Difference between revisions of "Montréal"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{{Chapter Template|chaptername=Montreal|extra=The chapter leader is [mailto:philippe.gamache(at)owasp.org Philippe Gamache]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-montreal|emailarchives=http://lists.owasp.org/pipermail/owasp-montreal}}
+
{{Chapter Template|chaptername=Montreal|extra=The chapter leader is [mailto:philippe.gamache(at)owasp.org Philippe Gamache]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-montreal|emailarchives=http://lists.owasp.org/pipermail/owasp-montreal}}  
  
<paypal>Montreal</paypal>
+
<paypal>Montreal</paypal>  
  
 +
<br>
  
==== OWASP Montreal News ====
+
==== OWASP Montreal News ====
2011-11-17 : Gray areas of the Same Origin Policy -> Philippe Arteau
+
  
2011-09-15 : XSS Defense In Depth at Scale! -> Jim Manico, WhiteHat Security
+
2011-11-17&nbsp;: Gray areas of the Same Origin Policy -&gt; Philippe Arteau
  
2011-07-21 : VEGA -> David Mirza, Subgraph
+
2011-09-15&nbsp;: XSS Defense In Depth at Scale! -&gt; Jim Manico, WhiteHat Security
  
2011-05-19 : Hackus 2011 - Démonstration d'attaques Web -> Jérémie Goulet, Jonathan Marcil, Hackus 2011
+
2011-07-21&nbsp;: VEGA -&gt; David Mirza, Subgraph
  
2011-03-08 : Comment obtenir de l'assurance sécurité tout au long d'un projet de déveleopppement web -> Antonio Fontes, L7 Sécurité
+
2011-05-19&nbsp;: Hackus 2011 - Démonstration d'attaques Web -&gt; Jérémie Goulet, Jonathan Marcil, Hackus 2011
  
2011-01-25 : OWASP Enterprise Security API -> Philippe Gamache, Parler Haut, Interagir Librement
+
2011-03-08&nbsp;: Comment obtenir de l'assurance sécurité tout au long d'un projet de déveleopppement web -&gt; Antonio Fontes, L7 Sécurité
  
2010-12-04 : The new chapter leader is Philippe Gamache
+
2011-01-25&nbsp;: OWASP Enterprise Security API -&gt; Philippe Gamache, Parler Haut, Interagir Librement
  
2010-10-25 : Tweet My Trojan Please -> Sherif Koussa, Software Secured
+
2010-12-04&nbsp;: The new chapter leader is Philippe Gamache
  
2010-07-13 : Le fuzzing et les tests d'intrusions -> Eric Gingras & Sebastien Duquette, Gardien Virtuel
+
2010-10-25&nbsp;: Tweet My Trojan Please -&gt; Sherif Koussa, Software Secured
  
2010-05-11 : Why Implementing Cryptography is Hard
+
2010-07-13&nbsp;: Le fuzzing et les tests d'intrusions -&gt; Eric Gingras &amp; Sebastien Duquette, Gardien Virtuel
  
2010-03-19 : Next meetings date are published
+
2010-05-11&nbsp;: Why Implementing Cryptography is Hard
  
2010-03-10 : OWASP Application Security Verification Standard (ASVS) Project -> Sebastien Gioria
+
2010-03-19&nbsp;: Next meetings date are published
  
2010-02-02 : Authentification forte by Philippe Gamache
+
2010-03-10&nbsp;: OWASP Application Security Verification Standard (ASVS) Project -&gt; Sebastien Gioria
  
2010-01-21 : The Board elected Philippe Gamache as Vice Chapter Leader!
+
2010-02-02&nbsp;: Authentification forte by Philippe Gamache  
  
2010-xx-xx : Look at the tabs, 2 meeting date are scheduled
+
2010-01-21&nbsp;: The Board elected Philippe Gamache as Vice Chapter Leader!
  
2009-11-03 : November 3rd 2009, Pravir Chandra present Software Assurance Maturity Model (OpenSAMM)
+
2010-xx-xx&nbsp;: Look at the tabs, 2 meeting date are scheduled
  
2009-09-17 : Next meeting on September 17th 2009!
+
2009-11-03&nbsp;: November 3rd 2009, Pravir Chandra present Software Assurance Maturity Model (OpenSAMM)
  
2009-07-13 : We are preparing the next meeting, it will be held on September.
+
2009-09-17&nbsp;: Next meeting on September 17th 2009!
  
2009-04-07 : Next meeting on April 7th 2009 in Montreal!
+
2009-07-13&nbsp;: We are preparing the next meeting, it will be held on September.
  
2009-02-25 : Already working for the 2nd meeting in 3 months, more details to come on this site.
+
2009-04-07&nbsp;: Next meeting on April 7th 2009 in Montreal!
  
2009-02-24 : OWASP meeting on February 24th 2009 in Montreal!
+
2009-02-25&nbsp;: Already working for the 2nd meeting in 3 months, more details to come on this site.
  
2009-01-20 : Board meeting
+
2009-02-24&nbsp;: OWASP meeting on February 24th 2009 in Montreal!
  
2008-12-04 : Creation of the chapter board
+
2009-01-20&nbsp;: Board meeting
  
2008-11-28 : The new chapter leader is Benoit Guerette (benoit.guerette@owasp.org)
+
2008-12-04&nbsp;: Creation of the chapter board
  
2008-10-14 : First meeting preparation.
+
2008-11-28&nbsp;: The new chapter leader is Benoit Guerette (benoit.guerette@owasp.org)
  
2007-10-09 : First meeting preparation. (Cancelled)
+
2008-10-14&nbsp;: First meeting preparation.  
  
2007-08-06 : Email list installation.
+
2007-10-09&nbsp;: First meeting preparation. (Cancelled)
  
2007-07-13 : Start-up of the Montreal Chapter. Welcome!
+
2007-08-06&nbsp;: Email list installation.  
  
==== Montreal OWASP Board ====
+
2007-07-13&nbsp;: Start-up of the Montreal Chapter. Welcome!
Scope of the board is to discuss and approve local activities, meetings and plans.
+
  
*In alphabetical order:
+
==== Montreal OWASP Board  ====
*Founder and Chapter Leader [mailto:philippe.gamache(at)owasp.org Philippe Gamache]
+
 
*Board Member [mailto:blondin.philippe(at)gmail.com Philippe Blondin]
+
Scope of the board is to discuss and approve local activities, meetings and plans.
 +
 
 +
*In alphabetical order:  
 +
*Founder and Chapter Leader [mailto:philippe.gamache(at)owasp.org Philippe Gamache]  
 +
*Board Member [mailto:blondin.philippe(at)gmail.com Philippe Blondin]  
 
*Board Member [mailto:sean(at)caedmon.net Sean Coates]  
 
*Board Member [mailto:sean(at)caedmon.net Sean Coates]  
*Board Member [mailto:laurent.desaulniers(at)gmail.com Laurent Desaulniers]
+
*Board Member [mailto:laurent.desaulniers(at)gmail.com Laurent Desaulniers]  
 
*Board Member [mailto:jean-marc.robert(at)etsmtl.ca Jean-Marc Robert]
 
*Board Member [mailto:jean-marc.robert(at)etsmtl.ca Jean-Marc Robert]
  
Special thanks for old board members:
+
Special thanks for old board members:  
 +
 
 
*Founder and Chapter Leader 2008-2010 [mailto:benoit.guerette(at)owasp.org Benoit Guerette]
 
*Founder and Chapter Leader 2008-2010 [mailto:benoit.guerette(at)owasp.org Benoit Guerette]
  
 +
<br>
  
==== Sept 15th 2011 ====
+
==== Sept 15th 2011 ====
  
== OWASP Montreal - September 15th 2011 - XSS Defense In Depth at Scale! ==
+
== OWASP Montreal - September 15th 2011 - XSS Defense In Depth at Scale! ==
*<b>MAIN PRESENTER:</b> Jim Manico, WhiteHat Security and OWASP Podcast
+
*<b>ABSTRACT:</b> This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.
+
*<b>WHEN:</b> September 15th 2011, 18h30
+
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: <b>A-1424</b>
+
*<b>REGISTRATION:</b> <b>Registration NOT mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by ETS
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
+
    18:45-19:45 Main presentation
+
    19:45-20:00 Open discussion
+
    20:00-...  End of the meeting at the ETS Pub
+
  
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
*'''MAIN PRESENTER:''' Jim Manico, WhiteHat Security and OWASP Podcast
 +
*'''ABSTRACT:''' This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.  
 +
*'''WHEN:''' September 15th 2011, 18h30
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: '''A-1424'''
 +
*'''REGISTRATION:''' '''Registration NOT mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by ETS
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
  
==== Nov 17th 2011 ====
+
    18:30-18:45 Welcome speech by Chapter Leader &amp; sponsors
 +
    18:45-19:45 Main presentation
 +
    19:45-20:00 Open discussion
 +
    20:00-...  End of the meeting at the ETS Pub
  
== OWASP Montreal - November 17th 2011 - Gray areas of the Same Origin Policy ==
+
[http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
*<b>MAIN PRESENTER:</b> Philippe Arteau
+
*<b>ABSTRACT:</b> The Same Origin Policy is a fundamental concept that provide a level of separation between sites. Each components apply this separation differently. This presentation will focus on edge cases that can lead to vulnerabilities. Presentation in French with English Slides. Présentation en français avec diapo en anglais.
+
*<b>WHEN:</b> November 17th 2011, 18h30
+
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: <b>A-1424</b>
+
*<b>REGISTRATION:</b> <b>Registration NOT mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by ETS
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
+
    18:45-19:45 Main presentation
+
    19:45-20:00 Open discussion
+
    20:00-...  End of the meeting at the ETS Pub
+
  
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
==== Nov 17th 2011  ====
  
==== Past mettings ====
+
== OWASP Montreal - November 17th 2011 - Gray areas of the Same Origin Policy  ==
  
== OWASP Montreal - July 21th 2011 - VEGA ==
+
*'''MAIN PRESENTER:''' Philippe Arteau
*<b>MAIN PRESENTER:</b> David Mirza - Subgraph
+
*'''ABSTRACT:''' The Same Origin Policy is a fundamental concept that provide a level of separation between sites. Each components apply this separation differently. This presentation will focus on edge cases that can lead to vulnerabilities. Presentation in French with English Slides. Présentation en français avec diapo en anglais.
*<b>ABSTRACT:</b> Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It
+
*'''WHEN:''' November 17th 2011, 18h30  
*<b>WHEN:</b> July 21th 2011, 18h30
+
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: '''A-1424'''
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: <b>A-2330</b>
+
*'''REGISTRATION:''' '''Registration NOT mandatory.'''
*<b>REGISTRATION:</b> <b>Registration NOT mandatory.</b>
+
*'''SPONSORS:''' This meeting is sponsored by ETS  
*<b>SPONSORS:</b> This meeting is sponsored by ETS
+
*'''PROGRAM:'''
*<b>PROGRAM:</b>
+
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
+
    18:45-19:45 Main presentation
+
    19:45-20:00 Open discussion
+
    20:00-...  End of the meeting at the ETS Pub
+
  
[http://www.subgraph.com/products.html https://support.subgraph.com/trac/raw-attachment/wiki/WikiStart/vega_small.png]
+
    18:30-18:45 Welcome speech by Chapter Leader &amp; sponsors
[http://www.subgraph.com/products.html http://support.subgraph.com/images/subgraph-logo-black.png]
+
    18:45-19:45 Main presentation
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
    19:45-20:00 Open discussion
 +
    20:00-...  End of the meeting at the ETS Pub
 +
 
 +
[http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
 +
 
 +
==== Past mettings  ====
 +
 
 +
== OWASP Montreal - July 21th 2011 - VEGA  ==
 +
 
 +
*'''MAIN PRESENTER:''' David Mirza - Subgraph
 +
*'''ABSTRACT:''' Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It
 +
*'''WHEN:''' July 21th 2011, 18h30
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: '''A-2330'''
 +
*'''REGISTRATION:''' '''Registration NOT mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by ETS
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
 +
 
 +
    18:30-18:45 Welcome speech by Chapter Leader &amp; sponsors
 +
    18:45-19:45 Main presentation
 +
    19:45-20:00 Open discussion
 +
    20:00-...  End of the meeting at the ETS Pub
 +
 
 +
[http://www.subgraph.com/products.html [[Image:|vega_small.png]]] [http://www.subgraph.com/products.html [[Image:|subgraph-logo-black.png]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
 +
 
 +
== OWASP Montreal - May 19th 2011 - Hackus 2011 - Démonstration d'attaques Web  ==
 +
 
 +
*'''MAIN PRESENTER:''' Jérémie Goulet, Jonathan Marcil
 +
*'''ABSTRACT:''' http://hackus.org  
 +
*'''WHEN:''' May 19th 2011, 18h30
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: '''A-2330'''
 +
*'''REGISTRATION:''' '''Registration NOT mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by ETS
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
  
== OWASP Montreal - May 19th 2011 - Hackus 2011 - Démonstration d'attaques Web ==
+
     18:30-18:45 Welcome speech by Chapter Leader &amp; sponsors
*<b>MAIN PRESENTER:</b> Jérémie Goulet, Jonathan Marcil
+
    18:45-19:45 Main presentation
*<b>ABSTRACT:</b> http://hackus.org
+
    19:45-20:00 Open discussion
*<b>WHEN:</b> May 19th 2011, 18h30
+
    20:00-...  End of the meeting at the ETS Pub
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: <b>A-2330</b>
+
*<b>REGISTRATION:</b> <b>Registration NOT mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by ETS
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
     18:30-18:45 Welcome speech by Chapter Leader & sponsors
+
    18:45-19:45 Main presentation
+
    19:45-20:00 Open discussion
+
    20:00-...  End of the meeting at the ETS Pub
+
  
 
== OWASP Montreal - March 8th 2011 - Comment obtenir de l'assurance sécurité tout au long d'un projet de déveleopppement web  ==
 
== OWASP Montreal - March 8th 2011 - Comment obtenir de l'assurance sécurité tout au long d'un projet de déveleopppement web  ==
Line 157: Line 168:
  
 
     18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
 
     18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
    18:15-19:15 Main presentation
+
    18:15-19:15 Main presentation
    19:15-19:30 Open discussion
+
    19:15-19:30 Open discussion
    19:30-...  End of the meeting at the ETS Pub
+
    19:30-...  End of the meeting at the ETS Pub
  
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif] [[Image:L7_Sécurité-logo-w-small.jpg|200x54px]] [[Image:Gardienvirtuel.jpg|136x55px]][[Image:Confoo_logo.gif]]]  
+
[http://www.etsmtl.ca/ [[Image:|ETS.gif]]] [[Image:L7 Sécurité-logo-w-small.jpg|200x54px|L7 Sécurité-logo-w-small.jpg]] [[Image:Gardienvirtuel.jpg|136x55px|Gardienvirtuel.jpg]][[Image:Confoo logo.gif]]]  
  
 
<br>  
 
<br>  
  
 
== OWASP Montreal - January 25th 2011 - OWASP Enterprise Security API  ==
 
== OWASP Montreal - January 25th 2011 - OWASP Enterprise Security API  ==
*<b>MAIN PRESENTER:</b> Philippe Gamache, Parler Haut, Interagir Librement
 
*<b>ABSTRACT:</b> OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Because it's an API, it can be easely be add to applications and services to protect themselves from attackers. In this talk, I'll present the project, it's implantation and how to add it to your projects.
 
*<b>WHEN:</b> January 25th 2011, 18h00
 
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: <b>A-1350</b>
 
*<b>REGISTRATION:</b> <b>Registration NOT mandatory.</b>
 
*<b>SPONSORS:</b> This meeting is sponsored by Parler Haut, Interagir Librement and ETS
 
*<b>PROGRAM:</b>
 
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
 
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
 
    18:15-19:15 Main presentation
 
    19:15-19:30 Open discussion
 
    19:30-...  End of the meeting at the ETS Pub
 
  
[http://www.ph-il.ca http://www.owasp.org/images/0/07/Phil_logo-150x30.gif]
+
*'''MAIN PRESENTER:''' Philippe Gamache, Parler Haut, Interagir Librement
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
*'''ABSTRACT:''' OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Because it's an API, it can be easely be add to applications and services to protect themselves from attackers. In this talk, I'll present the project, it's implantation and how to add it to your projects.  
 +
*'''WHEN:''' January 25th 2011, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: '''A-1350'''
 +
*'''REGISTRATION:''' '''Registration NOT mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by Parler Haut, Interagir Librement and ETS  
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
  
== OWASP Montreal - October 25th 2010 - Tweet My Trojan Please ==
+
     18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
*<b>MAIN PRESENTER:</b> Sherif Koussa, Software Secured
+
    18:15-19:15 Main presentation
*<b>ABSTRACT:</b> Social media became part of our day to day activities, sure it made us more social but how safe are we tweeting, facebooking or getting Linked ! This presentation will delve into the dark side of the social networks and Privacy Commissioner Report's on Facebook. It will explore some of the recent social media attacks trying to answer the question: Are we safe socializing online? and what can we do about it?
+
    19:15-19:30 Open discussion
*<b>WHEN:</b> Obtober 25th 2010, 18h00
+
    19:30-...  End of the meeting at the ETS Pub
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: <b>A-1340</b>
+
*<b>REGISTRATION:</b> [http://OwaspMontrealOctober.eventbrite.com OwaspMontrealOctober.eventbrite.com] <b>Registration is mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by Gardien Virtuel and ETS
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
     18:00-18:15 Welcome speech by Chapter Leader & sponsors
+
    18:15-19:15 Main presentation
+
    19:15-19:30 Open discussion
+
    19:30-...  End of the meeting at the ETS Pub
+
  
== OWASP Montreal - July 13th 2010 - Le fuzzing et les tests d'intrusions ==
+
[http://www.ph-il.ca [[Image:|Phil_logo-150x30.gif]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
*<b>MAIN PRESENTER:</b> Eric Gingras & Sebastien Duquette, Gardien Virtuel
+
*<b>WHEN:</b> July 13th 2010, 18h00
+
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
+
*<b>REGISTRATION:</b> [http://OwaspMontrealJuly.eventbrite.com OwaspMontrealJuly.eventbrite.com] <b>Registration is mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by Gardien Virtuel and ETS
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
+
    18:15-19:15 Main presentation
+
    19:15-19:30 Open discussion
+
    19:30-...  End of the meeting at the ETS Pub
+
  
[http://www.gardienvirtuel.com/ https://www.owasp.org/images/6/62/LogoGardienVirtuel_150.gif]
+
== OWASP Montreal - October 25th 2010 - Tweet My Trojan Please  ==
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
  
== OWASP Montreal - May 11th 2010 - Why Implementing Cryptography is Hard ==
+
*'''MAIN PRESENTER:''' Sherif Koussa, Software Secured
*<b>MAIN PRESENTER:</b> David Mirza Ahmad, Founder at Subgraph
+
*'''ABSTRACT:''' Social media became part of our day to day activities, sure it made us more social but how safe are we tweeting, facebooking or getting Linked&nbsp;! This presentation will delve into the dark side of the social networks and Privacy Commissioner Report's on Facebook. It will explore some of the recent social media attacks trying to answer the question: Are we safe socializing online? and what can we do about it?
*<b>WHEN:</b> May 11th 2010, 18h00
+
*'''WHEN:''' Obtober 25th 2010, 18h00  
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
+
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: '''A-1340'''
*<b>REGISTRATION:</b> [http://OwaspMontrealMay.eventbrite.com OwaspMontrealMay.eventbrite.com] <b>Registration is mandatory.</b>
+
*'''REGISTRATION:''' [http://OwaspMontrealOctober.eventbrite.com OwaspMontrealOctober.eventbrite.com] '''Registration is mandatory.'''
*<b>SPONSORS:</b> This meeting is sponsored by Gardien Virtuel, Subgraph and ETS
+
*'''SPONSORS:''' This meeting is sponsored by Gardien Virtuel and ETS  
*<b>PROGRAM:</b>
+
*'''PROGRAM:'''
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
+
    18:15-19:45 Main presentation
+
    19:45-20:00 Open discussion
+
    20:00-...  End of the meeting at the ETS Pub
+
  
[http://www.gardienvirtuel.com/ https://www.owasp.org/images/6/62/LogoGardienVirtuel_150.gif]
+
    18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
[http://www.subgraph.com/ http://www.owasp.org/images/1/12/Subgraph-logo-black.png]
+
    18:15-19:15 Main presentation
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
    19:15-19:30 Open discussion
 +
    19:30-...   End of the meeting at the ETS Pub
  
== OWASP Montreal - March 9th 2010 - OWASP Application Security Verification Standard (ASVS) Project ==
+
== OWASP Montreal - July 13th 2010 - Le fuzzing et les tests d'intrusions  ==
*<b>MAIN PRESENTER:</b> Sebastien Gioria, OWASP French Chapter Leader
+
*<b>WHEN:</b> March 9th 2010, 18h00
+
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
+
*<b>REGISTRATION:</b> [http://OwaspMontrealMARCH.eventbrite.com OwaspMontrealMarch.eventbrite.com] <b>Registration is mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by Gardien Virtuel and ETS
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
+
    18:15-19:00 Main presentation
+
    19:00-19:15 Open discussion
+
    19:15-...  End of the meeting at the ETS Pub
+
  
[http://www.gardienvirtuel.com/ https://www.owasp.org/images/6/62/LogoGardienVirtuel_150.gif]
+
*'''MAIN PRESENTER:''' Eric Gingras &amp; Sebastien Duquette, Gardien Virtuel
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
*'''WHEN:''' July 13th 2010, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
 +
*'''REGISTRATION:''' [http://OwaspMontrealJuly.eventbrite.com OwaspMontrealJuly.eventbrite.com] '''Registration is mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by Gardien Virtuel and ETS
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
  
== OWASP Montreal - February 2nd 2010 - Authentification forte ==
+
     18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
*<b>MAIN PRESENTER:</b>Philippe Gamache, CEO at Parler Haut, Interagir Librement
+
    18:15-19:15 Main presentation
*<b>WHEN:</b> February 2nd 2010, 18h00
+
    19:15-19:30 Open discussion
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
+
    19:30-...  End of the meeting at the ETS Pub
*<b>REGISTRATION:</b> [http://OwaspMontrealFEBRUARY.eventbrite.com OwaspMontrealFebruary.eventbrite.com] <b>Registration is mandatory.</b>
+
*<b>SPONSORS:</b> This meeting is sponsored by Parler Haut, Interagir Librement and ETS.
+
*<b>PROGRAM:</b>
+
*<b>* Please note there is no lunch offered, but prizes will be offered by sponsors</b>
+
     18:00-18:15 Welcome speech by Chapter Leader & sponsors
+
    18:15-19:45 Main presentation
+
    19:45-20:00 Open discussion
+
    20:00-...  End of the meeting at the ETS Pub
+
  
This presentation will be in french, with bilingual slides.
+
[http://www.gardienvirtuel.com/ [[Image:|LogoGardienVirtuel_150.gif]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
  
[http://www.ph-il.ca http://www.owasp.org/images/0/07/Phil_logo-150x30.gif]
+
== OWASP Montreal - May 11th 2010 - Why Implementing Cryptography is Hard  ==
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
== Meeting on November 3rd 2009 in Montreal (Pravir Chandra present Software Assurance Maturity Model (OpenSAMM)) ==  
+
*<b>MAIN PRESENTER:</b> <b>Pravir Chandra is Director of Strategic Services at Fortify Software</b> and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.
+
  
*<b>SUBJECT: The Software Assurance Maturity Model (SAMM) </b>into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/ 
+
*'''MAIN PRESENTER:''' David Mirza Ahmad, Founder at Subgraph
 +
*'''WHEN:''' May 11th 2010, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
 +
*'''REGISTRATION:''' [http://OwaspMontrealMay.eventbrite.com OwaspMontrealMay.eventbrite.com] '''Registration is mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by Gardien Virtuel, Subgraph and ETS
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
  
 +
    18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
 +
    18:15-19:45 Main presentation
 +
    19:45-20:00 Open discussion
 +
    20:00-...  End of the meeting at the ETS Pub
 +
 +
[http://www.gardienvirtuel.com/ [[Image:|LogoGardienVirtuel_150.gif]]] [http://www.subgraph.com/ [[Image:|Subgraph-logo-black.png]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
 +
 +
== OWASP Montreal - March 9th 2010 - OWASP Application Security Verification Standard (ASVS) Project  ==
 +
 +
*'''MAIN PRESENTER:''' Sebastien Gioria, OWASP French Chapter Leader
 +
*'''WHEN:''' March 9th 2010, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
 +
*'''REGISTRATION:''' [http://OwaspMontrealMARCH.eventbrite.com OwaspMontrealMarch.eventbrite.com] '''Registration is mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by Gardien Virtuel and ETS
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
 +
 +
    18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
 +
    18:15-19:00 Main presentation
 +
    19:00-19:15 Open discussion
 +
    19:15-...  End of the meeting at the ETS Pub
 +
 +
[http://www.gardienvirtuel.com/ [[Image:|LogoGardienVirtuel_150.gif]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
 +
 +
== OWASP Montreal - February 2nd 2010 - Authentification forte  ==
 +
 +
*'''MAIN PRESENTER:'''Philippe Gamache, CEO at Parler Haut, Interagir Librement
 +
*'''WHEN:''' February 2nd 2010, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
 +
*'''REGISTRATION:''' [http://OwaspMontrealFEBRUARY.eventbrite.com OwaspMontrealFebruary.eventbrite.com] '''Registration is mandatory.'''
 +
*'''SPONSORS:''' This meeting is sponsored by Parler Haut, Interagir Librement and ETS.
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by sponsors'''
 +
 +
    18:00-18:15 Welcome speech by Chapter Leader &amp; sponsors
 +
    18:15-19:45 Main presentation
 +
    19:45-20:00 Open discussion
 +
    20:00-...  End of the meeting at the ETS Pub
 +
 +
This presentation will be in french, with bilingual slides.
 +
 +
[http://www.ph-il.ca [[Image:|Phil_logo-150x30.gif]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
 +
 +
== Meeting on November 3rd 2009 in Montreal (Pravir Chandra present Software Assurance Maturity Model (OpenSAMM))  ==
 +
 +
*'''MAIN PRESENTER:''' '''Pravir Chandra is Director of Strategic Services at Fortify Software''' and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.
 +
 +
*'''SUBJECT: The Software Assurance Maturity Model (SAMM) '''into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/
 +
 +
<br>
 +
 +
*'''WHEN:''' Tuesday, November 3rd 2009, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
 +
*'''REGISTRATION:''' owaspmontreal at gmail.com. '''Registration is mandatory.''' Please include name, company and how many attendees.
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by all the sponsors, and all attendees get a copy of the SAMM on a USB stick (~90+ page document))'''
  
*<b>WHEN:</b> Tuesday, November 3rd 2009, 18h00
 
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424 
 
*<b>REGISTRATION:</b> owaspmontreal at gmail.com. <b>Registration is mandatory.</b> Please include name, company and how many attendees.
 
*<b>PROGRAM:</b>
 
*<b>* Please note there is no lunch offered, but prizes will be offered by all the sponsors, and all attendees get a copy of the SAMM on a USB stick (~90+ page document))</b>
 
 
     18:00-18:05 Welcome speech by Chapter Leader
 
     18:00-18:05 Welcome speech by Chapter Leader
    18:05-18:15 Welcome speech by sponsors
+
    18:05-18:15 Welcome speech by sponsors
    18:15-19:15 Main presentation
+
    18:15-19:15 Main presentation
    19:15-19:30 Open discussion
+
    19:15-19:30 Open discussion
    19:30-...  End of the meeting at the ETS Pub
+
    19:30-...  End of the meeting at the ETS Pub
  
 +
<br>
  
 +
[http://www.fortify.com/ [[Image:|Fortify.jpg]]] [http://www.gardienvirtuel.com/ [[Image:|LogoGardienVirtuel_150.gif]]] [http://www.trendmicro.com/ [[Image:|Trendmicro.gif]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
  
[http://www.fortify.com/ https://www.owasp.org/images/a/ac/Fortify.jpg] [http://www.gardienvirtuel.com/ https://www.owasp.org/images/6/62/LogoGardienVirtuel_150.gif] [http://www.trendmicro.com/ http://www.owasp.org/images/5/5b/Trendmicro.gif] [http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
== Meeting on September 17th 2009 in Montreal (Crossing the Border – Javascript Exploits)  ==
 +
 
 +
*'''MAIN PRESENTER:''' Justin Foster, CISSP - Third Brigade/Trend Micro
 +
*'''SUBJECT:''' Crossing the Border – Javascript Exploits JavaScript-based exploits are a serious threat on the Internet today. This talk explores how the countermeasures to deal with script based attacks parallel 2200 years of Chinese border security. The speaker will cover the benefits and drawbacks of current prevention methods and introduce future techniques to keep bad scripts at bay.  
 +
*'''WHEN:''' Thursday, September 17th 2009, 18h00
 +
*'''WHERE:''' École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
 +
*'''REGISTRATION:''' owaspmontreal at gmail.com. '''Registration is mandatory.''' Please include name, company and how many attendees.  
 +
*'''SPONSORS:''' This meeting is sponsored by Gardien Virtuel and ETS.  
 +
*'''PROGRAM:'''
 +
*'''* Please note there is no lunch offered, but prizes will be offered by Gardien Virtuel (3 security books) and the Chapter will offer some OWASP gears.'''
  
== Meeting on September 17th 2009 in Montreal (Crossing the Border – Javascript Exploits) ==
 
*<b>MAIN PRESENTER:</b> Justin Foster, CISSP  - Third Brigade/Trend Micro
 
*<b>SUBJECT:</b> Crossing the Border – Javascript Exploits JavaScript-based exploits are a serious threat on the Internet today. This talk explores how the countermeasures to deal with script based attacks parallel 2200 years of Chinese border security. The speaker will cover the benefits and drawbacks of current prevention methods and introduce future techniques to keep bad scripts at bay.
 
*<b>WHEN:</b> Thursday, September 17th 2009, 18h00
 
*<b>WHERE:</b> École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424 
 
*<b>REGISTRATION:</b> owaspmontreal at gmail.com. <b>Registration is mandatory.</b> Please include name, company and how many attendees.
 
*<b>SPONSORS:</b> This meeting is sponsored by Gardien Virtuel and ETS.
 
*<b>PROGRAM:</b>
 
*<b>* Please note there is no lunch offered, but prizes will be offered by Gardien Virtuel (3 security books) and the Chapter will offer some OWASP gears.</b>
 
 
     18:00-18:05 Welcome speech by Chapter Leader
 
     18:00-18:05 Welcome speech by Chapter Leader
    18:05-18:15 Welcome speech by sponsors
+
    18:05-18:15 Welcome speech by sponsors
    18:15-19:00 Main presentation
+
    18:15-19:00 Main presentation
    19:00-19:15 Open discussion
+
    19:00-19:15 Open discussion
    19:15-...  End of the meeting at the ETS Pub
+
    19:15-...  End of the meeting at the ETS Pub
  
 +
<br> [http://www.gardienvirtuel.com/ [[Image:|LogoGardienVirtuel_150.gif]]] [http://www.etsmtl.ca/ [[Image:|ETS.gif]]]
  
[http://www.gardienvirtuel.com/ https://www.owasp.org/images/6/62/LogoGardienVirtuel_150.gif]
+
<br>
[http://www.etsmtl.ca/ http://www.owasp.org/images/c/c0/ETS.gif]
+
  
 +
== April 7th 2009 in Montreal (Introduction to Web Application Hacking LIVE!)  ==
  
== April 7th 2009 in Montreal (Introduction to Web Application Hacking LIVE!) ==
+
*'''MAIN PRESENTER:''' Rafal Los, Sr. Web Security Specialist at HP '''(Topic: Intro to Web Application Hacking LIVE!)'''
*<b>MAIN PRESENTER:</b> Rafal Los, Sr. Web Security Specialist at HP <b>(Topic: Intro to Web Application Hacking LIVE!)</b>
+
*'''BIO:''' Rafal Los is currently a Sr. Security Consultant with Hewlett-Packard’s Application Security Center (ASC). Rafal has over 13 years of experience in network and system design, security policy and process design, risk analysis, penetration testing and consulting. Over the past eight years, he has focused on Information Security and Risk Management, leading security architecture teams and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously Rafal spent three years in-house with GE Consumer Finance, leading its security programs.
*<b>BIO:</b> Rafal Los is currently a Sr. Security Consultant with Hewlett-Packard’s Application Security Center (ASC). Rafal has over 13 years of experience in network and system design, security policy and process design, risk analysis, penetration testing and consulting. Over the past eight years, he has focused on Information Security and Risk Management, leading security architecture teams and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously Rafal spent three years in-house with GE Consumer Finance, leading its security programs.
+
  
*<b>WHEN:</b> Tuesday, April 7th 2009, 18h00
+
*'''WHEN:''' Tuesday, April 7th 2009, 18h00  
*<b>WHERE:</b> CN Building, 935 De la Gauchetière Street West (Downtown), Montreal , Quebec H3B 2M9, Transcontinental room (ground floor)
+
*'''WHERE:''' CN Building, 935 De la Gauchetière Street West (Downtown), Montreal , Quebec H3B 2M9, Transcontinental room (ground floor)  
*<b>REGISTRATION:</b> owaspmontreal at gmail.com. <b>Registration is mandatory </b>. Please include name, company and how many attendees.
+
*'''REGISTRATION:''' owaspmontreal at gmail.com. '''Registration is mandatory '''. Please include name, company and how many attendees.  
*<b>SPONSORS:</b> This meeting is sponsored by Gardien Virtuel and CN.  
+
*'''SPONSORS:''' This meeting is sponsored by Gardien Virtuel and CN.  
*<b>PROGRAM:</b>
+
*'''PROGRAM:'''
      18:00-18:15 <b>Food and drinks </b>
+
      18:15-18:30 Welcome
+
      18:30-20:00 Main presentation
+
      20:00-20:30 Open discussion
+
  
[http://www.gardienvirtuel.com/ https://www.owasp.org/images/6/62/LogoGardienVirtuel_150.gif] https://www.owasp.org/images/9/92/Cn_logo.gif
+
      18:00-18:15 '''Food and drinks '''
 +
    18:15-18:30 Welcome
 +
    18:30-20:00 Main presentation
 +
    20:00-20:30 Open discussion
  
== First meeting on February 24th 2009 in Montreal (Security Development Lifecycle for IT) ==
+
[http://www.gardienvirtuel.com/ [[Image:|LogoGardienVirtuel_150.gif]]] https://www.owasp.org/images/9/92/Cn_logo.gif
  
*<b>MAIN PRESENTER:</b> Rob Labbe, Microsoft <b>(Topic: Security Development Lifecycle for IT)</b>
+
== First meeting on February 24th 2009 in Montreal (Security Development Lifecycle for IT) ==
  
*<b>WHEN:</b> Tuesday, February 24th 2009, 18h00
+
*'''MAIN PRESENTER:''' Rob Labbe, Microsoft '''(Topic: Security Development Lifecycle for IT)'''
  
*<b>WHERE:</b> 111 Duke 7th floor, Montreal, QC, H3C 2M1 (room 734.1)
+
*'''WHEN:''' Tuesday, February 24th 2009, 18h00
  
*<b>REGISTRATION:</b> owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
+
*'''WHERE:''' 111 Duke 7th floor, Montreal, QC, H3C 2M1 (room 734.1)
  
*<b>SPONSORS:</b> This meeting is sponsored by Microsoft, CGI.
+
*'''REGISTRATION:''' owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
 +
 
 +
*'''SPONSORS:''' This meeting is sponsored by Microsoft, CGI.
 +
 
 +
*'''PROGRAM:'''
  
*<b>PROGRAM:</b>
 
 
       18:00-18:15 Food and drinks
 
       18:00-18:15 Food and drinks
      18:15-19:00 OWASP Goal and Top Ten 2007 for Managers (by Benoit Guerette)
+
    18:15-19:00 OWASP Goal and Top Ten 2007 for Managers (by Benoit Guerette)
      19:00-20:00 Security Development Lifecycle for IT (by Rob Labbe, Microsoft)
+
    19:00-20:00 Security Development Lifecycle for IT (by Rob Labbe, Microsoft)
      20:00-20:30 Open discussion
+
    20:00-20:30 Open discussion
https://www.owasp.org/images/c/c9/Logo_microsoft.jpg https://www.owasp.org/images/5/57/Logo_cgi.jpg
+
 
 +
https://www.owasp.org/images/c/c9/Logo_microsoft.jpg https://www.owasp.org/images/5/57/Logo_cgi.jpg  
 +
 
 +
==== Presentations For Download  ====
  
==== Presentations For Download ====
+
[http://www.owasp.org/images/0/0d/20100209mstechdaysowaspasvssgiv01-12657916463819-phpapp02.ppt OWASP ASVS] by Sebastien Gioria (09/03/2010)
  
[http://www.owasp.org/images/0/0d/20100209mstechdaysowaspasvssgiv01-12657916463819-phpapp02.ppt OWASP ASVS] by Sebastien Gioria (09/03/2010)
+
[http://www.ph-il.ca/slides/afup__authetification_forte.pdf Authentification Forte] by Philippe Gamache (02/02/2010)  
  
[http://www.ph-il.ca/slides/afup__authetification_forte.pdf Authentification Forte] by Philippe Gamache (02/02/2010)
+
[http://www.opensamm.org/downloads/OpenSAMM-1.0.ppt Software Assurance Maturity Model (OpenSAMM)] by Pravir Chandra (03/11/2009)  
  
[http://www.opensamm.org/downloads/OpenSAMM-1.0.ppt Software Assurance Maturity Model (OpenSAMM)] by Pravir Chandra (03/11/2009)
+
[http://www.owasp.org/images/d/de/Owasp-montreal-sept-17h-2009-justin-foster.pdf Crossing the Border – Javascript Exploits] by Justin Foster (17/09/2009)  
  
[http://www.owasp.org/images/d/de/Owasp-montreal-sept-17h-2009-justin-foster.pdf Crossing the Border – Javascript Exploits] by Justin Foster (17/09/2009)
+
[http://www.owasp.org/images/c/c2/ALaughRIAt.pdf A Laugh RIAt] by Rafal Los (07/04/2009)  
  
[http://www.owasp.org/images/c/c2/ALaughRIAt.pdf A Laugh RIAt] by Rafal Los (07/04/2009)
+
[https://www.owasp.org/images/e/eb/OWASP-Montreal-24022009-RobLabbe.pptx Microsoft Security Development Lifecycle for IT] by Rob Labbe (24/02/2009)  
  
[https://www.owasp.org/images/e/eb/OWASP-Montreal-24022009-RobLabbe.pptx Microsoft Security Development Lifecycle for IT] by Rob Labbe (24/02/2009)
+
[https://www.owasp.org/images/3/39/OWASP-Montreal-24022009-EN.pdf OWASP Goal and Top Ten 2007 for Managers - French version] by Benoit Guerette (24/02/2009)  
  
[https://www.owasp.org/images/3/39/OWASP-Montreal-24022009-EN.pdf OWASP Goal and Top Ten 2007 for Managers - French version] by Benoit Guerette (24/02/2009)
+
__NOTOC__ <headertabs />
  
__NOTOC__
 
<headertabs/>
 
 
[[Category:Canada]]
 
[[Category:Canada]]

Revision as of 07:56, 14 September 2011

OWASP Montreal

Welcome to the Montreal chapter homepage. The chapter leader is Philippe Gamache
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Montreal.


OWASP Montreal News

2011-11-17 : Gray areas of the Same Origin Policy -> Philippe Arteau

2011-09-15 : XSS Defense In Depth at Scale! -> Jim Manico, WhiteHat Security

2011-07-21 : VEGA -> David Mirza, Subgraph

2011-05-19 : Hackus 2011 - Démonstration d'attaques Web -> Jérémie Goulet, Jonathan Marcil, Hackus 2011

2011-03-08 : Comment obtenir de l'assurance sécurité tout au long d'un projet de déveleopppement web -> Antonio Fontes, L7 Sécurité

2011-01-25 : OWASP Enterprise Security API -> Philippe Gamache, Parler Haut, Interagir Librement

2010-12-04 : The new chapter leader is Philippe Gamache

2010-10-25 : Tweet My Trojan Please -> Sherif Koussa, Software Secured

2010-07-13 : Le fuzzing et les tests d'intrusions -> Eric Gingras & Sebastien Duquette, Gardien Virtuel

2010-05-11 : Why Implementing Cryptography is Hard

2010-03-19 : Next meetings date are published

2010-03-10 : OWASP Application Security Verification Standard (ASVS) Project -> Sebastien Gioria

2010-02-02 : Authentification forte by Philippe Gamache

2010-01-21 : The Board elected Philippe Gamache as Vice Chapter Leader!

2010-xx-xx : Look at the tabs, 2 meeting date are scheduled

2009-11-03 : November 3rd 2009, Pravir Chandra present Software Assurance Maturity Model (OpenSAMM)

2009-09-17 : Next meeting on September 17th 2009!

2009-07-13 : We are preparing the next meeting, it will be held on September.

2009-04-07 : Next meeting on April 7th 2009 in Montreal!

2009-02-25 : Already working for the 2nd meeting in 3 months, more details to come on this site.

2009-02-24 : OWASP meeting on February 24th 2009 in Montreal!

2009-01-20 : Board meeting

2008-12-04 : Creation of the chapter board

2008-11-28 : The new chapter leader is Benoit Guerette (benoit.guerette@owasp.org)

2008-10-14 : First meeting preparation.

2007-10-09 : First meeting preparation. (Cancelled)

2007-08-06 : Email list installation.

2007-07-13 : Start-up of the Montreal Chapter. Welcome!

Montreal OWASP Board

Scope of the board is to discuss and approve local activities, meetings and plans.

Special thanks for old board members:


Sept 15th 2011

OWASP Montreal - September 15th 2011 - XSS Defense In Depth at Scale!

  • MAIN PRESENTER: Jim Manico, WhiteHat Security and OWASP Podcast
  • ABSTRACT: This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.
  • WHEN: September 15th 2011, 18h30
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: Registration NOT mandatory.
  • SPONSORS: This meeting is sponsored by ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
   18:45-19:45 Main presentation
   19:45-20:00 Open discussion
   20:00-...   End of the meeting at the ETS Pub

[[Image:|ETS.gif]]

Nov 17th 2011

OWASP Montreal - November 17th 2011 - Gray areas of the Same Origin Policy

  • MAIN PRESENTER: Philippe Arteau
  • ABSTRACT: The Same Origin Policy is a fundamental concept that provide a level of separation between sites. Each components apply this separation differently. This presentation will focus on edge cases that can lead to vulnerabilities. Presentation in French with English Slides. Présentation en français avec diapo en anglais.
  • WHEN: November 17th 2011, 18h30
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: Registration NOT mandatory.
  • SPONSORS: This meeting is sponsored by ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
   18:45-19:45 Main presentation
   19:45-20:00 Open discussion
   20:00-...   End of the meeting at the ETS Pub

[[Image:|ETS.gif]]

Past mettings

OWASP Montreal - July 21th 2011 - VEGA

  • MAIN PRESENTER: David Mirza - Subgraph
  • ABSTRACT: Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It
  • WHEN: July 21th 2011, 18h30
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-2330
  • REGISTRATION: Registration NOT mandatory.
  • SPONSORS: This meeting is sponsored by ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
   18:45-19:45 Main presentation
   19:45-20:00 Open discussion
   20:00-...   End of the meeting at the ETS Pub

[[Image:|vega_small.png]] [[Image:|subgraph-logo-black.png]] [[Image:|ETS.gif]]

OWASP Montreal - May 19th 2011 - Hackus 2011 - Démonstration d'attaques Web

  • MAIN PRESENTER: Jérémie Goulet, Jonathan Marcil
  • ABSTRACT: http://hackus.org
  • WHEN: May 19th 2011, 18h30
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-2330
  • REGISTRATION: Registration NOT mandatory.
  • SPONSORS: This meeting is sponsored by ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:30-18:45 Welcome speech by Chapter Leader & sponsors
   18:45-19:45 Main presentation
   19:45-20:00 Open discussion
   20:00-...   End of the meeting at the ETS Pub

OWASP Montreal - March 8th 2011 - Comment obtenir de l'assurance sécurité tout au long d'un projet de déveleopppement web

  • MAIN PRESENTER: Antonio Fontes
  • ABSTRACT: Les tests d'intrusion (penetration tests) réalisés après le déploiement d'une application web amènent souvent leur lot de surprises, révélant l'existence de vulnérabilités tout aussi importantes que coûteuses à corriger. Comment détecter et prévenir l'apparition de ces vulnérabilités plus tôt et tout au long du cycle de développement (SDLC)? Quelles activités peut-on mettre en oeuvre pour maintenir le risque à son niveau le plus bas tout en réduisant les coûts de correction? Quels sont les outils dont dispose le management pour obtenir de l'assurance sécurité dès le lancement d'un projet d'application web?
  • WHEN: March 8th 2011, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1350
  • REGISTRATION: Registration NOT mandatory.
  • SPONSORS: This meeting is sponsored by ETS, ConFoo, L7 Sécurité and Gardien Virtuel
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:15 Main presentation
   19:15-19:30 Open discussion
   19:30-...   End of the meeting at the ETS Pub

[[Image:|ETS.gif]] L7 Sécurité-logo-w-small.jpg Gardienvirtuel.jpgConfoo logo.gif]


OWASP Montreal - January 25th 2011 - OWASP Enterprise Security API

  • MAIN PRESENTER: Philippe Gamache, Parler Haut, Interagir Librement
  • ABSTRACT: OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Because it's an API, it can be easely be add to applications and services to protect themselves from attackers. In this talk, I'll present the project, it's implantation and how to add it to your projects.
  • WHEN: January 25th 2011, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1350
  • REGISTRATION: Registration NOT mandatory.
  • SPONSORS: This meeting is sponsored by Parler Haut, Interagir Librement and ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:15 Main presentation
   19:15-19:30 Open discussion
   19:30-...   End of the meeting at the ETS Pub

[[Image:|Phil_logo-150x30.gif]] [[Image:|ETS.gif]]

OWASP Montreal - October 25th 2010 - Tweet My Trojan Please

  • MAIN PRESENTER: Sherif Koussa, Software Secured
  • ABSTRACT: Social media became part of our day to day activities, sure it made us more social but how safe are we tweeting, facebooking or getting Linked ! This presentation will delve into the dark side of the social networks and Privacy Commissioner Report's on Facebook. It will explore some of the recent social media attacks trying to answer the question: Are we safe socializing online? and what can we do about it?
  • WHEN: Obtober 25th 2010, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1340
  • REGISTRATION: OwaspMontrealOctober.eventbrite.com Registration is mandatory.
  • SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:15 Main presentation
   19:15-19:30 Open discussion
   19:30-...   End of the meeting at the ETS Pub

OWASP Montreal - July 13th 2010 - Le fuzzing et les tests d'intrusions

  • MAIN PRESENTER: Eric Gingras & Sebastien Duquette, Gardien Virtuel
  • WHEN: July 13th 2010, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: OwaspMontrealJuly.eventbrite.com Registration is mandatory.
  • SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:15 Main presentation
   19:15-19:30 Open discussion
   19:30-...   End of the meeting at the ETS Pub

[[Image:|LogoGardienVirtuel_150.gif]] [[Image:|ETS.gif]]

OWASP Montreal - May 11th 2010 - Why Implementing Cryptography is Hard

  • MAIN PRESENTER: David Mirza Ahmad, Founder at Subgraph
  • WHEN: May 11th 2010, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: OwaspMontrealMay.eventbrite.com Registration is mandatory.
  • SPONSORS: This meeting is sponsored by Gardien Virtuel, Subgraph and ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:45 Main presentation
   19:45-20:00 Open discussion
   20:00-...   End of the meeting at the ETS Pub

[[Image:|LogoGardienVirtuel_150.gif]] [[Image:|Subgraph-logo-black.png]] [[Image:|ETS.gif]]

OWASP Montreal - March 9th 2010 - OWASP Application Security Verification Standard (ASVS) Project

  • MAIN PRESENTER: Sebastien Gioria, OWASP French Chapter Leader
  • WHEN: March 9th 2010, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: OwaspMontrealMarch.eventbrite.com Registration is mandatory.
  • SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:00 Main presentation
   19:00-19:15 Open discussion
   19:15-...   End of the meeting at the ETS Pub

[[Image:|LogoGardienVirtuel_150.gif]] [[Image:|ETS.gif]]

OWASP Montreal - February 2nd 2010 - Authentification forte

  • MAIN PRESENTER:Philippe Gamache, CEO at Parler Haut, Interagir Librement
  • WHEN: February 2nd 2010, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: OwaspMontrealFebruary.eventbrite.com Registration is mandatory.
  • SPONSORS: This meeting is sponsored by Parler Haut, Interagir Librement and ETS.
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by sponsors
    18:00-18:15 Welcome speech by Chapter Leader & sponsors
   18:15-19:45 Main presentation
   19:45-20:00 Open discussion
   20:00-...   End of the meeting at the ETS Pub

This presentation will be in french, with bilingual slides.

[[Image:|Phil_logo-150x30.gif]] [[Image:|ETS.gif]]

Meeting on November 3rd 2009 in Montreal (Pravir Chandra present Software Assurance Maturity Model (OpenSAMM))

  • MAIN PRESENTER: Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.
  • SUBJECT: The Software Assurance Maturity Model (SAMM) into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/


  • WHEN: Tuesday, November 3rd 2009, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by all the sponsors, and all attendees get a copy of the SAMM on a USB stick (~90+ page document))
    18:00-18:05 Welcome speech by Chapter Leader
   18:05-18:15 Welcome speech by sponsors
   18:15-19:15 Main presentation
   19:15-19:30 Open discussion
   19:30-...   End of the meeting at the ETS Pub


[[Image:|Fortify.jpg]] [[Image:|LogoGardienVirtuel_150.gif]] [[Image:|Trendmicro.gif]] [[Image:|ETS.gif]]

Meeting on September 17th 2009 in Montreal (Crossing the Border – Javascript Exploits)

  • MAIN PRESENTER: Justin Foster, CISSP - Third Brigade/Trend Micro
  • SUBJECT: Crossing the Border – Javascript Exploits JavaScript-based exploits are a serious threat on the Internet today. This talk explores how the countermeasures to deal with script based attacks parallel 2200 years of Chinese border security. The speaker will cover the benefits and drawbacks of current prevention methods and introduce future techniques to keep bad scripts at bay.
  • WHEN: Thursday, September 17th 2009, 18h00
  • WHERE: École de technologie supérieure, 1100, rue Notre-Dame ouest, Montréal, Room: A-1424
  • REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
  • SPONSORS: This meeting is sponsored by Gardien Virtuel and ETS.
  • PROGRAM:
  • * Please note there is no lunch offered, but prizes will be offered by Gardien Virtuel (3 security books) and the Chapter will offer some OWASP gears.
    18:00-18:05 Welcome speech by Chapter Leader
   18:05-18:15 Welcome speech by sponsors
   18:15-19:00 Main presentation
   19:00-19:15 Open discussion
   19:15-...   End of the meeting at the ETS Pub


[[Image:|LogoGardienVirtuel_150.gif]] [[Image:|ETS.gif]]


April 7th 2009 in Montreal (Introduction to Web Application Hacking LIVE!)

  • MAIN PRESENTER: Rafal Los, Sr. Web Security Specialist at HP (Topic: Intro to Web Application Hacking LIVE!)
  • BIO: Rafal Los is currently a Sr. Security Consultant with Hewlett-Packard’s Application Security Center (ASC). Rafal has over 13 years of experience in network and system design, security policy and process design, risk analysis, penetration testing and consulting. Over the past eight years, he has focused on Information Security and Risk Management, leading security architecture teams and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously Rafal spent three years in-house with GE Consumer Finance, leading its security programs.
  • WHEN: Tuesday, April 7th 2009, 18h00
  • WHERE: CN Building, 935 De la Gauchetière Street West (Downtown), Montreal , Quebec H3B 2M9, Transcontinental room (ground floor)
  • REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory . Please include name, company and how many attendees.
  • SPONSORS: This meeting is sponsored by Gardien Virtuel and CN.
  • PROGRAM:
     18:00-18:15 Food and drinks 
    18:15-18:30 Welcome 
    18:30-20:00 Main presentation
    20:00-20:30 Open discussion

[[Image:|LogoGardienVirtuel_150.gif]] Cn_logo.gif

First meeting on February 24th 2009 in Montreal (Security Development Lifecycle for IT)

  • MAIN PRESENTER: Rob Labbe, Microsoft (Topic: Security Development Lifecycle for IT)
  • WHEN: Tuesday, February 24th 2009, 18h00
  • WHERE: 111 Duke 7th floor, Montreal, QC, H3C 2M1 (room 734.1)
  • REGISTRATION: owaspmontreal at gmail.com. Registration is mandatory. Please include name, company and how many attendees.
  • SPONSORS: This meeting is sponsored by Microsoft, CGI.
  • PROGRAM:
     18:00-18:15 Food and drinks
    18:15-19:00 OWASP Goal and Top Ten 2007 for Managers (by Benoit Guerette)
    19:00-20:00 Security Development Lifecycle for IT (by Rob Labbe, Microsoft)
    20:00-20:30 Open discussion

Logo_microsoft.jpg Logo_cgi.jpg

Presentations For Download

OWASP ASVS by Sebastien Gioria (09/03/2010)

Authentification Forte by Philippe Gamache (02/02/2010)

Software Assurance Maturity Model (OpenSAMM) by Pravir Chandra (03/11/2009)

Crossing the Border – Javascript Exploits by Justin Foster (17/09/2009)

A Laugh RIAt by Rafal Los (07/04/2009)

Microsoft Security Development Lifecycle for IT by Rob Labbe (24/02/2009)

OWASP Goal and Top Ten 2007 for Managers - French version by Benoit Guerette (24/02/2009)