Kansas City

From OWASP
Revision as of 23:16, 28 August 2010 by Caughron (Talk | contribs)

Jump to: navigation, search

Contents

OWASP Kansas City

Welcome to the Kansas City chapter homepage. If you have any questions about the Kansas City Chapter after reading this page, please send an email to our chapter leader Mat Caughron
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Kansas City.

Upcoming Meetings

We are seeking a speaker for the next KC-OWASP meeting on August 26.

Date: August 26, 2010 6:00 PM - 8:00 PM

Location: Johnson County Community College (JCCC), Room 175 in the Regnier Center.

Topic: Mobile Device Software Security and Testing

Agenda:

Topic: Mobile Device Software Security and Testing Presentation Introduction: - Why we care about these devices? - How enterprises are using these devices. - Personal data stored on these devices. - What we can do depends on the functionality implemented on the device - More and more apps are found to be malicious in some way.

iPhone: - What does "jailbreaking" actually do? - Installing SSH through Cydia. - Using WinSCP to view the underlying filesystem. - Files on the file system (sqlite databases, etc.) - Proxying WiFi traffic for request/response analysis & manipulation. - Proxying 3G traffic through a VPN connection running on a linux VM (currently researching and setting up). - Where are applications located on the device? - Extracting the applications off the phone for further analysis. - How to get at the application via iTunes if the iPhone is not jailbroken.


Android: - Rooting the device (not a hands on demonstration as this is version dependent). - Setting up SSH on the device. - Using WinScp to view underlying filesystem - Proxying 3G traffic through a VPN connection running on a linux VM (currently researching and setting up). - Where are the applications located on the device? - Extracting the applications off of the phone. - Unpackaging the applications. - Decompiling the applications to gain a better understanding of what they are doing.

Speaker:

 Steve Jensen, BT Global Services

Stephen Jensen has been performing web application security assessments for over 7 years. With a background as a software developer, it was his experiences within the software industry that led him to shift his focus more towards the security aspect of software. Stephen is an advocate of the SDLC (Security Development Lifecycle) development process, which attempts to include security as a primary objective within the requirements phase of the software development lifecycle, as well as throughout the entire development process.


    Software and application security topics are open



Attendance of OWASP meetings is free and anyone interested in web application security is welcome to attend. Pass on this meeting announcement to anyone else that would benefit from joining us.


Please note:

  • Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security
  • No registration is required, although RSVPs to the chapter leader are appreciated
  • Professionals with CISSPs, or other certifications, can earn CPE credits by attending


We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to caughron[at]gmail com. Or, get a discussion going by posting a message to our mailing list.

Past Meetings

Thanks to the speakers for sharing with us at our past chapter meetings. Any presentation handouts or associated documents are shared through the following meeting summaries: