Difference between revisions of "Edmonton"

From OWASP
Jump to: navigation, search
(Local News)
 
(6 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Edmonton|extra=The chapter leader is [mailto:robert.martin@shunda.com Robert Martin]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-edmonton|emailarchives=http://lists.owasp.org/pipermail/owasp-edmonton}}
+
{{Inactive Chapter}}
 +
{{Chapter Template|chaptername=Edmonton|extra=The chapter leader is <!--[mailto:robert.martin@shunda.com Robert Martin]--> |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-edmonton|emailarchives=http://lists.owasp.org/pipermail/owasp-edmonton}}
 +
==== Local News ====
  
== Local News ==
 
  
''Note we return to Telus Plaza for the February meeting.''
+
==== Chapter Meetings ====
 +
Our chapter's next meeting will take place Tuesday, April 10, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This [http://maps.google.ca/maps?f=q&hl=en&q=10025+Jasper+Ave+NW,+Edmonton,+AB&ie=UTF8&z=17&ll=53.54097,-113.491248&spn=0.004578,0.010493&t=h&om=1 map] guides you to Telus Plaza North.
  
Our chapter's next meeting will take place Tuesday, February 27, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This [http://maps.google.ca/maps?f=q&hl=en&q=10025+Jasper+Ave+NW,+Edmonton,+AB&ie=UTF8&z=17&ll=53.54097,-113.491248&spn=0.004578,0.010493&t=h&om=1 map] guides you to Telus Plaza North.
+
The April topic will be "Using OWASP WSFuzzer for Web Service Penetration Testing", by Mark Gordon.
 
+
The February topic will be "Building Defensible Web App Architectures", by Jason Meltzer of Strange Research, http://www.strangeresearch.com.
+
 
+
Web applications have become the most significantly exposed, and
+
vulnerable, software systems on an organization's network. Thousands
+
of lines of custom application code lovingly interfacing with a pile
+
of third-party middleware that's herding data to and from what is
+
likely an installation of a major database, and all of this is
+
supporting critical business processes handling yours, and others,
+
sensitive data.  Hopefully you've spent a little time and some honest
+
effort on reducing security defects in your applications (I see each
+
of your devs has the OWASP Top 10 taped to their cubicle wall) and
+
your network guys are seasoned warriors, so everything is solid.  Now,
+
what happens when, not if,  you have an incident involving your web
+
app?
+
 
+
This talk is going to bring the concepts surrounding building a
+
defensible network into the realm of designing web application
+
architectures. We will be doing some drawing, and there will be
+
network devices in our diagrams. We'll discussed defending deployed
+
web applications, how they are different and what issues that
+
raises... We'll discuss the implications of such things as when the
+
OWASP guide say, "By default, no unencrypted data should transit the
+
network" and we'll discuss how we might be able to get to a position
+
where we can start to think about having the ability to effectively
+
respond to a web app incident.
+
  
 +
You don't need to bring an understanding of web services to the talk. After a 5-minute introduction to the basics of web services you will know plenty of new buzzwords, enough to impress your friends and befuddle your enemies. After the intro Mark will demonstrate several concrete examples of how [http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project WSFuzzer] helps automate testing web services for vulnerabilities. If time permits we can also discuss other details of web services such as using Akamai for better performance and the acronym soup that is the world of [http://en.wikipedia.org/wiki/Service-oriented_architecture SOA].
  
 
Previous meetings covered:
 
Previous meetings covered:
Line 39: Line 16:
 
* Cross Site Scripting Attacks (Yegor's [http://www.owasp.org/images/5/5e/XssYegorJbanov.pdf slideshow])
 
* Cross Site Scripting Attacks (Yegor's [http://www.owasp.org/images/5/5e/XssYegorJbanov.pdf slideshow])
 
* Pub Night(!); discussed strategies for secure use of personal web applications
 
* Pub Night(!); discussed strategies for secure use of personal web applications
 +
* "Building Defensible Web App Architectures", by Jason Meltzer of Strange Research
 +
 +
==== Edmonton OWASP Chapter Leaders ====
 +
The chapter leader is_________________
 +
__NOTOC__
 +
<headertabs/>
 +
[[Category:Alberta]]

Latest revision as of 08:59, 16 January 2012

This OWASP Chapter is inactive. Contact us for more information or if you are interested in restarting this Chapter.


OWASP Edmonton

Welcome to the Edmonton chapter homepage. The chapter leader is
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News

Chapter Meetings

Our chapter's next meeting will take place Tuesday, April 10, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This map guides you to Telus Plaza North.

The April topic will be "Using OWASP WSFuzzer for Web Service Penetration Testing", by Mark Gordon.

You don't need to bring an understanding of web services to the talk. After a 5-minute introduction to the basics of web services you will know plenty of new buzzwords, enough to impress your friends and befuddle your enemies. After the intro Mark will demonstrate several concrete examples of how WSFuzzer helps automate testing web services for vulnerabilities. If time permits we can also discuss other details of web services such as using Akamai for better performance and the acronym soup that is the world of SOA.

Previous meetings covered:

  • OWASP's Top Ten Project
  • OWASP's WebGoat insecure web application
  • Cross Site Scripting Attacks (Yegor's slideshow)
  • Pub Night(!); discussed strategies for secure use of personal web applications
  • "Building Defensible Web App Architectures", by Jason Meltzer of Strange Research

Edmonton OWASP Chapter Leaders

The chapter leader is_________________