Difference between revisions of "Ireland-Dublin"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Chapter Template|chaptername=Ireland|extra= [[File:Owasp_logo_ireland_small.jpg]]| mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-ireland}} become a [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Member or Annual Chapter Sponsor(s)]. <br>
 
{{Chapter Template|chaptername=Ireland|extra= [[File:Owasp_logo_ireland_small.jpg]]| mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-ireland}} become a [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Member or Annual Chapter Sponsor(s)]. <br>
  
== OWASP Ireland Board ==
+
== OWASP Ireland Board ==
  
 
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below <br><br>
 
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below <br><br>
  
 
*'''President''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br>
 
*'''President''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br>
*'''Vice President/Global Board Member''' [[User:EoinKeary | Eoin Keary]] <br>
+
*'''Vice President/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br>
 
*'''Secretary''' [mailto:rahim.jina(at)owasp.org Rahim Jina] TBD<br>
 
*'''Secretary''' [mailto:rahim.jina(at)owasp.org Rahim Jina] TBD<br>
  
 
<br>'''OWASP Ireland'''<br>23 The Chandler, Rahtborne Village <br>Ashtown, Dublin 15, Ireland <br>Tel: +353877817468 | Fax: +353877817468 <br><paypal>Ireland</paypal> <br>
 
<br>'''OWASP Ireland'''<br>23 The Chandler, Rahtborne Village <br>Ashtown, Dublin 15, Ireland <br>Tel: +353877817468 | Fax: +353877817468 <br><paypal>Ireland</paypal> <br>
  
== OWASP Ireland 2010 ==
+
== OWASP Ireland 2010 ==
 +
 
 +
[[Image:Dublin2010.gif]]
 +
 
 
Click [[OWASP IRELAND 2010]] for more information <br><br>
 
Click [[OWASP IRELAND 2010]] for more information <br><br>
  
== OWASP Ireland 2010 Agenda ==
+
== OWASP Ireland 2010 Agenda ==
  
 
<br>
 
<br>
  
 
==== JUN 2010  ====
 
==== JUN 2010  ====
== OWASP Event: Define Security Requirements - A practical approach ==
+
 
 +
== OWASP Event: Define Security Requirements - A practical approach ==
  
 
'''When:''' 20/5/2010 6:30pm - 7:30pm <br>
 
'''When:''' 20/5/2010 6:30pm - 7:30pm <br>
Line 25: Line 29:
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
  
'''Sponsors:''' [[File:Ey_logo.gif‎]]<br>
+
'''Sponsors:''' [[Image:Ey logo.gif]]<br>
  
'''Title:''' Define Security Requirements - A practical approach<br>
+
'''Title:''' Define Security Requirements - A practical approach<br>'''Abstract:''' The Data Protection Act states that "appropriate security measures" must be taken to protect personal data. How do you specify the appropriate security measures for a website which processes personal data? It is an important step in a development project, but is often neglected. In this talk, Alexis will descibe his own experiences of assessing web application, and will also look in more detail at what the Data Protection Commissioner says. He will then take a fictional website and look at a practical approach to specifying the security requirements that the fictional application should meet. This will use the kind of risk-based techniques outlined by OWASP or the Microsoft Secure Development Lifecycle (SDL). Issues discussed will include encryption, authentication, access control, audit, etc. The result will be a list of security requirements that can be carried into the design and development phases. Attendees should be able to apply the ideas to their own development projects.  
'''Abstract:''' The Data Protection Act states that "appropriate security measures" must be taken to protect personal data. How do you specify the appropriate security measures for a website which processes personal data? It is an important step in a development project, but is often neglected. In this talk, Alexis will descibe his own experiences of assessing web application, and will also look in more detail at what the Data Protection Commissioner says. He will then take a fictional website and look at a practical approach to specifying the security requirements that the fictional application should meet. This will use the kind of risk-based techniques outlined by OWASP or the Microsoft Secure Development Lifecycle (SDL). Issues discussed will include encryption, authentication, access control, audit, etc. The result will be a list of security requirements that can be carried into the design and development phases. Attendees should be able to apply the ideas to their own development projects.
+
  
 
'''Presenters:'''  
 
'''Presenters:'''  
  
'''Alexis Fitzgerald - Rits Information Security Group'''  
+
'''Alexis Fitzgerald - Rits Information Security Group''' <br>For the last six years Alexis has worked for Rits Information Security Group, where he performs application penetration testing assignments as well as advising clients on application security issues. Before that, he spent many years as a developer (mainly in the financial sector), and he continues to be involved in development. Alexis holds an MSc in Information Security from the University of London, Royal Holloway.<br>
<br>
+
For the last six years Alexis has worked for Rits Information Security Group, where he performs application penetration testing assignments as well as advising clients on application security issues. Before that, he spent many years as a developer (mainly in the financial sector), and he continues to be involved in development. Alexis holds an MSc in Information Security from the University of London, Royal Holloway.<br>
+
  
'''Pictures from the event:'''
+
'''Pictures from the event:'''  
 
+
<table>
+
<tr>
+
<td>
+
</td>
+
</tr>
+
</table>
+
  
 +
{| class="FCK__ShowTableBorders"
 +
|-
 +
|
 +
|}
  
 +
<br>
  
'''Download Presentation:''' [[File:OWASP_Ireland_June10.pdf‎]]
+
'''Download Presentation:''' [[Image:OWASP Ireland June10.pdf]]  
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 61: Line 60:
 
==== JUL 2010  ====
 
==== JUL 2010  ====
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 73: Line 72:
 
==== AUG 2010  ====
 
==== AUG 2010  ====
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 85: Line 84:
 
==== SEP 2010  ====
 
==== SEP 2010  ====
  
== APPSEC IRELAND 2010 ==
+
== APPSEC IRELAND 2010 ==
  
Due to popular demand we are hosting the 2nd OWASP IRELAND event, '''OWASP Ireland 2010'''.
+
Due to popular demand we are hosting the 2nd OWASP IRELAND event, '''OWASP Ireland 2010'''. <br>Continuing last years highly successful conference, with more than 150 attendees from across the globe OWASP is happy to repeat this positive experience. <br>Delegates from numerous industry verticals attended the 2009 event; from government to finance to telecoms. Share your thoughts at this open event with some of the most experienced individuals in the information security industry.  
<br> Continuing last years highly successful conference, with more than 150 attendees from across the globe OWASP is happy to repeat this positive experience.
+
<br>Delegates from numerous industry verticals attended the 2009 event; from government to finance to telecoms.
+
Share your thoughts at this open event with some of the most experienced individuals in the information security industry.
+
  
 
<br>''More info about this upcoming event coming soon.''<br>
 
<br>''More info about this upcoming event coming soon.''<br>
Line 98: Line 94:
 
'''Where:''' Trinity College Dublin, The Hamilton Building <br>
 
'''Where:''' Trinity College Dublin, The Hamilton Building <br>
  
'''Sponsors:''' In case you want to sponsor this event, please contact [[Eoin_Keary|Eoin Keary]]. <br>
+
'''Sponsors:''' In case you want to sponsor this event, please contact [[Eoin Keary|Eoin Keary]]. <br>
  
'''Subscribe to the OWASP Ireland [https://lists.owasp.org/mailman/listinfo/owasp-ireland mail list] for the up-to-date information.'''
+
'''Subscribe to the OWASP Ireland [https://lists.owasp.org/mailman/listinfo/owasp-ireland mail list] for the up-to-date information.'''  
  
 +
<br>
  
 
==== OCT 2010  ====
 
==== OCT 2010  ====
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 117: Line 114:
 
==== NOV 2010  ====
 
==== NOV 2010  ====
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 129: Line 126:
 
==== DEC 2010  ====
 
==== DEC 2010  ====
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 139: Line 136:
 
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br>
 
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br>
  
 +
<br>
  
 
==== 2010 Chapter Plan  ====
 
==== 2010 Chapter Plan  ====
Line 150: Line 148:
 
'''Special Project:'''Hands-On Training<br>Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes<br>Next Milestone: Organize Training Offerings<br>Project Participants: Fabio Cerullo<br><br>
 
'''Special Project:'''Hands-On Training<br>Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes<br>Next Milestone: Organize Training Offerings<br>Project Participants: Fabio Cerullo<br><br>
  
 +
<br>Call For Presentations for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting. <br><br>*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the [http://www.owasp.org/index.php/Global_Committee_Pages Global Committee] as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved
  
Call For Presentations for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting. <br><br>*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the [http://www.owasp.org/index.php/Global_Committee_Pages Global Committee] as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved
+
==== FEB 2010 ====
  
==== FEB 2010 ====
+
== OWASP Ireland Event - What is the O2 Platform? ==
 
+
== OWASP Ireland Event - What is the O2 Platform? ==
+
  
 
'''When:''' 19/2/2010 3:00pm - 5:00pm <br>
 
'''When:''' 19/2/2010 3:00pm - 5:00pm <br>
Line 161: Line 158:
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
  
'''Sponsors:''' [[File:Ey_logo.gif‎]]<br>
+
'''Sponsors:''' [[Image:Ey logo.gif]]<br>
  
 
'''Title:''' OWASP O2 Platform - Open Platform for automating application security knowledge and workflows <br>'''Abstract:''' In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.  
 
'''Title:''' OWASP O2 Platform - Open Platform for automating application security knowledge and workflows <br>'''Abstract:''' In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.  
  
'''Presenter:''' Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences. At OWASP, Dinis is the leader of the [[OWASP O2 Platform]] project, member of the OWASP [[Global Projects Committee]], chair of the [[OWASP Connections Committee]] and member of the [[About_The_Open_Web_Application_Security_Project#Global_Board_Members|OWASP Board]].
+
'''Presenter:''' Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences. At OWASP, Dinis is the leader of the [[OWASP O2 Platform]] project, member of the OWASP [[Global Projects Committee]], chair of the [[OWASP Connections Committee]] and member of the [[About The Open Web Application Security Project#Global_Board_Members|OWASP Board]].  
  
'''Download Presentation:''' http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf
+
'''Download Presentation:''' http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf  
  
== IISF/OWASP – February Chapter Meeting ==
+
== IISF/OWASP – February Chapter Meeting ==
  
 
'''When:''' 25/2/2010 2:00pm - 4:00pm <br>
 
'''When:''' 25/2/2010 2:00pm - 4:00pm <br>
Line 175: Line 172:
 
'''Where:''' Georgian Suite, Buswells Hotel, Molesworth St., Dublin 2  
 
'''Where:''' Georgian Suite, Buswells Hotel, Molesworth St., Dublin 2  
  
'''Title:''' An overview of Web Application Security threats and technologies.
+
'''Title:''' An overview of Web Application Security threats and technologies. Practical advice and techniques for improving Application Security, presented by OWASP.  
Practical advice and techniques for improving Application Security, presented by OWASP.
+
  
2:00 - Introduction by IISF Chairman  
+
2:00 - Introduction by IISF Chairman  
  
2:05 - Presentation : “Practical advice for improving Application Security”
+
2:05 - Presentation&nbsp;: “Practical advice for improving Application Security” - Introduction to OWASP and OWASP Top Ten - Demonstration video of typical web based attacks with high level explanation - Live SQL injection demo using WebGoat &amp; WebScarab - Live Cross Site Scripting demo using WebGoat &amp; WebScarab  
- Introduction to OWASP and OWASP Top Ten
+
- Demonstration video of typical web based attacks with high level explanation
+
- Live SQL injection demo using WebGoat & WebScarab
+
- Live Cross Site Scripting demo using WebGoat & WebScarab
+
  
'''Download Presentation:''' [[File:IISF_250210_part1.ppt‎]]
+
'''Download Presentation:''' [[Image:IISF 250210 part1.ppt]]  
  
3:00 - Coffee
+
3:00 - Coffee  
  
3:20 – Presentation continues  
+
3:20 – Presentation continues - Application Security: "The problems we are faced with" - The Application Security Verification Standard - SDLC &amp; Security Assurance Maturity Model - Code Review versus traditional Runtime Testing. - Q&amp;A  
- Application Security: "The problems we are faced with"
+
- The Application Security Verification Standard
+
- SDLC & Security Assurance Maturity Model
+
- Code Review versus traditional Runtime Testing.
+
- Q&A
+
  
'''Download Presentation:''' [[File:IISF_250210_part2.pptx‎]]
+
'''Download Presentation:''' [[Image:IISF 250210 part2.pptx]]  
  
4:00 - Close of Meeting
+
4:00 - Close of Meeting  
  
4:05 - Traditional networking in Buswells Bar
+
4:05 - Traditional networking in Buswells Bar  
  
 +
<br>
  
 
==== MAR 2010  ====
 
==== MAR 2010  ====
  
== APPSEC IRELAND INFORMAL MEET-UP - 26/3/2010 ==
+
== APPSEC IRELAND INFORMAL MEET-UP - 26/3/2010 ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 218: Line 206:
 
==== APR 2010  ====
 
==== APR 2010  ====
  
== OWASP Live CD - An open environment for Web Application Security ==
+
== OWASP Live CD - An open environment for Web Application Security ==
  
 
'''When:''' 16/4/2010 2:30pm - 5:00pm <br>
 
'''When:''' 16/4/2010 2:30pm - 5:00pm <br>
Line 224: Line 212:
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
  
'''Sponsors:''' [[File:Ey_logo.gif‎]]<br>
+
'''Sponsors:''' [[Image:Ey logo.gif]]<br>
  
'''Title:''' OWASP Live CD - An open environment for Web Application Security <br>
+
'''Title:''' OWASP Live CD - An open environment for Web Application Security <br>'''Abstract:''' This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing. <br>Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools.  
'''Abstract:''' This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing.  
+
<br>
+
Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools.  
+
  
 
'''Presenters:'''  
 
'''Presenters:'''  
  
'''Rahim Jina'''  
+
'''Rahim Jina''' <br>Rahim Jina currently works as a senior consultant for Ernst &amp; Young's Risk Advisory Services in Dublin. He has worked there for nearly four years primarily delivering penetration testing services to clients globally, focusing on web applications and secure code review. He has been involved with OWASP for the past two years, being involved in the Summer of Code 2008 as lead reviewer for the Code Review Guide 2009. He has also made contributions to the SAMM project (OpenSAMM). He holds an MSC in Security and Forensic Computing from DCU and a degree in computer science from Trinity college. <br>'''Eoin Keary''' <br>Eoin is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst &amp; Young application security team across Europe. His OWASP contributions to date include the OWASP Code Review Guide, OWASP Testing Guide, OWASP SAMM, and OWASP ASVS. He is a member of the OWASP Global Industry Committee, chair of the OWASP Conferences Committee and member of the OWASP Global Board. Eoin founded the OWASP Ireland chapter back in 2004 and currently serves as Vice President of the OWASP Ireland Board.  
<br>
+
Rahim Jina currently works as a senior consultant for Ernst & Young's Risk Advisory Services in Dublin. He has worked there for nearly four years primarily delivering penetration testing services to clients globally, focusing on web applications and secure code review.
+
He has been involved with OWASP for the past two years, being involved in the Summer of Code 2008 as lead reviewer for the Code Review Guide 2009. He has also made contributions to the SAMM project (OpenSAMM).
+
He holds an MSC in Security and Forensic Computing from DCU and a degree in computer science from Trinity college.
+
<br>
+
'''Eoin Keary'''
+
<br>
+
Eoin is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst & Young application security team across Europe. His OWASP contributions to date include the OWASP Code Review Guide, OWASP Testing Guide, OWASP SAMM, and OWASP ASVS. He is a member of the OWASP Global Industry Committee, chair of the OWASP Conferences Committee and member of the OWASP Global Board. Eoin founded the OWASP Ireland chapter back in 2004 and currently serves as Vice President of the OWASP Ireland Board.
+
  
'''Pictures from the event:'''
+
'''Pictures from the event:'''  
 +
<center>
 +
{| class="FCK__ShowTableBorders"
 +
|-
 +
|
 +
[http://www.owasp.org/images/d/db/P1040923_1024.JPG [[Image:|P1040923_small.jpg]]]<br>[http://www.owasp.org/images/d/db/P1040923_1024.JPG zoom]
  
<center>
+
|
<table>
+
[http://www.owasp.org/images/f/f3/P1040927_1024.JPG [[Image:|P1040927_small.jpg]]]<br>[http://www.owasp.org/images/f/f3/P1040927_1024.JPG zoom]
<tr>
+
 
<td>
+
|
[http://www.owasp.org/images/d/db/P1040923_1024.JPG http://www.owasp.org/images/2/24/P1040923_small.jpg]<br>[http://www.owasp.org/images/d/db/P1040923_1024.JPG zoom]
+
[http://www.owasp.org/images/6/64/P1040929_1024.JPG [[Image:|P1040929_small.jpg]]]<br>[http://www.owasp.org/images/6/64/P1040929_1024.JPG zoom]
</td>
+
 
<td>
+
|}
[http://www.owasp.org/images/f/f3/P1040927_1024.JPG http://www.owasp.org/images/e/ec/P1040927_small.jpg]<br>[http://www.owasp.org/images/f/f3/P1040927_1024.JPG zoom]
+
</td>
+
<td>
+
[http://www.owasp.org/images/6/64/P1040929_1024.JPG http://www.owasp.org/images/b/b1/P1040929_small.jpg]<br>[http://www.owasp.org/images/6/64/P1040929_1024.JPG zoom]
+
</td>
+
</tr>
+
</table>
+
 
</center>
 
</center>
 +
'''Download Presentation:''' [http://www.owasp.org/images/e/ee/OWASP_Live_CD.pptx [[Image:|Download.png]]]
  
'''Download Presentation:''' [http://www.owasp.org/images/e/ee/OWASP_Live_CD.pptx http://www.owasp.org/images/f/f1/Download.png]
+
== APPSEC IRELAND INFORMAL MEET-UP ==
 
+
== APPSEC IRELAND INFORMAL MEET-UP ==
+
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 275: Line 249:
 
==== MAY 2010  ====
 
==== MAY 2010  ====
  
== OWASP Event: Trials & Tribulations of WAF Implementation ==
+
== OWASP Event: Trials &amp; Tribulations of WAF Implementation ==
  
 
'''When:''' 20/5/2010 6:30pm - 7:30pm <br>
 
'''When:''' 20/5/2010 6:30pm - 7:30pm <br>
Line 281: Line 255:
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
 
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland  
  
'''Sponsors:''' [[File:Ey_logo.gif‎]]<br>
+
'''Sponsors:''' [[Image:Ey logo.gif]]<br>
  
'''Title:''' Trials & Tribulations of WAF Implementation<br>
+
'''Title:''' Trials &amp; Tribulations of WAF Implementation<br>'''Abstract:''' A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.<br>Mark will be presenting on his experience in implementing a Web Application Firewall solution through all phases from research to implementation.  
'''Abstract:''' A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.<br>Mark will be presenting on his experience in implementing a Web Application Firewall solution through all phases from research to implementation.  
+
  
 
'''Presenters:'''  
 
'''Presenters:'''  
  
'''Mark Hillick - Application Networking Team, Citrix Systems'''  
+
'''Mark Hillick - Application Networking Team, Citrix Systems''' <br>Mark Hillick has 10 years experience in relation to Internet, networking, systems administration and security engineering.  
<br>
+
Mark Hillick has 10 years experience in relation to Internet, networking, systems administration and security engineering.
+
  
Mark graduated from Queen's University, where he studied Mathematics.
+
Mark graduated from Queen's University, where he studied Mathematics.  
  
Mark joined AIB from Queen's where he joined the Internet Infrastructure team, where he was responsible for designing, building and securing the Internet service in and out of AIB. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS CERT, where he is also a Volunteer Incident Handler. He helped organise IRISSCon 2009, where he also designed and built HackEire 2009, the first Ethical Hacking 'Capture The Flag' contest in Ireland.<br>
+
Mark joined AIB from Queen's where he joined the Internet Infrastructure team, where he was responsible for designing, building and securing the Internet service in and out of AIB. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS CERT, where he is also a Volunteer Incident Handler. He helped organise IRISSCon 2009, where he also designed and built HackEire 2009, the first Ethical Hacking 'Capture The Flag' contest in Ireland.<br>
  
'''Pictures from the event:'''
+
'''Pictures from the event:'''  
  
<table>
+
{| class="FCK__ShowTableBorders"
<tr>
+
|-
<td>
+
|
[[Image:20052010017.jpg|thumb|alt=A caption from Mark's talk|Click here to zoom picture.]]
+
[[Image:20052010017.jpg|thumb|A caption from Mark's talk]]
</td>
+
</tr>
+
</table>
+
  
 +
|}
  
 +
<br>
  
'''Download Presentation:''' [http://docs.google.com/fileview?id=0B3vrVYEosFeEZDMyZjIzYTktMzNkZC00ZjBlLWFiYTgtNThjZGE4YTE1NmFj http://www.owasp.org/images/f/f1/Download.png]
+
'''Download Presentation:''' [http://docs.google.com/fileview?id=0B3vrVYEosFeEZDMyZjIzYTktMzNkZC00ZjBlLWFiYTgtNThjZGE4YTE1NmFj [[Image:|Download.png]]]  
  
== APPSEC IRELAND INFORMAL MEET-UP ==
+
== APPSEC IRELAND INFORMAL MEET-UP ==
  
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
 
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br>
Line 320: Line 290:
 
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br>
 
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br>
  
 +
<br>
  
 +
<br>
  
 
+
<br>
 
+
 
+
  
 
__NOTOC__ <headertabs />
 
__NOTOC__ <headertabs />
  
 
[[Category:Ireland]]
 
[[Category:Ireland]]

Revision as of 10:32, 9 July 2010

OWASP Ireland

Welcome to the Ireland chapter homepage. Owasp logo ireland small.jpg
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG become a Member or Annual Chapter Sponsor(s).

OWASP Ireland Board

Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below


OWASP Ireland
23 The Chandler, Rahtborne Village
Ashtown, Dublin 15, Ireland
Tel: +353877817468 | Fax: +353877817468

funds to OWASP earmarked for Ireland.

OWASP Ireland 2010

Dublin2010.gif

Click OWASP IRELAND 2010 for more information

OWASP Ireland 2010 Agenda


JUN 2010

OWASP Event: Define Security Requirements - A practical approach

When: 20/5/2010 6:30pm - 7:30pm

Where: Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland

Sponsors: Ey logo.gif

Title: Define Security Requirements - A practical approach
Abstract: The Data Protection Act states that "appropriate security measures" must be taken to protect personal data. How do you specify the appropriate security measures for a website which processes personal data? It is an important step in a development project, but is often neglected. In this talk, Alexis will descibe his own experiences of assessing web application, and will also look in more detail at what the Data Protection Commissioner says. He will then take a fictional website and look at a practical approach to specifying the security requirements that the fictional application should meet. This will use the kind of risk-based techniques outlined by OWASP or the Microsoft Secure Development Lifecycle (SDL). Issues discussed will include encryption, authentication, access control, audit, etc. The result will be a list of security requirements that can be carried into the design and development phases. Attendees should be able to apply the ideas to their own development projects.

Presenters:

Alexis Fitzgerald - Rits Information Security Group
For the last six years Alexis has worked for Rits Information Security Group, where he performs application penetration testing assignments as well as advising clients on application security issues. Before that, he spent many years as a developer (mainly in the financial sector), and he continues to be involved in development. Alexis holds an MSc in Information Security from the University of London, Royal Holloway.

Pictures from the event:


Download Presentation: File:OWASP Ireland June10.pdf

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: After Alexis presentation

Where: Odeon Pub

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

JUL 2010

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: TBD

Where: TBD

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

AUG 2010

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: TBD

Where: TBD

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

SEP 2010

APPSEC IRELAND 2010

Due to popular demand we are hosting the 2nd OWASP IRELAND event, OWASP Ireland 2010.
Continuing last years highly successful conference, with more than 150 attendees from across the globe OWASP is happy to repeat this positive experience.
Delegates from numerous industry verticals attended the 2009 event; from government to finance to telecoms. Share your thoughts at this open event with some of the most experienced individuals in the information security industry.


More info about this upcoming event coming soon.

When: September 2010 - exact date to be confirmed

Where: Trinity College Dublin, The Hamilton Building

Sponsors: In case you want to sponsor this event, please contact Eoin Keary.

Subscribe to the OWASP Ireland mail list for the up-to-date information.


OCT 2010

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: TBD

Where: TBD

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

NOV 2010

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: TBD

Where: TBD

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

DEC 2010

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: TBD

Where: TBD

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.


2010 Chapter Plan

Special Project:Educational Outreach
Summary: Drive education awareness of OWASP among Irish Universities and Third Level Institutions.
Plan: <insert plan>
Next Milestone: Update the plan
Participants: Fabio Cerullo

Special Project:Industry Outreach
Summary: Raise awareness of OWASP among Irish industry.
Plan: <insert plan>
Next Milestone: Update the plan
Participants: Eoin Keary

Special Project:Membership Drive
Summary: Increase local chapter members individuals and corporate supporters
Plan: <insert>
Next Milestone: Update the plan
Project Participants: Rahim Jina

Special Project:Hands-On Training
Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes
Next Milestone: Organize Training Offerings
Project Participants: Fabio Cerullo


Call For Presentations for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting.

*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the Global Committee as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved

FEB 2010

OWASP Ireland Event - What is the O2 Platform?

When: 19/2/2010 3:00pm - 5:00pm

Where: Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland

Sponsors: Ey logo.gif

Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.

Presenter: Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences. At OWASP, Dinis is the leader of the OWASP O2 Platform project, member of the OWASP Global Projects Committee, chair of the OWASP Connections Committee and member of the OWASP Board.

Download Presentation: http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf

IISF/OWASP – February Chapter Meeting

When: 25/2/2010 2:00pm - 4:00pm

Where: Georgian Suite, Buswells Hotel, Molesworth St., Dublin 2

Title: An overview of Web Application Security threats and technologies. Practical advice and techniques for improving Application Security, presented by OWASP.

2:00 - Introduction by IISF Chairman

2:05 - Presentation : “Practical advice for improving Application Security” - Introduction to OWASP and OWASP Top Ten - Demonstration video of typical web based attacks with high level explanation - Live SQL injection demo using WebGoat & WebScarab - Live Cross Site Scripting demo using WebGoat & WebScarab

Download Presentation: File:IISF 250210 part1.ppt

3:00 - Coffee

3:20 – Presentation continues - Application Security: "The problems we are faced with" - The Application Security Verification Standard - SDLC & Security Assurance Maturity Model - Code Review versus traditional Runtime Testing. - Q&A

Download Presentation: File:IISF 250210 part2.pptx

4:00 - Close of Meeting

4:05 - Traditional networking in Buswells Bar


MAR 2010

APPSEC IRELAND INFORMAL MEET-UP - 26/3/2010

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

When: TBD

Where: TBD

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

APR 2010

OWASP Live CD - An open environment for Web Application Security

When: 16/4/2010 2:30pm - 5:00pm

Where: Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland

Sponsors: Ey logo.gif

Title: OWASP Live CD - An open environment for Web Application Security
Abstract: This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing.
Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools.

Presenters:

Rahim Jina
Rahim Jina currently works as a senior consultant for Ernst & Young's Risk Advisory Services in Dublin. He has worked there for nearly four years primarily delivering penetration testing services to clients globally, focusing on web applications and secure code review. He has been involved with OWASP for the past two years, being involved in the Summer of Code 2008 as lead reviewer for the Code Review Guide 2009. He has also made contributions to the SAMM project (OpenSAMM). He holds an MSC in Security and Forensic Computing from DCU and a degree in computer science from Trinity college.
Eoin Keary
Eoin is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst & Young application security team across Europe. His OWASP contributions to date include the OWASP Code Review Guide, OWASP Testing Guide, OWASP SAMM, and OWASP ASVS. He is a member of the OWASP Global Industry Committee, chair of the OWASP Conferences Committee and member of the OWASP Global Board. Eoin founded the OWASP Ireland chapter back in 2004 and currently serves as Vice President of the OWASP Ireland Board.

Pictures from the event:

[[Image:|P1040923_small.jpg]]
zoom

[[Image:|P1040927_small.jpg]]
zoom

[[Image:|P1040929_small.jpg]]
zoom

Download Presentation: [[Image:|Download.png]]

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

Where: Odeon Pub

When: After OWASP Live CD training

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.

MAY 2010

OWASP Event: Trials & Tribulations of WAF Implementation

When: 20/5/2010 6:30pm - 7:30pm

Where: Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland

Sponsors: Ey logo.gif

Title: Trials & Tribulations of WAF Implementation
Abstract: A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
Mark will be presenting on his experience in implementing a Web Application Firewall solution through all phases from research to implementation.

Presenters:

Mark Hillick - Application Networking Team, Citrix Systems
Mark Hillick has 10 years experience in relation to Internet, networking, systems administration and security engineering.

Mark graduated from Queen's University, where he studied Mathematics.

Mark joined AIB from Queen's where he joined the Internet Infrastructure team, where he was responsible for designing, building and securing the Internet service in and out of AIB. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS CERT, where he is also a Volunteer Incident Handler. He helped organise IRISSCon 2009, where he also designed and built HackEire 2009, the first Ethical Hacking 'Capture The Flag' contest in Ireland.

Pictures from the event:

A caption from Mark's talk


Download Presentation: [[Image:|Download.png]]

APPSEC IRELAND INFORMAL MEET-UP

This is a informal gathering to meet others in information security and have a pint ;) all are welcome

Where: Odeon Pub

When: After WAF presentation

Sponsors: In case you want to sponsor this event, please contact Fabio Cerullo.