Difference between revisions of "Boulder"

From OWASP
Jump to: navigation, search
(5 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}
  
== Upcoming Events ==
+
====Special Thanks====
 +
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.
  
====Wednesday, January 16nd at 6pm – CTF Project Development====
+
[[File:BoulderSponsorAerstone.png]]
  
Plan, plot, hack, hang out.
 
  
'''When''': Wednesday, January 2nd at 6:00pm
+
== Upcoming Events ==
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
+
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
+
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/ MeetUp.com]
+
<br>'''Virtual meeting''': available through [https://questconsultants.webex.com/ WebEx].
+
<br>(Please call me if the door is locked or WebEx is down.)
+
  
The standing agenda includes status updates on:
+
====Thursday, March 21st at 6pm – Access Control with Jim Manico====
* Participant VM
+
* Scoreboard
+
* Challenge management
+
* Challenge development
+
* Challenge-framework integration
+
* General project administration
+
* Roadblocks
+
  
Any time left over will be used for collaboration and coding.
+
'''When''': Thursday, February 21st at 6:00pm
 
+
 
+
====Thursday, January 17th at 6pm – OWASP Project Round-Up====
+
 
+
To kick off 2013 the Boulder Chapter is holding an OWASP Project Roundup. Chapter members will showcase OWASP projects --from well-known to obscure-- in a series of lightning talks.
+
 
+
'''When''': Thursday, January 17th at 6:00pm
+
 
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 
<br>'''Where''': [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
 
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
 
<br>'''Parking''': Free through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/events/93638032/ MeetUp.com]
+
<br>'''RSVP''': available through [http://www.meetup.com/OWASP-Boulder/events/106914712/ MeetUp.com]
<br>'''Virtual meeting''': available through [https://questconsultants.webex.com/questconsultants/j.php?ED=16221943&UID=495177262&RT=MiM2 WebEx].
+
  
To make this work I need volunteers. Your job is to pick a project, learn a bit about it, then present it to the rest of the group. Informal discussions are good, prepared presentations are better, and live demos are best. The goal is lively, informative, low-stress discussions rather than formal, extensively-research presentations. Spend an hour or two familiarizing yourself with your project (you do not need to be an expert on it), jot your notes into a couple of slides, then share with the group for 5 - 10 minutes.
+
'''Agenda'''<br>
 +
6:00 - 6:30 Food, drink, and networking<br>
 +
6:30 - 7:15 Chapter business and group discussion<br>
 +
7:15 - 8:00 Featured presentation<br>
  
Need help selecting a project? Take a look at the [[:Category:OWASP_Project|OWASP Projects page]]. Try tools you use already (the [[:Category:OWASP Top Ten Project|OWASP Top 10]]), tools you've heard of and want to learn more about ([[:Category:OWASP_WebGoat_Project|WebGoat]]), or discover something entirely new ([[:Category:OWASP Enterprise Security API|ESAPI]]). All projects are encouraged, from the popular to the esoteric. Still undecided? Send me a note with your interest in presenting and I will happily suggest some projects to choose from.
+
'''Featured Presentation: Access Control Design Best Practices'''<br>
 +
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
  
To avoid duplicates, project topics will be first-come first-served. Email your topic idea to either mark.major or rob.jepson at owasp.org and we will add you to the meeting agenda. Please check this Wiki (or the [http://www.meetup.com/OWASP-Boulder/ chapter's MeetUp.com page]) to see what other people have taken prior to choosing your topic.
+
'''Speaker Bio'''<br>
 
+
'''Jim Manico''' is the VP of Security Architecture for WhiteHat Security. Jim is also a global board member of OWASP, is the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai,Hawaii where he lives with his wife Tracey.
Current project presentations (in no particular order):
+
*Mike: DirBuster
+
*Greg: Mantra
+
*Sunil: Zap
+
*Karen: Threat Modeling
+
*Rob: Top 10
+
*Mark: TBD (whatever is left over)
+
 
+
Please remember that seating is limited and is prioritized for those who RSVP through MeetUp. If you have a change of plans, please update your RSVP status to allow space for those on the waiting list. Food and drinks are provided and the facilities will remain open after the meeting for socializing and networking. All meetings are free to attend.
+
 
+
 
+
====Special Thanks====
+
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.
+
 
+
[[File:BoulderSponsorAerstone.png]]
+
  
 +
Seating is limited and is prioritized for those who RSVP. Parking is available through the Whittier Neighborhood Zone. Food and drinks will be provided and there will be a networking session preceding the meeting. As always, meetings are free to attend.
  
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]
 
[[Category:Colorado]]
 
[[Category:Colorado]]

Revision as of 19:29, 19 March 2013

Contents

OWASP Boulder

Welcome to the Boulder chapter homepage. The chapter leader is Mark Major.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Special Thanks

The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

BoulderSponsorAerstone.png


Upcoming Events

Thursday, March 21st at 6pm – Access Control with Jim Manico

When: Thursday, February 21st at 6:00pm
Where: Aerstone, located at 1711 Pearl St. (3rd floor).
Parking: Free through the Whittier Neighborhood Zone.
RSVP: available through MeetUp.com

Agenda
6:00 - 6:30 Food, drink, and networking
6:30 - 7:15 Chapter business and group discussion
7:15 - 8:00 Featured presentation

Featured Presentation: Access Control Design Best Practices
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.

Speaker Bio
Jim Manico is the VP of Security Architecture for WhiteHat Security. Jim is also a global board member of OWASP, is the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai,Hawaii where he lives with his wife Tracey.

Seating is limited and is prioritized for those who RSVP. Parking is available through the Whittier Neighborhood Zone. Food and drinks will be provided and there will be a networking session preceding the meeting. As always, meetings are free to attend.