Difference between revisions of "Boulder"

From OWASP
Jump to: navigation, search
(Next Meeting - XSS Lab - Postponed until August 20th, 2009)
(36 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Boulder|extra=The chapter leaders are [mailto:kthaxton@businesspartnersolutions.com Kathy Thaxton], [mailto:mrhits777@gmail.com Jeremy Martinez], and [mailto:Andrew.Riesel@GMail.com Andrew Riesel]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}
+
{{Chapter Template|chaptername=Boulder|extra=The chapter leader is [[User:Mark_Major|Mark Major]].
 +
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}
  
<paypal>Boulder</paypal>
+
== Upcoming Events ==
 +
====Thursday, February 21st at 6pm – Analysis of Drupal Security====
  
== '''Next Meeting - XSS Lab - Postponed until August 20th, 2009''' ==
+
'''When''': Thursday, February 21st at 6:00pm
Due to some location security issues we must postpone the June meeting until AugustWe will finish the Cross Site Scripting lab on August 20th, 2009 and we will be using a Broomfield location rather that a Fort Collins location.
+
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 +
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
 +
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/events/102677222/ MeetUp.com]
 +
<br>'''Virtual meeting options''': see [http://www.meetup.com/OWASP-Boulder/events/102679412/ MeetUp.com] .
  
The good news is we have some new sites to attack and defend with the help of Anurag Agarwal, the Director of Education at WhiteHat Security and we will have a much more intense lab.
+
'''Agenda'''
We wholeheartedly apologize for the delay but it will be worth the wait.
+
<br>6:00 - 6:30 Food, drink, and networking
 +
<br>6:30 - 7:15 Chapter business and group discussion
 +
<br>7:15 - 8:00 Featured presentation
 +
 +
'''Featured Presentation: Analysis of Drupal Security'''
 +
<br>An overview of how Drupal, one of the most commonly used, open source content management systems, is secured against the OWASP Top Ten, some common configuration mistakes, and emerging trends on Drupal exploits.  What attacks are targeting Drupal applications?  Personal thoughts from a developer, user and admin of Drupal sites about clear steps that can be taken to improve security with Drupal applications.
 +
 +
'''Speaker Bio'''
 +
<br>Andrew has been a developer for 7 years.  He began as a PHP and C# developer, where he entered web application development by designing and creating web services.  For the last 5 years he has been a web developer in Boulder.  He has always had an interest in web application, network, and cyber security and has brought those interests into his web developer role with securing web applications.  He is often amused how passwords are still stored as plain text, untrusted HTML input is not validated, and GET parameters are not sanitized.
 +
 +
Seating is limited and is prioritized for those who RSVP. Parking is available through the Whittier Neighborhood Zone. Food and drinks will be provided and there will be a networking session preceding the meeting. As always, meetings are free to attend.
  
Please join the Boulder OWASP Chapter on Thursday, August 20th, 2009 at Staples for a XSS lab.
+
====Special Thanks====
THREE levels of labs - beginner, intermediate, and advanced.
+
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.
  
=== Cross-site scripting '''LAB''' - Beginner, Intermediate, and Advanced ===
+
[[File:BoulderSponsorAerstone.png]]
  
Lab to explain how to attack vulnerable sites –we will use three different examples and
+
====Wednesday, Wednesday, February 20th at 6pm – CTF Project Development====
Spend  one half hour on each:  Basic attacks, intermediate and advanced.
+
Teacher TBA.
+
We will be using the OWASP Live CD and will have them available.
+
Must have laptop with CD player. 
+
Meeting will be at '''Staples:  [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab.  Topics up for discussion (we’ll choose one)
+
  
Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
+
Plan, plot, hack, hang out.
[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]
+
  
==== Resources from the Meeting - Stuff you Wish You'd Been There to Hear About :-) ====
+
'''When''': Wednesday, February 20th at 6:00pm
[http://ha.ckers.org/xss.html RSnake's XSS Cheat-sheet]
+
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 +
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
 +
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/ MeetUp.com]
 +
<br>'''Virtual meeting''': available through [https://questconsultants.webex.com/ WebEx].
 +
<br>(Please call me if the door is locked or WebEx is down.)
  
=== Directions to Staples: ===
+
The standing agenda includes status updates on:
 +
* Participant VM
 +
* Scoreboard
 +
* Challenge management
 +
* Challenge development
 +
* Challenge-framework integration
 +
* General project administration
 +
* Roadblocks
  
'''Staples:  [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''
+
Any time left over will be used for collaboration and coding.
  
=== Agenda ===
+
[[Category:OWASP Chapter]]
* 6 to 7:00 Dinner @ [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Corporate+Express+1+Environmental+Way,+Broomfield+colorado&sll=39.935803,-105.13092&sspn=0.077395,0.144711&ie=UTF8&ll=39.926934,-105.126565&spn=0.009676,0.018089&z=16&iwloc=A Staples CE - Broomfield]
+
[[Category:Colorado]]
 
+
* 7pm to 8:30 pm Cross-site scripting lab
+
Sponsor:  '''Nope, no sponsor.  It'a your chapter, BYO dinner and/or order pizza at 6'ish'''
+
 
+
Speaker:  tbd
+
 
+
=== Logistics ===
+
Please bring a wifi equipped laptop.  We recommend the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project OWASP LiveCD].  Go ahead and download it and familiarize yourself with it ahead of time, if you're so inclined.
+
 
+
 
+
Following the meeting we will have informal discussions over beverages at the [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Gordon+Biersch+Brewery+Broomfield+colorado&ie=UTF8&ll=39.935803,-105.13092&spn=0.077395,0.144711&z=13&iwloc=A Gordon Biersch Brewery and Restaurant].
+
 
+
 
+
-----------------------------------------------------------------------
+
 
+
== Boulder OWASP 2009 AGENDA ==
+
=== May 21, 2009 Cross site scripting Lab ===
+
Lab to explain how to attack vulnerable sites –we will use three different examples and
+
Spend  one half hour on each:  Basic attacks, intermediate and advanced.
+
Teacher TBA.
+
 
+
We will be using the OWASP Live CD and will have them available.
+
Must have laptop with CD player. 
+
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab.  Topics up for discussion (we’ll choose one):
+
 
+
Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
+
 
+
[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]
+
 
+
=== June 18, 2009 Part 2 Cross Site Scripting Lab – put it into practice – how to defend against Cross site scripting ===
+
We will defend against a basic attack, an intermediate and advanced.
+
Teacher TBA
+
Remember to bring your OWASP Live CD and your laptop with CD player.
+
Location will be at CSU in Fort Collins.  Directions will be forthcoming.
+
6:30 to 7pm Dinner (Brown Bag or we will all order pizza) Lab from 7pm to 9pm.
+
 
+
=== No meetings July or August 2009 === 
+
We will try to put up the sites that we are defending against in the June Lab so that you can have a go at them over the break.
+
 
+
=== September 17, 2009 Sql injection ===
+
We will be using SQL injection to attack using  authentication bypass, database enumeration, adding users through sql injection, Data mining, writing code
+
Teacher TBA
+
We will be using the OWASP Live CD and will have them available.
+
Must have laptop with CD player. 
+
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab.  Topics up for discussion (TBA).
+
 
+
=== October, 22, 2009 Defense against sql injection – how to sanitize user input ===
+
Teacher TBA
+
We will be using the OWASP Live CD and will have them available.
+
Must have laptop with CD player. 
+
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab.  Topics up for discussion (TBA).
+
 
+
=== November, 19, 2009 This Lab will put into action the SQL injection attack and the defense.  ===
+
We will be using the attacks from the September meeting and then defending against them.
+
We will be using the OWASP Live CD and will have them available.
+
Must have laptop with CD player. 
+
Meeting will be at Staples:  One Environmental Way, Broomfield, Co. 80021
+
Brown bag or we can order pizza when everyone gets there.
+
6pm to 7pm dinner and Lab from 7pm to 8:30
+
Drinks at Gordon Biersch after the lab.  Topics up for discussion (TBA).
+
 
+
 
+
=== December  - Date TBA  “Capture the Holiday flag” ===
+
We are planning on reserving space at a restaurant.  What better way to Capture the Flag than over a couple of beers?
+

Revision as of 23:41, 19 February 2013

Contents

OWASP Boulder

Welcome to the Boulder chapter homepage. The chapter leader is Mark Major.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming Events

Thursday, February 21st at 6pm – Analysis of Drupal Security

When: Thursday, February 21st at 6:00pm
Where: Aerstone, located at 1711 Pearl St. (3rd floor).
Parking: Free through the Whittier Neighborhood Zone.
RSVP: available through MeetUp.com
Virtual meeting options: see MeetUp.com .

Agenda
6:00 - 6:30 Food, drink, and networking
6:30 - 7:15 Chapter business and group discussion
7:15 - 8:00 Featured presentation

Featured Presentation: Analysis of Drupal Security
An overview of how Drupal, one of the most commonly used, open source content management systems, is secured against the OWASP Top Ten, some common configuration mistakes, and emerging trends on Drupal exploits. What attacks are targeting Drupal applications? Personal thoughts from a developer, user and admin of Drupal sites about clear steps that can be taken to improve security with Drupal applications.

Speaker Bio
Andrew has been a developer for 7 years. He began as a PHP and C# developer, where he entered web application development by designing and creating web services. For the last 5 years he has been a web developer in Boulder. He has always had an interest in web application, network, and cyber security and has brought those interests into his web developer role with securing web applications. He is often amused how passwords are still stored as plain text, untrusted HTML input is not validated, and GET parameters are not sanitized.

Seating is limited and is prioritized for those who RSVP. Parking is available through the Whittier Neighborhood Zone. Food and drinks will be provided and there will be a networking session preceding the meeting. As always, meetings are free to attend.

Special Thanks

The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

BoulderSponsorAerstone.png

Wednesday, Wednesday, February 20th at 6pm – CTF Project Development

Plan, plot, hack, hang out.

When: Wednesday, February 20th at 6:00pm
Where: Aerstone, located at 1711 Pearl St. (3rd floor).
Parking: Free through the Whittier Neighborhood Zone.
RSVP: available through MeetUp.com
Virtual meeting: available through WebEx.
(Please call me if the door is locked or WebEx is down.)

The standing agenda includes status updates on:

  • Participant VM
  • Scoreboard
  • Challenge management
  • Challenge development
  • Challenge-framework integration
  • General project administration
  • Roadblocks

Any time left over will be used for collaboration and coding.