Difference between revisions of "Edmonton"

From OWASP
Jump to: navigation, search
(Local News)
(Notice of the April 10, 2007 meeting)
Line 3: Line 3:
 
== Local News ==
 
== Local News ==
  
''Note we return to Telus Plaza for the February meeting.''
+
Our chapter's next meeting will take place Tuesday, April 10, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This [http://maps.google.ca/maps?f=q&hl=en&q=10025+Jasper+Ave+NW,+Edmonton,+AB&ie=UTF8&z=17&ll=53.54097,-113.491248&spn=0.004578,0.010493&t=h&om=1 map] guides you to Telus Plaza North.
  
Our chapter's next meeting will take place Tuesday, February 27, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This [http://maps.google.ca/maps?f=q&hl=en&q=10025+Jasper+Ave+NW,+Edmonton,+AB&ie=UTF8&z=17&ll=53.54097,-113.491248&spn=0.004578,0.010493&t=h&om=1 map] guides you to Telus Plaza North.
+
The April topic will be "Using OWASP WSFuzzer for Web Service Penetration Testing", by Mark Gordon.
 
 
The February topic will be "Building Defensible Web App Architectures", by Jason Meltzer of Strange Research, http://www.strangeresearch.com.
 
 
 
Web applications have become the most significantly exposed, and
 
vulnerable, software systems on an organization's network. Thousands
 
of lines of custom application code lovingly interfacing with a pile
 
of third-party middleware that's herding data to and from what is
 
likely an installation of a major database, and all of this is
 
supporting critical business processes handling yours, and others,
 
sensitive data.  Hopefully you've spent a little time and some honest
 
effort on reducing security defects in your applications (I see each
 
of your devs has the OWASP Top 10 taped to their cubicle wall) and
 
your network guys are seasoned warriors, so everything is solid.  Now,
 
what happens when, not if,  you have an incident involving your web
 
app?
 
 
 
This talk is going to bring the concepts surrounding building a
 
defensible network into the realm of designing web application
 
architectures. We will be doing some drawing, and there will be
 
network devices in our diagrams. We'll discussed defending deployed
 
web applications, how they are different and what issues that
 
raises... We'll discuss the implications of such things as when the
 
OWASP guide say, "By default, no unencrypted data should transit the
 
network" and we'll discuss how we might be able to get to a position
 
where we can start to think about having the ability to effectively
 
respond to a web app incident.
 
  
 +
You don't need to bring an understanding of web services to the talk. After a 5-minute introduction to the basics of web services you will know plenty of new buzzwords, enough to impress your friends and befuddle your enemies. After the intro Mark will demonstrate several concrete examples of how [http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project WSFuzzer] helps automate testing web services for vulnerabilities. If time permits we can also discuss other details of web services such as using Akamai for better performance and the acronym soup that is the world of [http://en.wikipedia.org/wiki/Service-oriented_architecture SOA].
  
 
Previous meetings covered:
 
Previous meetings covered:
Line 39: Line 14:
 
* Cross Site Scripting Attacks (Yegor's [http://www.owasp.org/images/5/5e/XssYegorJbanov.pdf slideshow])
 
* Cross Site Scripting Attacks (Yegor's [http://www.owasp.org/images/5/5e/XssYegorJbanov.pdf slideshow])
 
* Pub Night(!); discussed strategies for secure use of personal web applications
 
* Pub Night(!); discussed strategies for secure use of personal web applications
 +
* "Building Defensible Web App Architectures", by Jason Meltzer of Strange Research

Revision as of 20:25, 4 April 2007

OWASP Edmonton

Welcome to the Edmonton chapter homepage. The chapter leader is Robert Martin
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News

Our chapter's next meeting will take place Tuesday, April 10, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This map guides you to Telus Plaza North.

The April topic will be "Using OWASP WSFuzzer for Web Service Penetration Testing", by Mark Gordon.

You don't need to bring an understanding of web services to the talk. After a 5-minute introduction to the basics of web services you will know plenty of new buzzwords, enough to impress your friends and befuddle your enemies. After the intro Mark will demonstrate several concrete examples of how WSFuzzer helps automate testing web services for vulnerabilities. If time permits we can also discuss other details of web services such as using Akamai for better performance and the acronym soup that is the world of SOA.

Previous meetings covered:

  • OWASP's Top Ten Project
  • OWASP's WebGoat insecure web application
  • Cross Site Scripting Attacks (Yegor's slideshow)
  • Pub Night(!); discussed strategies for secure use of personal web applications
  • "Building Defensible Web App Architectures", by Jason Meltzer of Strange Research