Minneapolis St Paul

Welcome to the OWASP Minneapolis/St. Paul Local Chapter
Welcome to the Minneapolis/St. Paul local chapter homepage.

The chapter leader is Robert Sullivan.

Participation
OWASP chapter meetings are free and open. Anybody interested in web application security is welcome. We encourage attendees to give presentations on specific topics, however please review rules.

To join the chapter mailing list, please visit our mailing list homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Local News
Next meeting: Tuesday, June 20th, 6:00pm at Metro State University, MPLS

Agenda June 20
6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - Metropolitan State University programs

6:15pm - Open Source Security Testing Tools, (Tim McGuire, see below)

7:00pm - Fortify, a commercial source code analysis tool (Joe Teff, see below)

7:30pm - Report on AppSec Europe 2006 (Gunnar Peterson)

7:45pm - What's new in WebGoat 4.0 (Bob Sullivan)

Location:
Metro State,Management Education Center, 1300 Harmon Place June 20th.Room M.1500 or M.1700 look for the event titled: "Open Web Security Meeting"

Directions:
Directions:

Link to building location:

Rooms are on first floor of the Management Education Center. They are really nice rooms with very comfortable chairs. Street parking is free after 6 pm. If you get there early it's just a $.25 for a half hour. There is also a ramp which is $5.00.

Food:
Lorna will bring pizza and pop.

Open Source Tools Presentation
Tim McGuire – Consultant

Will present: Selected open source web application security testing tools.

Tim will demonstrate these tools:


 * 1) Using Gforge, a fat target for security scanning. It uses CVS module, file uploads, email and SOAP.
 * 2) Using Wikto, a Web Server Assesment Tool
 * 3) Using and customizing WSFuzzer, a penetration testing tool that audits HTTP based SOAP targets.
 * 4) Using Oedipus, a web application scanner written in Ruby.
 * 5) Using and customizing Rats, a source code scanner.
 * 6) Using and customizing spike proxy, a HTTP proxy for finding security flaws in web sites.

Fortify, a commercial source code analysis tool
Joe Teff, Wells Fargo

Fortify Source Code Analysis Suite is a set of industry-proven tools that enables you to find, track, and fix security vulnerabilities in your software applications. Fortify is built to work with your development and audit tools and processes. Joe will demonstrate how to use the tool to find source code vulnerabilities. Thanks to the folks at Metropolitan State U for the room and Integral Business solutions for the food.