Bay Area

Local News
Please note that this meeting starts later to accomodate our San Jose chapter members. Don't forget to rsvp to anastasia@isecpartners.com

WHAT: San Francisco and San Jose OWASP Chapter Meeting

WHEN: Tuesday, March 6, 2007

6:30-7:00  Social (Food and Drinks) and Chapter Announcements

7:00-8:30  Presentation and Q and A- Dinis Cruz (Chief OWASP Evangelist)

WHERE: iSEC Partners offices located @ 115 Sansome Street Suite 1005 (10th Floor), San Francisco, CA (http://www.isecpartners.com ). We recommend arriving by public transit as parking is extremely limited.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.
 * OWASP, the Open Web Application Security Project

One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer). In this presentation Dinis will explore the missed opportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small difference, ideas and solutions for the future will also be presented.
 * Buffer Overflows on .Net and Asp.Net
 * Owning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done