Difference between revisions of "Seattle"

From OWASP
Jump to: navigation, search
(Local News : Next event 28th Feb (Wed))
(Local News : Next event 28th Feb (Wed))
Line 15: Line 15:
 
** '''Buffer Overflows on .Net and Asp.Net''' - One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).
 
** '''Buffer Overflows on .Net and Asp.Net''' - One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).
 
** '''OWASP, the Open Web Application Security Project''' - The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.
 
** '''OWASP, the Open Web Application Security Project''' - The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.
 +
** '''0wning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done''' - In this presentation Dinis will explore the missed oportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small diference, ideas and solutions for the future will also be presented.
  
 
* '''Brad Hill (Senior Security Consultant with iSEC Partners)''',  will be speaking on:
 
* '''Brad Hill (Senior Security Consultant with iSEC Partners)''',  will be speaking on:

Revision as of 09:07, 20 February 2007

OWASP Seattle

Welcome to the Seattle chapter homepage. The chapter leaders are Mike de Libero and Scott Stender
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.


Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News : Next event 28th Feb (Wed)

2/28/2007 @ 6PM PST - Seattle chapter meeting

Details:

Location: Bellevue Las Margaritas (http://www.lasmargaritasbellevue.com/)

Time: 6 o’clock.

Speakers:

  • Dinis Cruz (Chief OWASP Evangelist) - Directly from London, Dinis will be doing two presentations at this event:
    • Buffer Overflows on .Net and Asp.Net - One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).
    • OWASP, the Open Web Application Security Project - The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.
    • 0wning Vista's userland - The CAS / UAC missed opportunity, and what I think MS should had done - In this presentation Dinis will explore the missed oportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small diference, ideas and solutions for the future will also be presented.
  • Brad Hill (Senior Security Consultant with iSEC Partners), will be speaking on:
    • XML Digital Signature and Encryption: Use and Abuse - The WS-Security set of standards is on the threshold of ubiquitous deployment and XML applications have already taken over the world. This presentation looks at two underlying technologies, XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC), their place in the Web Services stack and their applicability to non-SOAP XML applications. Beginning with a basic overview of the standards, we will uncover some surprising caveats and risks in the use of these technologies.

Past Meetings

1/8/2007 @ 6 o'clock - Seattle chapter meeting.

Details: Location: Bellevue Las Margaritas (http://www.lasmargaritasbellevue.com/) Time: 6 o’clock.

Speakers:

Ward Spagenberg of IOActive on the topic "Unraveling PCI".

Since there will be free food, beer and pop please let Mike de Libero know so we know how much to order. We look forward to seeing you all there!