Cincinnati

Local News
The chapter has just started! We are currently setting up the board members and get the local community involved by publicizing the chapter. We are currently planning activities for 2008. To submit educational topic upcoming meetings please submit your powerpoint using the OWASP Template and include a speaker BIO. If you wish to become a sponsor or co-sponsor please send an email to the chapter leader.

February Meeting
When: February 26th, 2008, 6.45pm - 7:45pm Presentation starts @ 7.00 pm Where: Citibank N.A, 9997 Carver Road, Bldg. 1, Cincinnati, Ohio, 45242-5537. Please access the building from the visitor lobby.  Your RSVP is required before the meeting. A list will be provided to the guards that will proof verify you and grant you access to the Buckeyes Lecture Room. For help with directions: Citi Blue Ash Help Desk at (513) 979 900

Session Topic: OWASP Top Ten Vulnerabilities and Software Root Causes: Solving The Software Security Problem From an Information Security Perspective

Who: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger)

Before to diagnose the disease and provide the cure a doctor looks at the root causes of the sickness, the risk factors and the symptoms. In case of application security most of the root causes of the security issues are in unsecure software: the risk factors can be found in how bad the application is designed, the software is coded and the application is tested. The presentation will articulate the problem of secure software, the costs, the risks and how are typically dealt with by most organizations. The solution requires people, process and tools. From the information security perspective we will look at ways to enforcing software security throughout your organization as part of information security and risk management processes. A set of software security requirements is the best place to start to address the root causes of web application vulnerabilities. With a categorization of web application vulnerabilities as weakness in the security controls is easier to describe the root case of each vulnerability in term of a coding error. A good place to start is to document software security requirements for some basic web application vulnerabilities such as the OWASP Top Ten. For each of these vulnerabilities we will cover the threat, the software root cause of the vulnerability, how to find if you are vulnerable, the countermeasure and the risk that suppose to mitigate.

January Meeting
When: January 29th, 2008, 11:30am - 1:00pm

General Session Topic: Introduction to OWASP

Who: Marco Morana (Citigroup, TISO, OWASP Chapter Leader, Security Blogger) The presentation is available herein.

OWASP plays a special role in the application security ecosystem, is vehicle for sharing knowledge and lead best practices across organizations. As an example OWASP is a community of people passionate about application security. We all share a vision of a world where you can confidently trust the software you use. One of our primary missions is to make application security visible so that people can make informed decisions about risk. OWASP is the most authoritative and resourceful application security organization to share and open source tools, documents, basic information, guidelines, presentations projects worldwide. The OWASP Top Ten list includes a reference for most critical web application security flaws compiled by a variety of security experts from around the world. The list is recommended by U.S. Federal Trade Commission, the U.S. Defense Information Systems Agency and is adopted by Payment Card Industry (PCI) as a requirement for security code reviews.Through OWASP you’ll find a rich community of people to connect through mailing lists, participating in the local chapters, and attending conferences. The people involved in OWASP recognize the world’s software is most likely getting less and less secure. As we increase our interconnections and use more and more powerful computing technologies, the likelihood of introducing vulnerabilities increases exponentially. Whatever the internet becomes, OWASP can play a key role in making sure that it is a place we can trust. This meeting will provide an opportunity to meet local OWASP affiliates and members and know more about how to contribute to OWASP.

Specific Session Topic: Webgoat and Webscarab Security Tools Use Cases

Who: Blaine Wilson (Citigroup, TISO)

The presentation will show how to use popular OWASP tools such as Webscarab web proxy and Webgoat to learn about common security vulnerabilities in applications

Cincinnati OWASP Chapter Leaders
 Officers Board of Directors 
 * Chapter Leader: [mailto:marco.m.morana@gmail.com Marco Morana]
 * Vice Chapter Leader: [mailto:allisonshubert@yahoo.com Allison Shubert]
 * Secretary: [mailto:blainekwilson@msn.com Blaine Wilson]
 * Chairman: Wayne H. Browning
 * Board Members:

About OWASP

 * How OWASP Works for more information about projects and governance

OWASP News

 * OWASP Application Security News