: Auditorium TCS - 2nd. Floor. Av. Camino al Iteso # 8900 int C3 Colonia Pinar de la Calma Tlaquepaque, Jalisco México

Meeting Schedule: Monday September 17th at 17:00-19:30hrs

Material Reviewed

[[Media:Web_Application_Security_with_OWASP.pptx]]

Pictures of the Event



Software Guru Conference and Expo

Location: Centro de Convenciones Los Candiles Polanco, Mexico City

Meeting Schedule: Thursday, June 21st, 2012. From 9:00 to 10:00.

Overview

OWASP Guadalajara was invited by Software Guru magazine to participate in one of the most important events for developers in Mexico "Software Guru Conference and Expo 2012". We participated by presenting the topic "OWASP Top 10 Web Application Vulnerabilities". It was a great opportunity to meet with developers and professionals from the IT industry in Mexico but most important, to continue spreading the OWASP word and objective among developers, making them aware about the main risks and vulnerabilities that can be found on web applications as well as the main countermeasures that can prevent those vulnerabilities of being presented on their Web Apps.

We also had the opportunity to talk about the ESAPI and AppSensor OWASP projects and the benefits to implement them; moreover, we discussed about the various OWASP cheat sheets and OWASP Development guides. The audience was very interested and the time was not enough to continue talking about these topics. At the end, they were satissfied with the information provided and the links where they can find all resources needed to build secure applications. The raing of our speech was rated with 4.25/5; being 5 the highest grade!

We are looking forward to continue working with Software Guru!

Material Reviewed

[[Media:OWASP_Top_10_-_2010_Presentation_SGC.pptx]]

Pictures of the Event



OWASP Guadalajara - 2nd Chapter Meeting 2012

Location: Intel Guadalajara

Address: Anillo Periferico Sur No. 7980 Edif. 4 E, Santa Maria Tequepexpan 44680 Guadalajara, Jalisco. Infront of “Centro Sur” within “Parque Industrial Intermex”.

Meeting Schedule: Wednesday, June 20th, 2012. From 18:30 to 20:00.

Speakers Background

Jaime Olmos de la Cruz—IPv6 Task Force Mexico IPv6 Task Force Mexico is by definition a National community integrated by engineers, network designers, operators, ISPs, investigators, students and volunteers motivated to archive a common goal, the development and deploy of networks aware of IPv6 protocol.

Somen Das— Cross-Site Request Forgery Application Security Analyst for Tata Consultancy Services Ltd. Specialized in Static & Dynamic application vulnerability assessment techniques, main focus is spreading awareness on secure application development and related guidelines across industry verticals. Local Chapter Leader - OWASP Bhubaneswar (India).

Eduardo Cerna Meza— Developing Secure Source Code (First Part) Information Security Engineer at Bank of America. Eduardo has over 15 years of experience in IT Management, Network Security and Operations. Core knowledge and skill areas include: Application Security, Vulnerability scanning, Intrusion Detection and Penetration Testing. (Black-Box, Grey-Box, White-Box).

Agenda

[[Media:OWASP_Guadalajara_Chapter_Meeting_June_20_2012.pdf]]

Material Reviewed

[[Media:OWASP Guadalajara_Jun20th_2012.pdf]]

Pictures of the Event





OWASP Guadalajara - Workshop at the DIVEC FEST 2012

Location: Faculty of Engineering of the University of Guadalajara

Address: Av. Revolución #1500 entre calle Corregidora y Calzada Olímpica. Tlaquepaque, Jalisco.

Meeting Schedule: Tuesday, March 20th, 2012. From 16:00 to 19:00.

Topic: OWASP - Application Security

Description: We will review two of the most common Web Application Attacks and Countermeasures for SQL Injection and Cross-Site Scripting (XSS) by using PAROS and WebGoat.

It was a great experience sharing this time with the students from the Faculty of Engineering of "Universidad de Guadalajara". We had the opportunity to teach the main concepts of SQL injection and Cross-Site Scripting. In addition, they had the chance to practice these concepts by using WebGoat and Paros in conjuction with the OWASP Cheat Sheets.

They showed interest at all time and we had a successfull session. All of them were really excited to know new techniques on Application Security. Be aware of our next event that will be held on April. We will keep you posted!

Here we have some pictures of the event.





Material Reviewed During the Session

[[Media:OWASP_Guadalajara_2012.pdf]]

OWASP Guadalajara - 1st Chapter Meeting 2012

Location: American Society of Jalisco

Address: Avenida San Francisco 3332, Col Chapalita, Guadalajara, Jalisco.

Meeting Schedule: Friday, March 2nd, 2012. From 19:30 to 21:00.

Topic: Anatomy of the Most Recent atacks from Anonymous and Contermeasures.

Description: Studying and anlyzing the most recent atacks performed by Anonymous. Theorical and practical session to identify risks and potential countermeasures on Web Applications.

Agenda

[[Media:OWASP Guadalajara Chapter Meeting - Mar 2nd 2012.pdf]]

Material Reviewed During the Session

As mentioned during the meeting, we will encourage you to bring your laptops in order to give each of you the opportunity to perform and to practice the excercises as well as to clarify all technical questions you may have.

[[Media:OWASP_Guadalajara.pdf‎]]