Welcome to the Ottawa chapter homepage. The chapter's president is Sherif Koussa
Follow us on Twitter
Click here to join the local chapter mailing list.
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
OWASP Ottawa Training Day
Integrating security in a webapp project: from the idea to going live
A 1-day training covering 3 major topics related to integrating security in a software development project:
The entire training will follow a red-line based on a real-life HR web application project in which we will manage security and privacy aspects. Students will cover the entire lifecycle of the application, from analysis to deployment, and integrate good practices and tools based on OWASP material.
We expect students to arrive around 8am and be able to leave around 6:30/7pm
Pre-requisites (required skills and material):
We are always looking for ideas for upcoming meetings. If you have a speaker you would like to see, a tutorial you would like to participate in, or just some ideas for discussion topics let us know. We maintain a list of your ideas here. To add to the list you can edit it directly, send one of us an e-mail (Sherif, Sergei), or tweet it at our Twitter account.
December 12, 2011
Location: Bell Canada - 160 Elgin St, Ottawa
Title: n00bs night out...exploiting the owasp top 10
Hey Ottawa, come join us for a FREE night of web application hacking. We have tutorials explaining how to exploit the OWASP Top 10 web application vulnerabilities and hands on labs to practice your skills. Bring your laptop and a copy of the Backtrack 5 LiveCD (or VM) http://www.backtrack-linux.org/downloads/
Who: all skill levels are welcome (especially n00bs)
When: December 12 from 6:00pm - 9:00pm (open at 5:30)
September 27th, 2011
Location: Shopify - 61a York St (Above Tucker's Marketplace)
Speaker Notes: Download Here
Microsoft Silverlight Security - A Hacker's Perspective
It’s not news for anyone how the internet has revolutionized all aspects of our lives. In the past few years there has been unprecedented growth in web applications and their user base. One of the core technologies driving this widespread phenomenon is Rich Internet Applications (RIAs) because it offers the same level of responsiveness & interactivity on web that is available to desktop applications. Microsoft offered its vision of RIA through Silverlight - a framework that allows web applications running in a browser to behave more like desktop applications.
One of the major enhancements in Silverlight was the incorporation of mini-CLR engine, that on one hand, adds amazing capabilities for web developers but, on the other hand, also broadens the surface area of attack by opening previously nonexistent entry points into web applications. In this presentation Angelo & Kamran will demonstrate how modern hackers can use reverse engineering techniques to take advantage of weak security implementation. They will also show some effective ways of defending against these types of attacks.
Angelo Chan is an experienced versatile software developer who has developed applications, middleware and low-level software for various platforms. With an initial background in Telecom, Angelo has since worked with different technologies and has discovered a passion for .NET. His interests include virtual machines, operating systems, network/application reverse engineering and security. Angelo can be reached at Angelo@WindowsDebugging.com
Kamran Bilgrami is a seasoned software developer with proven track record of transforming complex business problems into viable technical solution. He has been instrumental in orchestrating highly available, performance centric, fault-tolerant real-time systems in a wide variety of industries including Telecom, Security and Human/Health Services. His areas of expertise include .NET, CLR Internals, Patterns and Security. Kamran can be reached at Kamran@WindowsDebugging.com
May, Thursday 12th 2011
Location: Bell - 160 Elgin St, Ottawa
Chris Pierre BA, CFE, CISSP is an Ottawa-based forensic investigation professional. Having worked with several forensic firms prior to starting Evince Services, Inc., he has experience in many types of engagements in both the private & public sectors & specializes in investigations involving the internet. Forensic engagements have included information leaks, general corporate fraud investigations, investor fraud, intellectual property cases, administrative/internal investigations, background investigations, grants & contributions fraud, corruption investigations & the provision of training on the use of the Internet as an investigative tool. Preventative engagements have included training, background due diligence & compliance consulting.
Chris is an instructor at Algonquin College, the Canadian Police College, Past-President of the Ottawa Chapter of the High Tech Crime Investigators Association (HTCIA) & a member of the Ottawa Chapter of the Association of Certified Fraud Examiners.
March, Thursday 10th 2011
Speaker: Shan Gu - Accenture - Large enterprises are increasing their adoption of SOA at a rapid rate as interoperability standards and vendor product implementations mature and stabilize. However, moving enterprises into a loosely coupled IT paradigm introduces challenges around security and compliance. How do we address accountability, confidentiality, integrity, and trust in a large loosely couple ecosystem where consumers and providers don’t always maintain a permanent or stateful relationship? There are standards of course that help integrators and Architects design systems to communicate with each other in a secure manner, however these standards, when interpreted in their purest sense are complex and expensive to implement/maintain in large organizations. And systems that are operationally complex in terms of security are ironically the least secure.
About The Speaker Shan Gu - Manager in the Security Technologies Practice at Accenture Shan is a Security Architect from Accenture who specializes in Identity and Access Management and SOA Security. He has worked with clients in both the Public and Private sectors and in various industries spanning from Health, to Transport, to Financial Services. Shan has spent his recent years focused on helping clients adopt SOA within the enterprise and to do it in a secure and cost effective manner. Shan is a graduate from Carleton University’s Systems and Computer Engineering program, with a B.Eng and a Minor in Business.
More Previous Meetings