Difference between revisions of "Hartford"

From OWASP
Jump to: navigation, search
(Upcoming Events)
Line 3: Line 3:
 
== Sponsors ==
 
== Sponsors ==
  
We would like to thank [http://www.ouncelabs.com/ Ounce Labs], [http://www.forrester.com/ Forrester Research], [http://www.cigital.com/ Cigital], [http://www.accenture.com/ Accenture], [http://www.oracle.com/ Oracle], [http://www.the451group.com/ The 451 Group], [http://www.thehartford.com/ The Hartford] and [http://www.microsoft.com/ Microsoft] for their generous sponsorship and helping make application security visible...
+
We would like to thank [http://www.ouncelabs.com/ Ounce Labs], [http://www.finjan.com/ Finjan], [http://www.forrester.com/ Forrester Research], [http://www.cigital.com/ Cigital], [http://www.accenture.com/ Accenture], [http://www.oracle.com/ Oracle], [http://www.the451group.com/ The 451 Group], [http://www.ironkey.com/ IronKey], [http://www.thehartford.com/ The Hartford] and [http://www.microsoft.com/ Microsoft] for their generous sponsorship and helping make application security visible...
  
 
== Upcoming Events ==
 
== Upcoming Events ==
  
'''Agenda: Wednesday, September 24nd 2008'''
+
'''Agenda: Wednesday, October 8th 2008'''
  
CHAPTER UPDATE and SOCIAL NETWORKING: 5:30 - 5:45 PM
+
Recruiting Elite IT Talent: 4:30 - 5:00 PM
James McGovern, Chapter Lead
+
Jordan Haberfield (Agile Elephant), SVP of [http://www.systemoneservices.com/ System One]
  
DINNER and OPENING COMMENTS: 5:45 - 6:00 PM
+
Framework-level Threat Analysis: Adding Science to the Art of Source-code review : 5:00 - 5:45 PM
Food and drinks are sponsored by [http://www.finjan.com/ Finjan], makers of the top rated realtime secure web gateway and anti-crimeware solutions
+
Rohit Sethi, [http://www.securitycompass.com/ Security Compass]
  
TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM
+
Closing thoughts and door prizes: 5:45 - 6:00 PM
Paul Roberts, Industry Analyst, [http://www.the451group.com/ The 451 Group]
+
James McGovern, [http://duckdown.blogspot.com/ Thought Blogger]
  
MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM
+
'''ROHIT SETHI'''
Andrew Stone, Senior Manager, [http://www.accenture.com/ Accenture],
 
  
DOOR PRIZES: 7:30 - 7:45 PM
+
Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.
Sponsored by [http://www.ironkey.com/ IronKey], The world's most secure USB Flash Drive with Internet protection
 
  
 +
At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.
  
'''TOP TEN BOGUS TECH QUOTES OF THE YEAR'''
+
'''JORDAN HABERFIELD'''
  
In a world full of security nonsense, Mr. Roberts has created a funny yet informative list of the Top 10 most outrageous security statements of the year. Taking aim at popular "solutions" around data leakage, IdM, NAC and other of-the-moment technologies, Mr. Roberts will entertain and enlighten. He will share some valuable insights from real-world users, and offer right-on-the-money assessments and analysis of why these quotes/solutions just don't work.  
+
System One provides technical outsourcing solutions to clients in the energy, engineering, information technology and scientific sectors. Combining national recruiting capabilities and local market expertise, we are the go-to, single source firm for clients looking to attract, select and retain a quality workforce.  
  
'''MAKING APPLICATIONS SECURE BY REMOVING SECURITY'''
+
System One advises clients on recruiting strategy and organizational effectiveness. We also help skilled professionals advance their careers. The result — carefully-matched hires, well-executed projects, and effective resource management.
  
The next evolutionary advancement in securing custom applications will involve removing security code from the application package. Application security has evolved from almost nonexistent to include security focused coding practices and functions.  Although applications will continue to need secure coding practices such as failing to a
 
secure mode and secure defaults, security functions such as authentication and authorization have no place in the application package.  Abstraction of these functions can result in improved security and reduced cost of application development.
 
  
 
'''WEB CONFERENCING INFORMATION'''
 
'''WEB CONFERENCING INFORMATION'''
  
We are pleased to present this via the worldwide web. To listen to the audio stream, the dialin number is 1-218-936-4700 (Passcode 606183) and will start at 5:30pm Eastern.
+
We are pleased to present this event via conference call. To listen, the dialin number is 1-218-936-4700 (Passcode 606183) and will start at 5:00pm Eastern. To add this event to your calendar, click here.
  
 
== Past Events ==
 
== Past Events ==
 +
 +
'''Agenda: Wednesday, September 24th 2008'''
 +
 +
TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM
 +
Paul Roberts, Industry Analyst, [http://www.the451group.com/ The 451 Group]
 +
 +
MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM
 +
Andrew Stone, Senior Manager, [http://www.accenture.com/ Accenture]
  
 
'''Agenda: Wednesday, June 11th 2008'''
 
'''Agenda: Wednesday, June 11th 2008'''
  
 
CARDSPACE AND USER CENTRIC IDENTITY
 
CARDSPACE AND USER CENTRIC IDENTITY
Chris Winn, Security Evangelist, Microsoft
+
Chris Winn, Security Evangelist, [http://www.microsoft.com/ Microsoft]
  
 
IDENTITY GOVERNANCE FRAMEWORK
 
IDENTITY GOVERNANCE FRAMEWORK
Prateek Mishra, Product Manager, Oracle.
+
Prateek Mishra, Product Manager, [http://www.oracle.com/ Oracle]
 
Powerpoint Presentation is [https://www.owasp.org/images/2/2c/IGF-Overview-Hartford-May-00.ppt here ]
 
Powerpoint Presentation is [https://www.owasp.org/images/2/2c/IGF-Overview-Hartford-May-00.ppt here ]
  
Line 53: Line 58:
  
 
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES
 
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES
Anton Chuvakin, Chief Logging Evangelist, LogLogic
+
Anton Chuvakin, Chief Logging Evangelist, [http://www.loglogic.com/ LogLogic]
  
 
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE
 
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE
Jack Danahy, CTO and Founder, Ounce Labs
+
Jack Danahy, CTO and Founder, [http://www.ouncelabs.com/ Ounce Labs]
  
 
'''Agenda: Thursday, February 28th 2008'''
 
'''Agenda: Thursday, February 28th 2008'''
  
 
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY
 
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY
Chenxi Wang, Principal Analyst at Forrester Research
+
Chenxi Wang, Principal Analyst, [http://www.forrester.com/ Forrester Research]
  
 
EXPLOITING ONLINE GAMES
 
EXPLOITING ONLINE GAMES
Gary McGraw, CTO of Cigital
+
Gary McGraw, CTO,  [http://www.cigital.com/ Cigital]
  
 
== Locations ==
 
== Locations ==

Revision as of 08:58, 27 September 2008

OWASP Hartford

Welcome to the Hartford chapter homepage. The chapter leader is James McGovern


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Sponsors

We would like to thank Ounce Labs, Finjan, Forrester Research, Cigital, Accenture, Oracle, The 451 Group, IronKey, The Hartford and Microsoft for their generous sponsorship and helping make application security visible...

Upcoming Events

Agenda: Wednesday, October 8th 2008

Recruiting Elite IT Talent: 4:30 - 5:00 PM Jordan Haberfield (Agile Elephant), SVP of System One

Framework-level Threat Analysis: Adding Science to the Art of Source-code review : 5:00 - 5:45 PM Rohit Sethi, Security Compass

Closing thoughts and door prizes: 5:45 - 6:00 PM James McGovern, Thought Blogger

ROHIT SETHI

Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.

At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.

JORDAN HABERFIELD

System One provides technical outsourcing solutions to clients in the energy, engineering, information technology and scientific sectors. Combining national recruiting capabilities and local market expertise, we are the go-to, single source firm for clients looking to attract, select and retain a quality workforce.

System One advises clients on recruiting strategy and organizational effectiveness. We also help skilled professionals advance their careers. The result — carefully-matched hires, well-executed projects, and effective resource management.


WEB CONFERENCING INFORMATION

We are pleased to present this event via conference call. To listen, the dialin number is 1-218-936-4700 (Passcode 606183) and will start at 5:00pm Eastern. To add this event to your calendar, click here.

Past Events

Agenda: Wednesday, September 24th 2008

TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM Paul Roberts, Industry Analyst, The 451 Group

MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM Andrew Stone, Senior Manager, Accenture

Agenda: Wednesday, June 11th 2008

CARDSPACE AND USER CENTRIC IDENTITY Chris Winn, Security Evangelist, Microsoft

IDENTITY GOVERNANCE FRAMEWORK Prateek Mishra, Product Manager, Oracle Powerpoint Presentation is here


Agenda: Wednesday, April 30th 2008

THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES Anton Chuvakin, Chief Logging Evangelist, LogLogic

KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE Jack Danahy, CTO and Founder, Ounce Labs

Agenda: Thursday, February 28th 2008

HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY Chenxi Wang, Principal Analyst, Forrester Research

EXPLOITING ONLINE GAMES Gary McGraw, CTO, Cigital

Locations

All meetings are held at The Hartford, One Hartford Plaza, Hartford CT 06115 in our Tower Building (Atrium Conference Room). Free parking is available in our Tower Ramp Garage.