Welcome to the Hartford chapter homepage. The chapter leader is James McGovern
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
We would like to thank Ounce Labs, Finjan, Forrester Research, Cigital, Accenture, Oracle, The 451 Group, IronKey, The Hartford and Microsoft for their generous sponsorship and helping make application security visible...
If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email James McGovern with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.
November 11th 2008: To add this event to your Outlook calendar, click here
OPENING REMARKS: 5:00 - 5:15 PM
James McGovern, OWASP Hartford Chapter Leader
OPEN SOURCE IDENTITY SERVICES (The Higgins Project): 5:15 - 6:00 PM
Mary Ruddy, Security Compass
LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM
Terence Spies, CTO of Voltage Security
Mary is the founder of Meristic. Mary founded and co-leads the Higgins open source identity framework project, is a founding Board Member of the Information Card Foundation and Chief Steward of Identity Commons.
Previously Mary was a VP with Parity Communications, Inc. Prior to joining Parity in 2003, Mary was Vice President, Strategic Marketing at Parametric Technology Corporation (NASDAQ:PMTC), where she was responsible for a software product line that allowed buyers to design their own products on the web. Before PTC, she was VP Strategic Alliances at OpenOrders, where she helped sell the company to IBM's WebSphere Commerce Suite software group. Prior to OpenOrders, she was VP Advanced Products at Pegasystems (NASDAQ:PEGA). Mary was an early employee at Pegasystems, which is a developer of rules-based customer service process automation software. Mary has a degree in Mathematics from Smith College and holds a MSM from the MIT Sloan School of Management.
Open Source Identity Services The Higgins Project is developing an extensible, platform-independent, identity protocol-independent, software framework to support existing and new applications. Its goal is to improve interoperability, privacy, and security as well as empower users with more control over their personal information. This presentation demoed interoperability between Microsoft's CardSpace and Liberty-based products, all in an Open Source environment.
Terence Spies has over 14 years of security and systems software development experience, working with leading companies such as Microsoft, Asta Networks and others. Terence now serves as Chief Technology Officer, overseeing the expansion of Voltage IBE technology into new application areas such as mobility, data storage and other areas where application data security is required.
Identity-Based Encryption Identity-Based Encryption (IBE) is a new type of public key encryption that can use Identities such as Device Identifiers as public keys. Originally proposed in 1984, only recently practical implementations became available. IBE allows to build secure protocols with minimum overhead, while at the same time being highly scalable and easy to implement. In this session an overview of the technology, current standardization through IEEE and possible applications will be presented.
Coming in 2009
RECRUITING ELITE IT TALENT: 4:30 - 5:00 PM
Jordan Haberfield (Agile Elephant), SVP of System One
FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 5:00 - 5:45 PM
Rohit Sethi, Security Compass
QUESTION AND ANSWER / DOOR PRIZES: 5:45 - 6:00 PM
James McGovern, Thought Blogger
Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.
At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare. He is often consulted for his dual expertise in information security and software engineering.
System One provides technical outsourcing solutions to clients in the energy, engineering, information technology and scientific sectors. Combining national recruiting capabilities and local market expertise, we are the go-to, single source firm for clients looking to attract, select and retain a quality workforce.
System One advises clients on recruiting strategy and organizational effectiveness. We also help skilled professionals advance their careers. The result — carefully-matched hires, well-executed projects, and effective resource management.
WEB CONFERENCING INFORMATION
We are pleased to present this event via conference call. To listen, the dialin number is 1-218-936-4700 (Passcode 606183). The conference line has a limited number of caller slots, so please be considerate of others and share whenever possible.
Call for Speakers
This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.
OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.
Some topics of interest for upcoming meetings include (but are not limited to):
- Breaking CAPTCHA
- Hacking Web Application Firewalls
- Incorporating XACML into Enterprise Applications
- Medical Identity Theft
- Breaking Commercial Software for Fun and Profit
- Tactics for breaking software licensing schemes
- Gaming, the next overlooked security hole
- Hacking Mainframes
- Database rootkits
Agenda: Wednesday, September 24th 2008
Agenda: Wednesday, June 11th 2008
CARDSPACE AND USER CENTRIC IDENTITY Chris Winn, Security Evangelist, Microsoft
Agenda: Wednesday, April 30th 2008
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES Anton Chuvakin, Chief Logging Evangelist, LogLogic
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE Jack Danahy, CTO and Founder, Ounce Labs
Agenda: Thursday, February 28th 2008
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY Chenxi Wang, Principal Analyst, Forrester Research
EXPLOITING ONLINE GAMES Gary McGraw, CTO, Cigital
All meetings are held at the headquarters of The Hartford Financial Services Group (The Hartford), One Hartford Plaza, Hartford CT 06115 in the Tower Building, Atrium Conference Room. Free parking is available in our Tower Ramp Garage.