Ottawa

Meetings Location
Third Brigade: 40 Hines Rd Suite 200 Ottawa, Ontario, Canada K2K 2M5 Map

RSVP
Please RSVP to owasp.ottawa@gmail.com. Please include name, company and how many attendees.

Next Meeting: Tuesday, January 11th, 2011
Meeting Sponsor: 

Meeting schedule:

6:00-6:30 Pizza, wings and pop 6:30-7:30 Main presentation 7:30-8:00 Open discussion and questions

Speaker: Lawrence Dobranski, CISSP-ISSAP, CISM, CSSLP - VoIP Security: VoIP is not data

To manage costs and reduce risks, firms are considering moving to hosted, managed, or self provided VoIP services. Transitioning from traditional voice services to VoIP services introduces new risks, but provides additional services and capabilities. Organizations need to consider these risks and the appropriate mitigation strategies as they make the business decisions regarding VoIP services. VoIP Platforms offer an excellent environment to deliver vertically integrated applications but they have specific risks that must be mitigated. To understand these risks associated with the various flavors of VoIP it is necessary to have a basic understanding of VoIP. Treating VoIP as just another data flow will not expose the unique security requirements and issues associated with this real-time communications system. This presentation will provide an overview of VoIP from a security practitioner perspective, its unique architectural constructs, threat and risk considerations, implications for application development and recommended best practices.

About The Speaker Mr. Lawrence Dobranski is the founder of Catalone IT Security Inc. He is a multi-certified senior security leader, a principal security architect and technologist. He has over 25 years experience in information security, working in industry, professional services, and government. He has acknowledged expertise in information security leadership, architecture, VoIP security, application security, agile security and security in the software lifecycle. He has taught, spoken, lectured, written and blogged extensively on information security.

Lawrence is a part-time faculty member at Algonquin College in Ottawa, Ontario, where he teaches IT Security courses as part of the Computer Studies Department, where he draws on his in depth, hands-on experience, and knowledge of information security.

Lawrence is currently working towards an MBA in Information Security Management (Jones International University) expected in April 2011, and simultaneously, a DSc in Information Assurance (University of Fairfax) expected in January 2014. His DSc research interests are in re-useable software security components as part of product platforms for solutions, services and cloud computing.

Lawrence holds three information security patents.

February, Tuesday 8th 2011
Speaker: Corey Nachreine - The Web is the Battleground; and Social Networks Lead the Charge

Our web browser has become the universal app. We no longer use it just to peruse static web pages, but to interact with a menagerie of complex online applications hosted “in the cloud.” While this evolution of web interactivity provides us with many new opportunities, and immense value, it has also made today’s web the most dangerous place on the Internet. Join WatchGuard Senior Network Security Strategist and CISSP, Corey Nachreiner, to hear why he believes web-based threats will pose a huge risk to your network in 2011. During the talk, you will learn how the three most common web-based attacks -- drive-by downloads, cross-site scripting (XSS), and SQL injection – work. You’ll even see them in action during sample attacks. Nachreiner will also discuss why Social Networks sites are the worst “web-threat” offenders of them all. He’ll highlight three attributes that make Social Networks a ripe target for attackers, and likely the primary source of malware in the coming years. Finally, and most importantly, you’ll learn practical steps you can take, and defenses you can erect, to protect yourself from these web-based threats. As the American cartoon, G.I. Joe, used to say, “Knowing is half the battle.” Join us at [EVENT] to get the knowledge you need to win this web battle!

About The Speaker Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

Previous Meetings
September 10th, 2009 - Justin Foster - Speaker Notes: Download Here April 6th, 2009 - Rafal Los - Speaker Notes: Download Here July 16th, 2008 - John Linehan - Speaker Notes: Download Here November 28th, 2007 - Eric Klien - Make my day