Difference between revisions of "Kitchener/Waterloo"

From OWASP
Jump to: navigation, search
m
 
(11 intermediate revisions by one user not shown)
Line 1: Line 1:
__NOTOC__
+
{{Chapter Template|chaptername=Kitchener/Waterloo|extra=The chapter leaders are [mailto:colin.delaney@owasp.org Colin Delaney] &  [mailto:Chris.Howell@owasp.org Chris Howell].
 +
<paypal>Kitchener/Waterloo</paypal>
 +
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-kitchener-waterloo}}
  
== OWASP Kitchener/Waterloo Local Chapter  ==
 
  
= Welcome <u></u> =
+
== Upcoming Meetings & Presentations ==
 +
'''Thursday March 28th, 2013 6:00-7:30'''
 +
'''Location: McAfee Anti-Virus, 565 Kumpf Drive, Waterloo''' - Basically Northfield & Expressway.
 +
'''Agenda:'''
 +
#Introductions
 +
#Presentation: (Dave Ockwell-Jenner)  Annoying Persistent Threat edition
  
Welcome to the local Kitchner/Waterloo chapter homepage. The chapter leader is [mailto:colin.delaney@owasp.org Colin Delaney]
 
  
Local OWASP Chapter meetings are FREE and OPEN to anyone interested in learning more about application security. We encourage individuals to provide knowledge transfer via hands-on training and presentations of specific OWASP projects and research topics and sharing SDLC knowledge. We encourage vendor-agnostic presentations to utilize the OWASP Powerpoint template when applicable and individual volunteerism to enable perpetual growth. <br>
+
'''Presentation Brief:'''
 +
China: All up in your business - Annoying Persistent Threat edition
  
Everyone is welcome. Feel free to sign up to our mailint list.<br>
+
For the past few years, I've been involved in examining intrusions by a group informally known as Comment Crew -- which are now better known as 'APT1' following the recent release of the report from Mandiant. This group falls into the class of the 'Advanced Persistent Threat' and are known to use compromised web sites to supply command/control to compromised systems. I have a live demo of an annotated attack against a fictitious company, using custom malware and metasploit. It shows how attackers initially compromise a system, supply commands, install additional malware, gain privileges in post-exploit and loot the network for fun and profit! All-in-all it takes about an hour including questions as we go. It's targeted toward beginner/intermediate and we can focus on the demo-malware code itself if we have lots of devs - advanced pentesters will find it pretty typical.
https://lists.owasp.org/mailman/listinfo/owasp-kitchener-waterloo
+
  
<br>
+
'''Dave's Bio:'''
  
= Chapter Meetings and Presentations  =
+
''Dave Ockwell-Jenner has an extensive background in technology: from building one of the Internet’s earliest major web sites, to helping secure some of the world’s most critical systems. He has led the development of solutions for some of Canada’s most prominent technology companies, including Research In Motion and Nortel.''
  
Everyone is welcome to join us at our chapter meetings. Our chapter's meetings are informal and we encourage open discussion of all aspects of web application security.
+
''He currently works for a Swiss-based company that specializes in IT and communications for the Air Transport Industry. In this role he has focused on designing and delivering the company's secure software development lifecycle. Through this, Dave regularly trains developers in secure software techniques, and has co-authored the SANS course on Developing Defensible Java EE Solutions.''
  
Stay tuned for upcomming events. To be notified, feel free to join our mailing list.<br>
+
''Dave also runs a boutique security consultancy called Prime Information Security, concentrating on information security within Small-to-Medium Businesses. He is a security blogger for TELUS and also co-founded a business networking organization called the Small Business Community Network (SBCN).''
https://lists.owasp.org/mailman/listinfo/owasp-kitchener-waterloo
+
  
=== ''' Chapter Meeting #2:''' ===
+
''' We would like to provide some food & bervage so if you're planning on attending please RSVP so we can plan accordingly'''
  
TBD
+
Please RSVP to [mailto:colin.delaney@owasp.org Colin Delaney] OR  [mailto:Chris.Howell@owasp.org Chris Howell] To Confirm your presence.
  
  
=== ''' Chapter Meeting #1 / Presentation:'''  ===
 
  
'''When: Wednesday, November 16th, 8pm&nbsp;'''- ''Local Chapter Kickoff Meeting + Presentation (<u>Steve Hendrikse - Introduction To Web Services Security Testing</u>)''
 
  
'''Location: RumRunnerPub, '''1 King Street W., Kitchener (Basement of Walper Hotel, corner of King and Queen'''- [http://g.co/maps/s8cz8 Map/Directions]''' <br><br>Please RSVP to '''owasp@mccrabb.com''' <br><br>'''Length:''' 2 Hours
 
  
'''Description:''' For this informal meeting, we will have brief introductions, complete some general housekeeping, and discuss what we would like to get out of our local chapter. For the second half, our guest speaker will present an introduction to web services security testing
+
== Speakers ==
 +
We are always looking for security minded speakers to present on a topic of your choice, Developers, Quality Assurance, Project Managers, Managers are all welcome, if you're interested please contact one of the chapter leaders.
  
'''Agenda:'''
+
== Meetings ==
 +
Meetings are open, free and welcoming for all to attend. Some Beverages & food will be provided.
  
Welcome &amp; Introductions<br>- OWASP Mission &amp; Goals<br>- OWASP Meetings<br>- OWASP resources and materials<br>- OWASP Membership<br><br>
+
=== Previous Meetings ===
  
Guest Speaker<br>- Steve Hendrikse - Intro to testing Web Services<br>- Q&amp;A<br>- Open Discussion<br>- Feedback &amp; Closing Comments<br><br>
+
'''Tuesday February 26th 2013, 6:00-8:00pm''' <br />
 +
'''Location: Morty's Pub (Basement) 272 King Street North, Waterloo Ontario''' <br />
  
'''Speaker Bio:''' Steve Hendrikse is a Technical Security Analyst with Research In Motion. He specializes in web application security assessment and testing. Steve also has a leading role within the Corporate Security Department in developing and extending the Secure Development Lifecycle at RIM. Steve studied Computer Science at the University of Western Ontario and attained an MSc. in Information Security from the Royal Holloway. His interests include application/system usability and accessibility, reverse engineering, and design for security.
 
  
'''''<span style="display: none" id="1321974845726S">&nbsp;</span>'''''<b>Outcome / Update: </b>Our first meeting was a great success. We had 9 people attend, including our speaker. We had some techical diffictulties with our projector setup, but were able to overcome it due to the small crowd. The presentation was very interesting and the speaker was Class One. Thanks Steve for a great / informative presentation. Below is a link to the slideshow portion of the presentation for anyone intersted in the topic to view. We are looking forward to our next meeting, hoping some time in May / June. Stay tuned.
+
'''Agenda:''' <br />
 +
<strike>
 +
#Introductions  <br />
 +
#OWASP Mission & Meetings <br />
 +
#Guest Presentation & Discussions <br />
 +
#OWASP Materials
 +
#OWASP Membership
 +
</strike>
  
[http://www.hendrikse.ca/steve/owasp_webservicetesting.ppt [Presentation Slide Show]]
+
<br/>
 +
<br/>
 +
<br/>
  
= Participation =
+
''When: Wednesday, November 16th, 8pm&nbsp;'''- ''Local Chapter Kickoff Meeting + Presentation (<u>Steve Hendrikse - Introduction To Web Services Security Testing</u>)''
  
Our OWASP Local Chapter is free and open. Anyone in our area interested in web application security is welcome to participate. We encourage attendees to give short presentations about specific topics, or even just contribute through the mailing list. All ideas and topics welcome.
+
'''Location: RumRunnerPub, '''1 King Street W., Kitchener (Basement of Walper Hotel, corner of King and Queen'''- [http://g.co/maps/s8cz8 Map/Directions]''' <br><br>
  
If you would like to make a presentation, or have any questions about our OWASP Chapter, send an email to one of the chapter leaders. <br><br>
+
'''Description:''' For this informal meeting, we will have brief introductions, complete some general housekeeping, and discuss what we would like to get out of our local chapter. For the second half, our guest speaker will present an introduction to web services security testing
  
To keep up-to-date on all chapter events and meetings, or to propose ideas and topics to discuss, feel free to join our mailing list...<br>
 
https://lists.owasp.org/mailman/listinfo/owasp-kitchener-waterloo
 
  
= Contact Chapter Leaders =
+
<strike>Welcome &amp; Introductions</strike><br>- <strike>OWASP Mission &amp; Goals</strike><br>- <strike>OWASP Meetings</strike><br>- <strike>OWASP resources and materials</strike><br>- <strike>OWASP Membership</strike><br><br>
 +
 
 +
Guest Speaker<br>- Steve Hendrikse - Intro to testing Web Services<br>- Q&amp;A<br>- Open Discussion<br>- Feedback &amp; Closing Comments<br><br>
 +
 
 +
'''Speaker Bio:''' Steve Hendrikse is a Technical Security Analyst with Research In Motion. He specializes in web application security assessment and testing. Steve also has a leading role within the Corporate Security Department in developing and extending the Secure Development Lifecycle at RIM. Steve studied Computer Science at the University of Western Ontario and attained an MSc. in Information Security from the Royal Holloway. His interests include application/system usability and accessibility, reverse engineering, and design for security.
 +
 
 +
'''''<span style="display: none" id="1321974845726S">&nbsp;</span>'''''<b>Outcome / Update: </b>Our first meeting was a great success. We had 9 people attend, including our speaker. We had some techical diffictulties with our projector setup, but were able to overcome it due to the small crowd. The presentation was very interesting and the speaker was Class One. Thanks Steve for a great / informative presentation. Below is a link to the slideshow portion of the presentation for anyone intersted in the topic to view. We are looking forward to our next meeting, hoping some time in May / June. Stay tuned.
 +
 
 +
=== Past Presentations===
 +
Steve's Presentation on Web Service Security Testing
 +
[http://www.hendrikse.ca/steve/owasp_webservicetesting.ppt [Presentation Slide Show]]
 +
 
 +
= Contact Chapter Leaders & Committee =
  
 
Feel free to contact our chapter leaders via email...<br>
 
Feel free to contact our chapter leaders via email...<br>
[mailto:owasp%40mccrabb.com Tim McCrabb]<br>
+
[mailto:colin.delaney@owasp.org Colin Delaney]<br>
[mailto:owaspjay%40gmail.com Jay Rosenberger]<br>
+
[mailto:Chris.Howell@owasp.org Chris Howell]<br>
 +
 
 +
If you're interested in getting involved we are interested in hearing from you, we're looking to build a great committee to set direction and vision for KW OWASP into the future.
  
 
Also feel free to join our mailing list and contact us through it in a public / open fashion.<br>
 
Also feel free to join our mailing list and contact us through it in a public / open fashion.<br>
Line 66: Line 91:
 
= Donations =
 
= Donations =
  
We are currently accepting any and all donations...<br>
+
OWASP is a non-profit vendor neutral organization we are committed to raising the collective security awareness and knowledge in the Kitchener-Waterloo IT community, globally working with our OWASP parent organization to provide the IT community with tools & resources to better make the IT professional aware of security vulnerabilities. If you're a security dedicated individual and you would like to help the Kitchener-Waterloo chapter, put on events, educate the IT professionals and the public. Please consider making a donation through the donate button on this page.
 +
 
 +
= Social Media=
 +
You can follow us on Twitter @OWASP_KW
  
<paypal>Kitchner/Waterloo</paypal>
+
= Other Chapter Events=
  
 +
We partner with other chapters, and display their upcoming events in this section in case you are visiting our chapter from somewhere else or you will be in their area, feel free to stop by their events and see what is new and happening at their meetings.
  
 +
== Toronto Chapter ==
  
<headertabs />
+
== Ottawa Chapter==

Latest revision as of 16:32, 8 March 2013

Contents

OWASP Kitchener/Waterloo

Welcome to the Kitchener/Waterloo chapter homepage. The chapter leaders are Colin Delaney & Chris Howell.

funds to OWASP earmarked for Kitchener/Waterloo.

Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Upcoming Meetings & Presentations

Thursday March 28th, 2013 6:00-7:30 Location: McAfee Anti-Virus, 565 Kumpf Drive, Waterloo - Basically Northfield & Expressway. Agenda:

  1. Introductions
  2. Presentation: (Dave Ockwell-Jenner) Annoying Persistent Threat edition


Presentation Brief: China: All up in your business - Annoying Persistent Threat edition

For the past few years, I've been involved in examining intrusions by a group informally known as Comment Crew -- which are now better known as 'APT1' following the recent release of the report from Mandiant. This group falls into the class of the 'Advanced Persistent Threat' and are known to use compromised web sites to supply command/control to compromised systems. I have a live demo of an annotated attack against a fictitious company, using custom malware and metasploit. It shows how attackers initially compromise a system, supply commands, install additional malware, gain privileges in post-exploit and loot the network for fun and profit! All-in-all it takes about an hour including questions as we go. It's targeted toward beginner/intermediate and we can focus on the demo-malware code itself if we have lots of devs - advanced pentesters will find it pretty typical.

Dave's Bio:

Dave Ockwell-Jenner has an extensive background in technology: from building one of the Internet’s earliest major web sites, to helping secure some of the world’s most critical systems. He has led the development of solutions for some of Canada’s most prominent technology companies, including Research In Motion and Nortel.

He currently works for a Swiss-based company that specializes in IT and communications for the Air Transport Industry. In this role he has focused on designing and delivering the company's secure software development lifecycle. Through this, Dave regularly trains developers in secure software techniques, and has co-authored the SANS course on Developing Defensible Java EE Solutions.

Dave also runs a boutique security consultancy called Prime Information Security, concentrating on information security within Small-to-Medium Businesses. He is a security blogger for TELUS and also co-founded a business networking organization called the Small Business Community Network (SBCN).


We would like to provide some food & bervage so if you're planning on attending please RSVP so we can plan accordingly

Please RSVP to Colin Delaney OR Chris Howell To Confirm your presence.



Speakers

We are always looking for security minded speakers to present on a topic of your choice, Developers, Quality Assurance, Project Managers, Managers are all welcome, if you're interested please contact one of the chapter leaders.

Meetings

Meetings are open, free and welcoming for all to attend. Some Beverages & food will be provided.

Previous Meetings

Tuesday February 26th 2013, 6:00-8:00pm
Location: Morty's Pub (Basement) 272 King Street North, Waterloo Ontario


Agenda:

  1. Introductions
  2. OWASP Mission & Meetings
  3. Guest Presentation & Discussions
  4. OWASP Materials
  5. OWASP Membership




When: Wednesday, November 16th, 8pm '- Local Chapter Kickoff Meeting + Presentation (Steve Hendrikse - Introduction To Web Services Security Testing)

Location: RumRunnerPub, 1 King Street W., Kitchener (Basement of Walper Hotel, corner of King and Queen- Map/Directions

Description: For this informal meeting, we will have brief introductions, complete some general housekeeping, and discuss what we would like to get out of our local chapter. For the second half, our guest speaker will present an introduction to web services security testing


Welcome & Introductions
- OWASP Mission & Goals
- OWASP Meetings
- OWASP resources and materials
- OWASP Membership

Guest Speaker
- Steve Hendrikse - Intro to testing Web Services
- Q&A
- Open Discussion
- Feedback & Closing Comments

Speaker Bio: Steve Hendrikse is a Technical Security Analyst with Research In Motion. He specializes in web application security assessment and testing. Steve also has a leading role within the Corporate Security Department in developing and extending the Secure Development Lifecycle at RIM. Steve studied Computer Science at the University of Western Ontario and attained an MSc. in Information Security from the Royal Holloway. His interests include application/system usability and accessibility, reverse engineering, and design for security.

Outcome / Update: Our first meeting was a great success. We had 9 people attend, including our speaker. We had some techical diffictulties with our projector setup, but were able to overcome it due to the small crowd. The presentation was very interesting and the speaker was Class One. Thanks Steve for a great / informative presentation. Below is a link to the slideshow portion of the presentation for anyone intersted in the topic to view. We are looking forward to our next meeting, hoping some time in May / June. Stay tuned.

Past Presentations

Steve's Presentation on Web Service Security Testing [Presentation Slide Show]

Contact Chapter Leaders & Committee

Feel free to contact our chapter leaders via email...
Colin Delaney
Chris Howell

If you're interested in getting involved we are interested in hearing from you, we're looking to build a great committee to set direction and vision for KW OWASP into the future.

Also feel free to join our mailing list and contact us through it in a public / open fashion.
https://lists.owasp.org/mailman/listinfo/owasp-kitchener-waterloo

Donations

OWASP is a non-profit vendor neutral organization we are committed to raising the collective security awareness and knowledge in the Kitchener-Waterloo IT community, globally working with our OWASP parent organization to provide the IT community with tools & resources to better make the IT professional aware of security vulnerabilities. If you're a security dedicated individual and you would like to help the Kitchener-Waterloo chapter, put on events, educate the IT professionals and the public. Please consider making a donation through the donate button on this page.

Social Media

You can follow us on Twitter @OWASP_KW

Other Chapter Events

We partner with other chapters, and display their upcoming events in this section in case you are visiting our chapter from somewhere else or you will be in their area, feel free to stop by their events and see what is new and happening at their meetings.

Toronto Chapter

Ottawa Chapter