Louisville

Louisville

Upcoming June Meeting
Save the Date - Louisville OWASP Chapter – Second Meeting Friday June 19, 2009

The second OWASP meeting will feature a presentation from Adrian Crenshaw of Irongeek. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.

Adrian runs the information security website Irongeek.com, which specializes in videos and  articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.

Title: Mutillidae: Using a deliberately vulnerable set of PHP scripts to illustrate the OWASP Top 10 Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project.

Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.

Our meeting location will be at Memorial Auditorium, located at 970 S. 4th Street (Corner of 4th Street and Kentucky Street)..

Thanks and we hope to see you on June 19th!

Past Meetings
March 2009 The first Louisville OWASP meeting will coincide with the Kentuckiana ISSA March meeting, on Friday March 6 2009. The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and will offer ISSA members, other security professionals, application developers, and all other interested parties, a free forum to learn and discuss the newest developments in application security. Following March’s meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.


 * When: Friday, March 6, 2009, from 11:30 am to 1:00 pm @ Innovative Productivity / McConnell Technology, 401 Industry Rd, Louisville, KY 40208

If you plan to attend the meeting please RSVP by email to [mailto:Kristen.Sullivan@ky.gov Kristen Sullivan].

Everyone is welcome to join us at our chapter meetings.

Louisville OWASP Chapter Board Members
Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. The board currently includes the following members:
 * Chapter Leader: [mailto:cparker@accuvant.com Chris Parker]
 * [mailto:Kristen.Sullivan@ky.gov Kristen Sullivan]
 * [mailto:CHAlexander@ups.com Carl Alexander]
 * [mailto:Brian.Blankenship@kindredhealthcare.com Brian Blankenship]
 * [mailto:mitch.greenfield@gmail.com Mitchell Greenfield]
 * [mailto:mthacker@humana.com Mark Thacker]
 * [mailto:agupta@humana.com Ajay Gupta]
 * [mailto:mmaxey@accuvant.com Mark Maxey]
 * [mailto:jkoenig@humana.com Curtis Koenig]
 * [mailto:scott_macarthur@b-f.com Scott MacArthur]

Join our group on LinkedIn
http://www.linkedin.com/groups?gid=1917263

Meeting Presentations
March Presentation

About OWASP
The OWASP Foundation is a 501(c)3 non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. Consult the how OWASP works web page for more information about projects and governance.

OWASP Membership

OWASP is an open source project dedicated to finding and fighting the causes of insecure software. All of our materials are free and offered under an open source license, so you do not have to become a member to use them or participate in our projects, mailing lists, conferences, meetings or other activities. On the other hand OWASP rely membership fees and sponsorship to support his activities. There are also unique benefits to become a corporate member such as the use of OWASP materials within your organization without the restrictions associated with the various open source licenses. OWASP individual members also get discounts to security conferences and other perks. For more information consult the OWASP Membership web page.

Articles, Links, etc.
OWASP article with the official SCG release on Darkreading magazine today.

http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=216402325

The Rocky Road to More Secure Code

http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=216403548&cid=nl_DR_WEEKLY_T

OWASP Sheds Light on its Security Standards

http://www.sdtimes.com/OWASP_SHEDS_LIGHT_ON_ITS_SECURITY_STANDARDS/About_OWASP_and_SECURITY/33469