Difference between revisions of "Boulder"

From OWASP
Jump to: navigation, search
(September 17, 2009 Sql injection)
(27 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Boulder|extra=The chapter leaders are [mailto:kthaxton@businesspartnersolutions.com Kathy Thaxton], [mailto:mrhits777@gmail.com Jeremy Martinez], and [mailto:Andrew.Riesel@GMail.com Andrew Riesel]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}
+
{{Chapter Template|chaptername=Boulder|extra=The chapter leader is [[User:Mark_Major|Mark Major]].
 +
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}
  
<paypal>Boulder</paypal>
+
== Upcoming Events ==
  
Next Meeting of the Boulder OWASP will be September 24, 2009 at Staples in Broomfield.
+
====Wednesday, December 19th at 6pm – CTF Project Development====
  
 +
Plan, plot, hack, hang out.
  
=== Directions to Staples: ===
+
'''When''': Wednesday, December 19th at 6:00pm
 +
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 +
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
 +
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/ MeetUp.com]
 +
<br>'''Virtual meeting''': available through [https://questconsultants.webex.com/ WebEx].
 +
<br>(Please call me if the door is locked or WebEx is down.)
  
'''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''
+
This meeting we will touch on:
 +
* Project timeline
 +
* Team communication
 +
* Trello assignments
 +
* Challenge READMEs
 +
* GitHub use
 +
* Coding standards
 +
* Project demos
  
=== Agenda ===
+
Any time left over will be used for collaboration and coding.
* 6 to 7:00 Dinner @ [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Corporate+Express+1+Environmental+Way,+Broomfield+colorado&sll=39.935803,-105.13092&sspn=0.077395,0.144711&ie=UTF8&ll=39.926934,-105.126565&spn=0.009676,0.018089&z=16&iwloc=A Staples CE - Broomfield]
+
  
* 7pm to 8:30 pm Cross-site scripting lab
 
Sponsor:  '''Nope, no sponsor.  It'a your chapter, BYO dinner and/or order pizza at 6'ish'''
 
  
Speaker:  tbd
+
====Wednesday, January 2nd at 6pm – CTF Project Development====
  
=== Logistics ===
+
Plan, plot, hack, hang out.
Please bring a wifi equipped laptop.  We recommend the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project OWASP LiveCD].  Go ahead and download it and familiarize yourself with it ahead of time, if you're so inclined.
+
  
 +
'''When''': Wednesday, January 2nd at 6:00pm
 +
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 +
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
 +
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/ MeetUp.com]
 +
<br>'''Virtual meeting''': available through [https://questconsultants.webex.com/ WebEx].
 +
<br>(Please call me if the door is locked or WebEx is down.)
  
Following the meeting we will have informal discussions over beverages at the [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Gordon+Biersch+Brewery+Broomfield+colorado&ie=UTF8&ll=39.935803,-105.13092&spn=0.077395,0.144711&z=13&iwloc=A Gordon Biersch Brewery and Restaurant].
+
The standing agenda includes status updates on:
 +
* Participant VM
 +
* Scoreboard
 +
* Challenge management
 +
* Challenge development
 +
* Challenge-framework integration
 +
* General project administration
 +
* Roadblocks
  
 +
Any time left over will be used for collaboration and coding.
  
-----------------------------------------------------------------------
 
  
== Boulder OWASP 2009 AGENDA ==
+
====Thursday, January 17th at 6pm – OWASP Project Round-Up====
=== May 21, 2009 Cross site scripting Lab ===
+
Lab to explain how to attack vulnerable sites –we will use three different examples and
+
Spend  one half hour on each:  Basic attacks, intermediate and advanced.
+
Teacher TBA.
+
  
We will be using the OWASP Live CD and will have them available.
+
To kick off 2013 the Boulder Chapter is holding an OWASP Project Roundup. Chapter members will showcase OWASP projects --from well-known to obscure-- in a series of lightning talks.
Must have laptop with CD player. 
+
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one):
+
  
Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
+
'''When''': Thursday, January 17th at 6:00pm
 +
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 +
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
 +
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/events/93638032/ MeetUp.com]
 +
<br>'''Virtual meeting''': available through [https://questconsultants.webex.com/questconsultants/j.php?ED=16221943&UID=495177262&RT=MiM2 WebEx].
  
[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]
+
To make this work I need volunteers. Your job is to pick a project, learn a bit about it, then present it to the rest of the group. Informal discussions are good, prepared presentations are better, and live demos are best. The goal is lively, informative, low-stress discussions rather than formal, extensively-research presentations. Spend an hour or two familiarizing yourself with your project (you do not need to be an expert on it), jot your notes into a couple of slides, then share with the group for 5 - 10 minutes.
  
=== June 18, 2009 Part 2 Cross Site Scripting Lab – put it into practice – how to defend against Cross site scripting ===
+
Need help selecting a project? Take a look at the [[:Category:OWASP_Project|OWASP Projects page]]. Try tools you use already (the [[:Category:OWASP Top Ten Project|OWASP Top 10]]), tools you've heard of and want to learn more about ([[:Category:OWASP_WebGoat_Project|WebGoat]]), or discover something entirely new ([[:Category:OWASP Enterprise Security API|ESAPI]]). All projects are encouraged, from the popular to the esoteric. Still undecided? Send me a note with your interest in presenting and I will happily suggest some projects to choose from.
We will defend against a basic attack, an intermediate and advanced.
+
Teacher TBA
+
Remember to bring your OWASP Live CD and your laptop with CD player.
+
Location will be at CSU in Fort Collins.  Directions will be forthcoming.
+
6:30 to 7pm Dinner (Brown Bag or we will all order pizza) Lab from 7pm to 9pm.
+
  
=== No meetings July or August 2009 === 
+
To avoid duplicates, project topics will be first-come first-served. Email me your topic idea and I will add it to the meeting agenda on this Wiki as well as the [http://www.meetup.com/OWASP-Boulder/ chapter's MeetUp.com page]. To this point, check the site first before picking a project.
We will try to put up the sites that we are defending against in the June Lab so that you can have a go at them over the break.
+
  
=== September 24, 2009 Sql injection ===
 
We will be using SQL injection to attack using  authentication bypass, database enumeration, adding users through sql injection, Data mining, writing code
 
Teacher TBA
 
We will be using the OWASP Live CD and will have them available.
 
Must have laptop with CD player. 
 
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
 
Brown bag or we can order pizza when everyone gets there.
 
6pm to 7pm dinner and Lab from 7pm to 8:30
 
Drinks at Gordon Biersch after the lab.  Topics up for discussion (TBA).
 
  
=== October, 22, 2009 Defense against sql injection – how to sanitize user input ===
+
Please remember that seating is limited and is prioritized for those who RSVP through MeetUp. If you have a change of plans, please update your RSVP status to allow space for those on the waiting list. Food and drinks are provided and the facilities will remain open after the meeting for socializing and networking. All meetings are free to attend.
Teacher TBA
+
We will be using the OWASP Live CD and will have them available.
+
Must have laptop with CD player. 
+
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).
+
  
=== November, 19, 2009 This Lab will put into action the SQL injection attack and the defense.  ===
 
We will be using the attacks from the September meeting and then defending against them.
 
We will be using the OWASP Live CD and will have them available.
 
Must have laptop with CD player. 
 
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
 
Brown bag or we can order pizza when everyone gets there.
 
6pm to 7pm dinner and Lab from 7pm to 8:30
 
Drinks at Gordon Biersch after the lab.  Topics up for discussion (TBA).
 
  
 +
====Special Thanks====
 +
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.
  
=== December  - Date TBA  “Capture the Holiday flag” ===
+
[[File:BoulderSponsorAerstone.png]]
We are planning on reserving space at a restaurant. What better way to Capture the Flag than over a couple of beers?
+
 
 +
 
 +
[[Category:OWASP Chapter]]
 +
[[Category:Colorado]]

Revision as of 12:23, 13 December 2012

Contents

OWASP Boulder

Welcome to the Boulder chapter homepage. The chapter leader is Mark Major.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming Events

Wednesday, December 19th at 6pm – CTF Project Development

Plan, plot, hack, hang out.

When: Wednesday, December 19th at 6:00pm
Where: Aerstone, located at 1711 Pearl St. (3rd floor).
Parking: Free through the Whittier Neighborhood Zone.
RSVP: available through MeetUp.com
Virtual meeting: available through WebEx.
(Please call me if the door is locked or WebEx is down.)

This meeting we will touch on:

  • Project timeline
  • Team communication
  • Trello assignments
  • Challenge READMEs
  • GitHub use
  • Coding standards
  • Project demos

Any time left over will be used for collaboration and coding.


Wednesday, January 2nd at 6pm – CTF Project Development

Plan, plot, hack, hang out.

When: Wednesday, January 2nd at 6:00pm
Where: Aerstone, located at 1711 Pearl St. (3rd floor).
Parking: Free through the Whittier Neighborhood Zone.
RSVP: available through MeetUp.com
Virtual meeting: available through WebEx.
(Please call me if the door is locked or WebEx is down.)

The standing agenda includes status updates on:

  • Participant VM
  • Scoreboard
  • Challenge management
  • Challenge development
  • Challenge-framework integration
  • General project administration
  • Roadblocks

Any time left over will be used for collaboration and coding.


Thursday, January 17th at 6pm – OWASP Project Round-Up

To kick off 2013 the Boulder Chapter is holding an OWASP Project Roundup. Chapter members will showcase OWASP projects --from well-known to obscure-- in a series of lightning talks.

When: Thursday, January 17th at 6:00pm
Where: Aerstone, located at 1711 Pearl St. (3rd floor).
Parking: Free through the Whittier Neighborhood Zone.
RSVP: available through MeetUp.com
Virtual meeting: available through WebEx.

To make this work I need volunteers. Your job is to pick a project, learn a bit about it, then present it to the rest of the group. Informal discussions are good, prepared presentations are better, and live demos are best. The goal is lively, informative, low-stress discussions rather than formal, extensively-research presentations. Spend an hour or two familiarizing yourself with your project (you do not need to be an expert on it), jot your notes into a couple of slides, then share with the group for 5 - 10 minutes.

Need help selecting a project? Take a look at the OWASP Projects page. Try tools you use already (the OWASP Top 10), tools you've heard of and want to learn more about (WebGoat), or discover something entirely new (ESAPI). All projects are encouraged, from the popular to the esoteric. Still undecided? Send me a note with your interest in presenting and I will happily suggest some projects to choose from.

To avoid duplicates, project topics will be first-come first-served. Email me your topic idea and I will add it to the meeting agenda on this Wiki as well as the chapter's MeetUp.com page. To this point, check the site first before picking a project.


Please remember that seating is limited and is prioritized for those who RSVP through MeetUp. If you have a change of plans, please update your RSVP status to allow space for those on the waiting list. Food and drinks are provided and the facilities will remain open after the meeting for socializing and networking. All meetings are free to attend.


Special Thanks

The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

BoulderSponsorAerstone.png