OWASP San Jose
OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Next Meeting - Wednesday, July 25, 2007
Open to the public, attendance is free
Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and reception (food & bev)
6:30pm - 8:00pm ... Attacking XML Security - Brad Hill
8:00pm - 8:15pm ... Upcoming Security Workshops - Brian Bertacini
8:15pm - 8:35pm ... Networking Session
807 11th Avenue
Sunnyvale, Ca 94089
Map and Directions
Attacking XML Security
Presented by: Brad Hill, iSEC Partners
Brad will present his ongoing research into attacking the XML Digital Signature and Encryption standards that underpin the security of Web Services, mobile code, SAML, federated identity systems and more. The talk will begin with a high-level, critical take on the emerging conventional wisdom about message-oriented security and continue with a detailed discussion of design and implementation weaknesses in the standards. Technical material will include a root cause analysis of the recent iSEC advisory on cross-platform, remote code execution vulnerabilities discovered in multiple XML Digital Signature products.
Bio: Based out of Seattle, Brad Hill is a Senior Security Consultant at iSEC Partners, a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. Brad brings a ten year background as a software developer and architect in the technology and financial services sectors to his work at iSEC, where he does design review, application assessment and development lifecycle improvement for some of the world’s leading software companies.
Upcoming Security Workshops
Presented by: Brian Bertacini, Volunteer Chapter Organizer
Abstract: Introduce local volunteer expert trainers that are planning web application and infrastructure security workshops.