San Jose

Revision as of 13:20, 13 July 2007 by Bbertacini (Talk | contribs)

Jump to: navigation, search

OWASP San Jose

Welcome to the San Jose chapter homepage. The chapter leader is Brian Bertacini
Click here to join the local chapter mailing list.


OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Meeting - Wednesday, July 25, 2007

Open to the public, attendance is free

Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and reception (food & bev)
6:30pm - 8:00pm ... Attacking XML Security - Brad Hill
8:00pm - 8:15pm ... Upcoming Security Workshops - Brian Bertacini
8:15pm - 8:35pm ... Networking Session

807 11th Avenue
Sunnyvale, Ca 94089
Map and Directions

Attacking XML Security
Presented by: Brad Hill, iSEC Partners

Abstract: Brad will present his ongoing research into attacking the XML Digital Signature and Encryption standards that underpin the security of Web Services, mobile code, SAML, federated identity systems and more. The talk will begin with a high-level, critical take on the emerging conventional wisdom about message-oriented security and continue with a detailed discussion of design and implementation weaknesses in the standards. Technical material will include a root cause analysis of the recent iSEC advisory on cross-platform, remote code execution vulnerabilities discovered in multiple XML Digital Signature products.

Bio: Based out of Seattle, Brad Hill is a Senior Security Consultant at iSEC Partners, a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. Brad brings a ten year background as a software developer and architect in the technology and financial services sectors to his work at iSEC, where he does design review, application assessment and development lifecycle improvement for some of the world’s leading software companies.

Upcoming Security Workshops
Presented by: Brian Bertacini, Volunteer Chapter Organizer

Abstract: Introduce local volunteer expert trainers that are planning web application and infrastructure security workshops.

Please RSVP to via email Brian Bertacini, call 408-979-0571 or visit

Special thanks to Ariba for hosting this event and to AppSec Consulting and iSEC Partners for sponsoring.