Difference between revisions of "Columbus"

From OWASP
Jump to: navigation, search
(Q2 Meeting Announcement - June 10th, 1PM - Defensible .NET)
Line 3: Line 3:
 
==== Local News ====
 
==== Local News ====
  
== Q2 Meeting Announcement - June 10th, 1PM - Defensible .NET ==
+
== Q3 Call For Presentations ==
  
'''Presented by Jason Montgomery, Sr. Security Specialist, Active Technologies Group, Inc.'''
+
On August 18, 2011, at 1PM at the Conference Center of BMW Financial, the Columbus OWASP chapter will be presenting is Third Quarter Meeting, specifically on the subject of Web Application Security Analysis.
 
+
ASP.NET and the .NET framework have become the preferred foundation underlying enterprise applications. While Microsoft has prioritized integrating security into the ASP.NET framework, attacks at the application layer are dramatically increasing.  How effective are the security controls built into the ASP.NET framework?  Application developers must understand the limitations of the framework and ensure their code is secure.  Focusing on the OWASP top ten, Jason Montgomery will explain the latest defensive techniques specific to the ASP.NET environment.  Jason is Sr. Security Specialist at Active Technologies Group, Inc. (ATGi).  He is a SANS instructor in .NET application security and co-author of the secure coding certification, GSSP.NET.  Jason has spent the past five years guiding software security practices at the Department of Defense, and currently leads ATGi’s secure software development and assessment practice.
+
 
+
''Check out [http://www.owasp.org/index.php/Columbus#tab=Current_Meetings Current Meetings] to register!''
+
 
+
==== Chapter News ====
+
 
+
== We're giving away a 32GB iPod Touch ==
+
 
+
'''How do you win?''' [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Become a member] of our local chapter and/or refer someone who becomes a member. There's no limit on referral entries. [[File:Ipod-touch.jpg‎|right|iPod Touch]]
+
 
+
'''$50''' gets you entered to win, an OWASP member pack with membership card, certificate, OWASP DVD, t-shirt, pen and tote bag ''PLUS'' discounts on local events like the [http://www.infosecsummit.org/ Central Ohio InfoSec Summit], OWASP conferences, and [http://www.owasp.org/index.php/Member_Offers more]. ''40% of your membership dues come directly to your local chapter'' which allows us to do even more great things right here in Columbus.
+
  
*'''Entries will be accepted through the end of June with the drawing occurring in early July. Don't forget to fill in Columbus as your local affiliation when you join.'''
+
This Call For Presentations (CFP) is open to all professionals who agree to adhere to the Speaker Guidelines, and who have a topic of interest in web application security that they are willing to present to attendees. Web application security topics of special interest include many contemporary areas of security research.
  
Thanks to [http://www.expesite.com/ Expesite] for sponsorship donation!
+
Please download the CFP here (PDF). Abstracts are due July 15, 2011. Thank you for your interest.
<p>&nbsp;</p>
+
<p>&nbsp;</p>
+
  
 
==== Chapter Info ====
 
==== Chapter Info ====
Line 47: Line 33:
 
==== Current Meetings ====
 
==== Current Meetings ====
  
Our chapter meets ''quarterly''; we're organizing several different event styles in addition to traditional presentations. There will be opportunities for Columbus OWASP members to meet other local security groups through event cross-participation and cooperation.
+
Our chapter meets ''quarterly''; we're organizing several different event styles in addition to traditional presentations. There will be opportunities for Columbus OWASP members to meet other local security groups through event cross-participation and cooperation. The next quarterly meeting is being planned for August 18th, 2011.
  
== Defensible .NET - June 10th, 1-3PM (doors open at 12:30) ==
+
Feel free to contact us at columbusowasp@gmail.com with any questions.
 +
 
 +
==== Previous Meetings ====
 +
=== Q2 Meeting - June 10th, 1PM - Defensible .NET ===
  
 
'''Presented by Jason Montgomery, Sr. Security Specialist, Active Technologies Group, Inc.'''
 
'''Presented by Jason Montgomery, Sr. Security Specialist, Active Technologies Group, Inc.'''
Line 55: Line 44:
 
ASP.NET and the .NET framework have become the preferred foundation underlying enterprise applications. While Microsoft has prioritized integrating security into the ASP.NET framework, attacks at the application layer are dramatically increasing.  How effective are the security controls built into the ASP.NET framework?  Application developers must understand the limitations of the framework and ensure their code is secure.  Focusing on the OWASP top ten, Jason Montgomery will explain the latest defensive techniques specific to the ASP.NET environment.  Jason is Sr. Security Specialist at Active Technologies Group, Inc. (ATGi).  He is a SANS instructor in .NET application security and co-author of the secure coding certification, GSSP.NET.  Jason has spent the past five years guiding software security practices at the Department of Defense, and currently leads ATGi’s secure software development and assessment practice.
 
ASP.NET and the .NET framework have become the preferred foundation underlying enterprise applications. While Microsoft has prioritized integrating security into the ASP.NET framework, attacks at the application layer are dramatically increasing.  How effective are the security controls built into the ASP.NET framework?  Application developers must understand the limitations of the framework and ensure their code is secure.  Focusing on the OWASP top ten, Jason Montgomery will explain the latest defensive techniques specific to the ASP.NET environment.  Jason is Sr. Security Specialist at Active Technologies Group, Inc. (ATGi).  He is a SANS instructor in .NET application security and co-author of the secure coding certification, GSSP.NET.  Jason has spent the past five years guiding software security practices at the Department of Defense, and currently leads ATGi’s secure software development and assessment practice.
  
'''Where: Columbus Metropolitan Library - Main Branch; auditorium - 96 S. Grant Ave, Columbus , OH 43215'''
 
 
Please [http://owaspcmh-q2-2010.eventbrite.com/ RSVP through EventBrite] so we can make sure we have enough seating and food for everyone. We look forward to your attendance and participation!
 
 
http://owaspcmh-q2-2010.eventbrite.com/
 
 
''Refreshments Provided''
 
 
The Columbus OWASP Chapter leadership would like to thank [http://www.innova-partners.com/ Innova Partners] for providing refreshments.
 
 
Feel free to contact us at columbusowasp@gmail.com with any questions.
 
 
==== Previous Meetings ====
 
 
=== 3rd Annual Central Ohio Infosec Summit ===
 
=== 3rd Annual Central Ohio Infosec Summit ===
  

Revision as of 22:43, 21 June 2011


Local News

Q3 Call For Presentations

On August 18, 2011, at 1PM at the Conference Center of BMW Financial, the Columbus OWASP chapter will be presenting is Third Quarter Meeting, specifically on the subject of Web Application Security Analysis.

This Call For Presentations (CFP) is open to all professionals who agree to adhere to the Speaker Guidelines, and who have a topic of interest in web application security that they are willing to present to attendees. Web application security topics of special interest include many contemporary areas of security research.

Please download the CFP here (PDF). Abstracts are due July 15, 2011. Thank you for your interest.

Chapter Info

Stay in touch with Columbus OWASP

  • The first stop to connecting with the community is our mailing list, feel free to contribute and interact with the list - it's not just for listening!
  • We're a group on LinkedIn as well, please join us. Facebook is coming soon.

Become a voting member

We encourage organization and individual supporters of our ethics & principals to become a voting MEMBER. Please review the Chapter Rules and the OWASP overview, and contact the chapter leaders for more information.

The professional association of OWASP Foundation Inc., is always free and open to anyone interested in learning more about application security.

We want your participation!

To submit educational topics for upcoming meetings, submit your ideas and slide deck (if available) using the OWASP Template and include a speaker BIO. It doesn't have to be formal, we're happy to provide some assistance in organizing your thoughts. You only need an interest and knowledge of your independent research or related software security topic.

Sponsorship, too!

There are myriad opportunities to sponsor the chapter, including meeting space, food, marketing, and monetary donations. We're always looking for assistance. Inquiries regarding chapter or per-meeting sponsorship opportunities can be directed to the chapter leaders. As a 501(3)c non-profit professional association your support and sponsorship of a meeting venue and/or refreshments is tax-deductible and all financial contributions can be made online right now:

funds to OWASP earmarked for Columbus.

Current Meetings

Our chapter meets quarterly; we're organizing several different event styles in addition to traditional presentations. There will be opportunities for Columbus OWASP members to meet other local security groups through event cross-participation and cooperation. The next quarterly meeting is being planned for August 18th, 2011.

Feel free to contact us at columbusowasp@gmail.com with any questions.

Previous Meetings

Q2 Meeting - June 10th, 1PM - Defensible .NET

Presented by Jason Montgomery, Sr. Security Specialist, Active Technologies Group, Inc.

ASP.NET and the .NET framework have become the preferred foundation underlying enterprise applications. While Microsoft has prioritized integrating security into the ASP.NET framework, attacks at the application layer are dramatically increasing. How effective are the security controls built into the ASP.NET framework? Application developers must understand the limitations of the framework and ensure their code is secure. Focusing on the OWASP top ten, Jason Montgomery will explain the latest defensive techniques specific to the ASP.NET environment. Jason is Sr. Security Specialist at Active Technologies Group, Inc. (ATGi). He is a SANS instructor in .NET application security and co-author of the secure coding certification, GSSP.NET. Jason has spent the past five years guiding software security practices at the Department of Defense, and currently leads ATGi’s secure software development and assessment practice.

3rd Annual Central Ohio Infosec Summit

The goal of this event is to educate regional Information Security professionals and support collaboration by bringing leading speakers in the information security field together to educate the community on the latest industry trends and issues.

This Information Security Conference will provide information security professionals with the most up-to-date information, tools, trends, legislative information, products, services, and strategies for addressing information security issues. The conference will focus on key topics related to information security with presentations provided by recognized experts and exhibits by some of the nation’s leading organizations.

2010 Q1 Meeting

  • PHP Security presented by Jon Canady, Web Application Developer, Innova Partners, March 23rd, 2010

Meeting Summary: PHP is a widely used, general-purpose scripting language, originally designed to produce dynamic web pages. In 2007, The PHP Group reported it was utilized on over 20 million websites and 1 million web servers. In 2008, the National Vulnerability Database claimed PHP accounted for 35% of software vulnerabilities, with nearly all caused by poor programming practices. Every PHP developer, hoster, and security professional should understand the primary attack vectors being used by attackers against PHP applications. During this OWASP meeting we dived deep into PHP security - specifically the OWASP Top 10 in the context of PHP.

In addition to the presentation, chapter leadership changes were announced as well as the new leadership's plans for increasing the visibility and participation of the chapter.

The Columbus OWASP Chapter leadership would like to thank BMW Financial Services for hosting this event and Innova Partners for providing lunch.

Presentation slide deck: OWASP_Q12010_PHP (pdf, 4.5M)

Columbus OWASP Chapter Leaders

Chapter leaders are Aaron Ansari, Geoff Cook, Chris Green & Constance Matthews.

Other Local InfoSec Resources