Difference between revisions of "Hartford"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{{Chapter Template|chaptername=Hartford|extra=The chapter leader is [mailto:James.McGovern@thehartford.com James McGovern]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hartford|emailarchives=http://lists.owasp.org/pipermail/owasp-hartford}}
+
{{Chapter Template|chaptername=Hartford|extra=The chapter leader is [mailto:owasp@jamesmcgovern.com James McGovern]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hartford|emailarchives=http://lists.owasp.org/pipermail/owasp-hartford}}
  
 
== Sponsors ==
 
== Sponsors ==
  
We would like to thank [Ounce Labs], [Forrester Research], [Cigital], [Whitehat Security], [Oracle] and [Microsoft] for their generous support and helping make application security visible...
+
We would like to thank [http://www.ouncelabs.com/ Ounce Labs], [http://www.forrester.com/ Forrester Research], [http://www.cigital.com/ Cigital], [http://www.whitehatsec.com/ Whitehat Security], [http://www.oracle.com/ Oracle] and [http://www.microsoft.com/ Microsoft] for their generous support and helping make application security visible...
  
 
== Upcoming Events ==
 
== Upcoming Events ==
  
'''Agenda: Wednesday, June 11th 2008'''
+
'''Agenda: Wednesday, September 22nd 2008'''
 
 
FOOD & NETWORKING: 5:30 - 5:45 PM
 
  
OPENING REMARKS: 5:45 - 6:00 PM
+
DINNER and SOCIAL NETWORKING: 5:30 - 6:00 PM
 
James McGovern, Chapter Lead
 
James McGovern, Chapter Lead
  
CARDSPACE AND USER CENTRIC IDENTITY: 6:00 - 6:45 PM
+
SOFTWARE SECURITY INDUSTRY TRENDS: 6:00 - 6:45 PM
Chris Winn, Security Evangelist, Microsoft
+
Nick Selby, Industry Analyst, The 451 Group
  
IDENTITY GOVERNANCE FRAMEWORK: 6:45 - 7:30 PM
+
REQUIREMENTS FOR APPLICATION SECURITY IN PCI/DSS : 6:45 - 7:30 PM
Prateek Mishra, Product Manager, Oracle
+
Jeffrey Margolies, Partner, Accenture
  
 
Q&A and Raffles: 7:30 - 7:45 PM
 
Q&A and Raffles: 7:30 - 7:45 PM
We will be raffling a Microsoft Zune Player, Apparel and Gift certficates to local restaurants
 
  
== Topics for June ==
+
== Past Events ==
  
'''CardSpace and User Centric Identity'''
+
'''Agenda: Wednesday, June 11th 2008'''
The CardSpace system is a new feature of Windows (XP, Vista and W2K3) that allows users to control their digital identity via the simple and familiar metaphor of a set of cards. When a user wants to access a web site or web service, rather than provide their username and password, they select a virtual card from a special, security-hardened UI - much like you would select a physical card from your wallet or handbag to identify yourself. This Information Card represents the digital identity of the user and enables services to receive all the data they need to authenticate and authorize the user.
 
  
Information about the user is provided in a secure and consistent way by Identity Providers such as the users employer, their bank, their government  or indeed by the user themselves. The user can determine exactly what information is disclosed and to whom, while the identity provider asserts the validity of that information.
+
CARDSPACE AND USER CENTRIC IDENTITY
 +
Chris Winn, Security Evangelist, Microsoft
  
By using standard, interoperable web service protocols - e.g. WS-Security, WS-Trust - and ubiquitous web protocols - e.g. HTTP POST - the CardSpace system is able to provide users with a simple, consistent and secure sign-on experience while developers can add support for Information Cards to their web sites and services very easily, regardless of the platform and tools they choose to use.
+
IDENTITY GOVERNANCE FRAMEWORK
 +
Prateek Mishra, Product Manager, Oracle
 +
Powerpoint Presentation is [https://www.owasp.org/images/2/2c/IGF-Overview-Hartford-May-00.ppt here ]
  
'''Identity Governance Framework'''
 
Identity governance is an issue of particular importance in today’s society of identity theft and increasing understanding of the importance of privacy. This presentation will outline use cases for defining a framework to help enterprises easily determine and control how identity related information, including Personally Identifiable Information (PII), access entitlements, attributes, etc. are used, stored, and propagated between their systems.
 
 
The Identity Governance Framework (IGF) will enable organizations to define enterprise level policies to securely and confidently share sensitive personal information between applications that need such data, without having to compromise on business agility or efficiency. Furthermore, it will ease the burden of documentation and auditing of these controls, allowing organizations to be able to quickly answer questions on how personal information such as social security numbers and credit card data is being used, by whom, at what time, and for what purpose.
 
 
The Identity Governance Framework is designed to allow: (1) application developers to build applications that access identity-related data from a wide range of sources, (2) administrators and deployers to define, enforce, and audit policies concerning the use of identity-related data. As proposed, IGF will have four components: (a) identity attribute service, a service that supports access to many different identity sources and enforces administrative policy (b) CARML: declarative syntax using which clients may specify their attribute requirements, (c) AAPML: declarative syntax which enables providers of identity-related data to express policy on the usage of information, (d) multi-language API (Java, .NET, Perl) for reading and writing identity-related attributes.
 
 
== Past Events ==
 
  
 
'''Agenda: Wednesday, April 30th 2008'''
 
'''Agenda: Wednesday, April 30th 2008'''
  
OPENING REMARKS: 5:30 - 6:00 PM
+
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES
Alexander Daniels, CO-Chapter Lead
 
 
 
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES:6:00 - 7:00 PM
 
 
Anton Chuvakin, Chief Logging Evangelist, LogLogic
 
Anton Chuvakin, Chief Logging Evangelist, LogLogic
  
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE: 7:00 - 8:00 PM
+
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE
 
Jack Danahy, CTO and Founder, Ounce Labs
 
Jack Danahy, CTO and Founder, Ounce Labs
  
 
'''Agenda: Thursday, February 28th 2008'''
 
'''Agenda: Thursday, February 28th 2008'''
  
OPENING REMARKS: 5:30 - 6:00 PM
+
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY
James McGovern, Chapter Lead
 
 
 
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY: 6:00 - 7:00 PM
 
 
Chenxi Wang, Principal Analyst at Forrester Research
 
Chenxi Wang, Principal Analyst at Forrester Research
  
EXPLOITING ONLINE GAMES: 7:00 - 8:00 PM
+
EXPLOITING ONLINE GAMES
 
Gary McGraw, CTO of Cigital
 
Gary McGraw, CTO of Cigital
  
 
== Locations ==
 
== Locations ==
  
All meetings are held at The Hartford, One Hartford Plaza, Hartford CT 06115 in our Tower Building. Free parking is available in our Tower Ramp Garage.
+
All meetings are held at The Hartford, One Hartford Plaza, Hartford CT 06115 in our Tower Building (Atrium Conference Room). Free parking is available in our Tower Ramp Garage.

Revision as of 15:01, 12 June 2008

OWASP Hartford

Welcome to the Hartford chapter homepage. The chapter leader is James McGovern


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Sponsors

We would like to thank Ounce Labs, Forrester Research, Cigital, Whitehat Security, Oracle and Microsoft for their generous support and helping make application security visible...

Upcoming Events

Agenda: Wednesday, September 22nd 2008

DINNER and SOCIAL NETWORKING: 5:30 - 6:00 PM James McGovern, Chapter Lead

SOFTWARE SECURITY INDUSTRY TRENDS: 6:00 - 6:45 PM Nick Selby, Industry Analyst, The 451 Group

REQUIREMENTS FOR APPLICATION SECURITY IN PCI/DSS : 6:45 - 7:30 PM Jeffrey Margolies, Partner, Accenture

Q&A and Raffles: 7:30 - 7:45 PM

Past Events

Agenda: Wednesday, June 11th 2008

CARDSPACE AND USER CENTRIC IDENTITY Chris Winn, Security Evangelist, Microsoft

IDENTITY GOVERNANCE FRAMEWORK Prateek Mishra, Product Manager, Oracle Powerpoint Presentation is here


Agenda: Wednesday, April 30th 2008

THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES Anton Chuvakin, Chief Logging Evangelist, LogLogic

KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE Jack Danahy, CTO and Founder, Ounce Labs

Agenda: Thursday, February 28th 2008

HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY Chenxi Wang, Principal Analyst at Forrester Research

EXPLOITING ONLINE GAMES Gary McGraw, CTO of Cigital

Locations

All meetings are held at The Hartford, One Hartford Plaza, Hartford CT 06115 in our Tower Building (Atrium Conference Room). Free parking is available in our Tower Ramp Garage.