Washington DC

Welcome to the OWASP Washington, DC-Maryland Local Chapter
The original DC Chapter was founded in June 2004 by [mailto:jeff.williams@owasp.org Jeff Williams] and has had members from Virginia to Delaware. In April 2005 a new chapter, DC-Virginia, was formed and the DC Chapter was renamed to DC-Maryland. The two are sister chapters with common members and shared discourse. The chapters meet in opposite halves of the month to facilitate this relationship.

Chapter meetings are held several times a year, typically in the offices of our sponsor. Please subscribe to the mailing list for meeting announcements. You can also check out the archives of this page here Washington_DC Archives.

Our chapter is sponsored by Aspect Security.

Participation
OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the DC-Maryland Chapter, send an email to [mailto:mfisher___AT__spidynamics.com Matt Fisher] or [mailto:aludwig__AT___packetspy.com Andre Ludwig].

Local News
Thursday Sept 6th LIVE O minicon!!

We will be participating in the LiveO event this year. This means that we will be looking for 4-5 speakers who can give presentations on "Privacy in the 21st Century". We of course (being owasp) would like these presentations to be web-centric, but being the lovers of everything security if a presentation with merit and relevance crosses our path we might throw it into the mix. (must still focus on privacy) So fire up powerpoint or openoffice and get to slide engineering folks!

'''Looks like we have at least 2-3 speakers in the works. We are still sorting out the final location and estimated attendance'''

Thursday August 23rd 6pm Location TBD

I will be giving a presentation outlining some of the various "Rich Interactive Application" (RIA's) Frameworks that are being developed.

Here is the rough draft of the presentation.

Topics to go over (My unofficial plan- YTBD) Offline Web Application frameworks : The fifth horseman? I will be going over the basics of the four major "off line web app frameworks" (aka webocalypse) Adobe AIR Google Gears Microsoft Silverlight Sun JavaFX Try to go over the differences of each framework, where they fit, and why I think the suck Point out potential weaknesses of each framework Write a group letter to all the developers explaining the coming "webocalypse" (Im joking of course)

Wednesday March 28th 6pm Columbia, MD

This meeting will be held at Aspect Security's offices in Columbia MD. The address is below. Food: As usual, geek food will be provided. This usually means pizza and soda.

Getting there: Aspect is located at 9175 Guilford Road (Suite 300) in Columbia. Driving directions are:

>From I-95:

* Exit 38 B : Rt. 32 West towards Columbia (1.5 miles) * Take the Broken Land Parkway exit * Turn left off the ramp onto Broken Land Parkway * Turn left at the light onto Guilford Road (0.5 miles)

After a sharp left, enter the parking lot at 9175 Guilford Road. [Note: if you go under the bridge, you've gone too far]

We're on the third floor in Suite 300

Meeting: Feburary 15th 6PM

Andrew van der stock will be giving a presentation on the following three topics. OWASP Top 10 2007 Spring of Code 2007 an update on OWASP Guide 3.0 status

Watch this space as it will be updated as the meeting nears.

Location information

Our hosts have asked that if you are to show up for the meeting that you patiently wait in the first floor lobby for someone to escort you into the conference room that we will be using.

Here is the address:

SRA Locations


 * Arlington Center (NEW! Opened 7/17/06)
 * 3434 Washington Boulevard
 * Arlington, VA 22201-4508
 * Phone: (703) 284-5000

Meeting: January 18th 6PM

Looks like we will have the following lineup for this months meeting.

This meeting will be held at Aspect Security's offices in Columbia MD. The address is below.


 * 1) Ed Tracy will be giving a brief presentation on the various Owasp Projects/Products.
 * 2) Jeff Williams will be giving a presentation on the recent PDF vulnerability and his released server side fix for it.

The fix can be found here [http://www.owasp.org/index.php/PDF_Attack_Filter_for_Java_EE]

There has been plenty of happenings over the last month that should make for an awesome meeting. Expect to hear about the recent PDF issue! (with example attacks, snort signatures, server side fixes, etc)

Food:

As usual, geek food will be provided. This usually means pizza and soda.

Getting there

Aspect is located at 9175 Guilford Road (Suite 300) in Columbia. Driving directions are:

From I-95:


 * Exit 38 B : Rt. 32 West towards Columbia (1.5 miles)
 * Take the Broken Land Parkway exit
 * Turn left off the ramp onto Broken Land Parkway
 * Turn left at the light onto Guilford Road (0.5 miles)

After a sharp left, enter the parking lot at 9175 Guilford Road. [Note: if you go under the bridge, you've gone too far]

We're on the third floor in Suite 300

December 14th Meeting Notes

I would again like to thank Eric Pascarello for presenting his Ajax security presentation to our chapter. For those of you who missed the meeting and would still like to see the presentation feel free to grab it from Eric's site below. I would also like to thank SRA International for providing the facilities and staff to help host the meeting. Stay tuned for next months meeting!!

http://www.pascarello.com/Presentation/

Meeting: December 14th 6PM

December Meeting Announcement

This OWASP meeting will be held at a new location in Arlington per the chapters request. Please note that this IS NOT a permanent shift in venue, but merely an attempt to include those chapter members who are not able to make it to Columbia on a regular basis.

Agenda


 * 1) Opening, introductions
 * 2) Presentation by Eric Pascarello: Investigating JavaScript and Ajax Security
 * 3) Possible "Unannounced" presentation
 * 4) Everything Else: Current Events, OWASP news, Industry News, Recent Hacks in the News, Closing, etc.
 * 5) BoF discussion on AJAX and AJAX security

Dont know who Eric is? Well here is a quick blurb I "liberated" from a website about him.

Eric Pascarello dissects Ajax security vulnerabilities

Eric Pascarello is the co-author of "Ajax in Action" (Manning Publications, October 2005, and the author of "JavaScript: Your Visual Blueprint for Building Dynamic Web Pages", 2nd Edition (Wiley, October 2004). Pascarello is a 2002 Graduate of Penn State University with a degree in mechanical engineering. He is also a "bartender" on JavaRanch.com. In this interview he talks about Ajax security issues, the need for server-side validation and the Ajax worm released last October on MySpace.com

I am also trying to work out another presentation that will fit our general "theme" of application security as well. (more details to come!) And as always I will try to go over the latest and greatest application security news. (think myspace and quicktime)

Location information

Our hosts have asked that if you are to show up for the meeting that you patiently wait in the first floor lobby for someone to escort you into the conference room that we will be using.

Here is the address:

SRA Locations


 * Arlington Center (NEW! Opened 7/17/06)
 * 3434 Washington Boulevard
 * Arlington, VA 22201-4508
 * Phone: (703) 284-5000


 * Washington_DC Archives