Difference between revisions of "Vancouver"

From OWASP
Jump to: navigation, search
m
(16 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is Rui Pereira (ruiper (at) wavefrontcg (dot) com).
+
 
 +
{{Chapter Template|chaptername=Vancouver|extra=The chapter leader is [mailto:yvanboily@gmail.com Yvan Boily]
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-vancouver|emailarchives=http://lists.owasp.org/pipermail/owasp-vancouver}}
  
==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting July 22, 2010 (Second Meeting of 2010)</font></font>==
 
'''Time:'''
 
Thursday, July 22, 2010 @ 5:30pm
 
 
''' Location'''
 
Sierra Systems
 
1177 West Hastings Street, Suite 2500
 
Vancouver, BC V6E 2K3
 
 
http://maps.google.ca/maps?f=q&source=s_q&hl=en&geocode=&q=1177+West+Hastings+Street,+vancouver,+bc&sll=49.891235,-97.15369&sspn=31.271973,90.263672&ie=UTF8&hq=&hnear=1177+W+Hastings+St,+Vancouver,+Greater+Vancouver+Regional+District,+British+Columbia+V6E+3Y9&z=16
 
 
We are pleased to announce our second meeting of 2010!  As previously announced on the mailing list, we will have the meeting on July 22nd, and Martin Kyle of Sierra Systems has offered to host the meeting.
 
 
*First Topic  : Risk Assessment Methodologies - Erasmus Dong - High level presentation on risk management and risk assessment methodologies with focus on OWASP Threat Risk Modeling.
 
*Fifteen minute break
 
*Second Topic : Cloud Technologies and Risks - Yvan Boily - Brief overview of cloud technologies, and a discussion of some of the key areas of risk.
 
*Discussion of how to grow the chapter, and future areas of interest.
 
 
About Erasmus Dong:
 
 
A new member of the Vancouver OWASP community, Erasmus has been working in information technology for over a decade in areas of operations, infrastructure, and information security risk in government and financial services.
 
 
About Yvan Boily:
 
 
Yvan Boily works for a global Financial Institution and was the former chapter lead for the Winnipeg chapter of OWASP.  He has worked in various roles in IT Security, primarily focused on Application Security and Security Testing.  Working for the last 8 years in IT Security, Yvan  has held roles in provincial government, independent contracting, and as a consultant for a dedicated IT security firm.
 
 
==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting April 22, 2010</font></font>==
 
 
*Topic: Informal Meeting
 
*Meeting Date: April 22, 2010
 
*Facilitators: Yvan Boily / Rui Pereira
 
*Place/Room: Steamworks Pub
 
 
Agenda
 
 
1. Introductions
 
2. Objectives (discuss initial objectives as a chapter)
 
3. Discuss Content of Meetings
 
4. General Discussion
 
 
==<font color="red"> <font size="5">OWASP Vancouver Chapter Meeting April 27, 2009</font> </font>==
 
'''Time:'''
 
Monday April 27, 2009 starting at 5:30 p.m.
 
  
''' Location'''
+
== 2013 Meetings ==
Deloitte & Touche LLP (downtown office)
+
2800 - 1055 Dunsmuir Street
+
4 Bentall Centre
+
Vancouver British Columbia
+
  
Vancouver Map/Carte<http://maps.google.ca/maps?f=q&hl=en&geocode=&q=2800+Dunsmuir+Street,+Vancouver+British+Columbia+V7X+1P4>
+
{| class="wikitable"
 +
|-
 +
! Date !! Location !! Speaker !! Topic <nowiki>Insert non-formatted text here</nowiki> !! Registration Info
 +
|-
 +
| August 7, 2013 || Mozilla Vancouver || Raymond Forbes || Owasp Canada Intro & Bug Bounty Programs || [[http://www.eventbrite.ca/event/7683697145 Register Here!]]
 +
|-
 +
| September 30, 2013 || TBD || TBD || TBD ||
 +
|-
 +
| October 28, 2013 || TBD || TBD || TBD ||
 +
|-
 +
| November 25, 2013 || TBD || TBD || TBD ||
 +
|}
  
Agenda:
+
== 2012 Meetings ==
 +
You can subscribe to the OWASP Vancouver Calendar [https://www.google.com/calendar/ical/osgb36r55fqlt3m10jc4e2ef70%40group.calendar.google.com/public/basic.ics here].
  
5:30 to 5:45 PM Introductions
+
=== May 2012 ===
5:45 to 6:15 PM Cross Site Scripting XSS & Cross Site Request Forgery CSRF by Mark Lane
+
6:15 to 6:30 PM Q&A session
+
  
Approximately 10 people attended.
+
'''OAuth-based single sign-on in Real-world Implementations'''
  
==<font color="red"><font size="5">OWASP Vancouver Chapter Meeting January 20, 2009</font></font>==
+
'''Speaker:''' San-Tsai Sung
'''Time:'''
+
January 20th, 2009 at 6:00 p.m.
+
  
''' Location'''
+
'''Date & Time:''' Monday, May 28th, 2012 @ 5:30pm
Deloitte & Touche LLP (downtown office)
+
2800 - 1055 Dunsmuir Street
+
4 Bentall Centre
+
Vancouver British Columbia
+
  
Vancouver Map/Carte<http://maps.google.ca/maps?f=q&hl=en&geocode=&q=2800+Dunsmuir+Street,+Vancouver+British+Columbia+V7X+1P4>
+
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based
 +
single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open
 +
question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP
 +
websites that support the use of Facebook accounts for login.  Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer
 +
examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.
  
Agenda:
+
'''Registration:''' Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!
  
6:00 to 6:15 PM Introductions
+
Please register at: [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
6:15 to 6:45 PM Presentation "Real Experiences in developing a Secure Development Life Cycle" from Stephen Charles
+
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''
6:45 to 7:00 PM Q&A session
+
  
Approximately 10 people attended.
+
'''Location:'''
 +
Mozilla Vancouver, Suite 209, 163 West Hastings,
 +
Vancouver, BC (Buzzer code is in the directory)
  
==<font color="red"><font size="5">OWASP Vancouver Chapter meeting January 21, 2008</font></font>==
 
'''Time:'''
 
January 21, 2008 6:30 p.m. to 7:30 p.m.
 
  
''' Location'''
+
=== January 2012 ===
Business Objects
+
910 Mainland Street
+
Vancouver BC, Canada  V6B 1A9
+
  
For the January meeting of the OWASP Vancouver chapter we have a very interesting presentation from Michael Weider, Founder and CTO of IBM Watchfire. Michael will provide insights into the latest trends in application security, what is the threat and what best practices are companies employing to address this growing threat.
+
'''Outsourcing Identity: Understanding Privacy and Security in Identity Services'''
  
The session will be held on January 21st starting at 6:30 p.m.
+
'''Speaker:''' Yvan Boily, Web Security Engineer, Mozilla Corporation
  
Please contact Mauro Addari at [mailto:mauro.owasp@live.ca Mauro] to register
+
'''Date & Time:''' Monday, January 23rd, 2012 @ 5:30pm
  
==<font color="red"><font size="5">OWASP Vancouver Chapter meeting November 29, 2007</font></font>==
+
Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers.  In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.
'''Location: '''
+
Business Objects Main office
+
  
'''Attendance: '''
+
'''Registration:'''  Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP.  If space runs out, preference will be given to those who have registered!
Rodrigo, Rui, Zenko, Russ, Mauro
+
   
+
The meeting started with an introduction of the OWASP group and its objectives: goals and projects that OWASP is leading.
+
There are various open source projects that the OWASP team has been a part of, namely, the OWASP top ten list of vulnerabilities; CLASP ( a guideline for companies to address security issues in their products ); GOAT ( practice your hacking skills on their machines); Web Scarab; plus other scanning/hacking tools.
+
+
We then introduced the OWASP Vancouver chapter: lately the chapter has been a little be dormant and all the presents agreed to provide help to revamp the chapter.
+
The objective of the OWASP Vancouver chapter is to promote web application security and security awareness in the community.
+
+
In the fall off 2007 the Vancouver chapter reached into the other Vancouver security and technical groups. Some groups as for example SIG Security and Vantug have been interested to hear more about OWASP and the asked for presentations. More presentation can be done to these groups in the next year. We all agree that reaching into Vancouver groups is an important goal for the OWASP Vancouver chapter.
+
   
+
Another goal of the group is to facilitate some technical discussion and presentation on the security field. Some of the topics of interest are the following:
+
+
* Honeypot;
+
* Vulnerabilities;
+
* Secure Development LifeCycle;
+
* Hands on seminar using various security/pen tools;
+
* Wireless security;
+
* Http and basic encryption;
+
* Forensic;
+
* Law and enforcement in security;
+
* International security groups like CISSP or SANS.
+
+
We've also discussed the possibility to promote OWASP in the community and other groups and to capturing new membership through social sites such as Tazzu.com and meetup.com.
+
+
The next meeting is planned for the end of January
+
  
==<font color="red"><font size="5">OWASP Chapter Meeting May 30th, 2007 5:30pm - 7:00pm</font></font>==
+
Please register [https://docs.google.com/spreadsheet/viewform?formkey=dHZSeTY1ZnFKTFo1elBRZ3BsenNvRnc6MQ here].
'''Attendance:'''
+
''(Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)''
* Neil (PDB Security)
+
* Chris (Sxip Identity)
+
* Mauro (Business Objects)
+
  
'''Introductions'''
+
'''Location:'''
 +
Ping Identity,
 +
200 - 788 Beatty St,
 +
Vancouver
  
''' Ideas for new members?'''
+
'''About Ping Identity
* Chris to lead web page
+
'''
* Mauro to contact other local security groups (ISACA, ISSA, CIPS Security Special Interest Group)
+
Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.
* Neil to arrange speakers
+
* Group to invite friends :)
+
  
'''Future Speakers'''
 
* Topics of interest: fuzzing, risk modeling (CLASP), other risk methodologies, cryptography, web services, tools
 
  
'''Other ideas?'''
 
* Goals of the chapter: grow, cross-pollination of ideas in app. sec. space, evangelize app sec!
 
* Chatted about compliance standards.
 
* Chatted about info sec. vs app. sec. as a whole.
 
  
[[Category:Canada]]
+
[[Category:British Columbia]]

Revision as of 11:09, 6 August 2013


Contents

OWASP Vancouver

Welcome to the Vancouver chapter homepage. The chapter leader is Yvan Boily
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


2013 Meetings

Date Location Speaker Topic Insert non-formatted text here Registration Info
August 7, 2013 Mozilla Vancouver Raymond Forbes Owasp Canada Intro & Bug Bounty Programs [Register Here!]
September 30, 2013 TBD TBD TBD
October 28, 2013 TBD TBD TBD
November 25, 2013 TBD TBD TBD

2012 Meetings

You can subscribe to the OWASP Vancouver Calendar here.

May 2012

OAuth-based single sign-on in Real-world Implementations

Speaker: San-Tsai Sung

Date & Time: Monday, May 28th, 2012 @ 5:30pm

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.

Registration: Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register at: here. (Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)

Location: Mozilla Vancouver, Suite 209, 163 West Hastings, Vancouver, BC (Buzzer code is in the directory)


January 2012

Outsourcing Identity: Understanding Privacy and Security in Identity Services

Speaker: Yvan Boily, Web Security Engineer, Mozilla Corporation

Date & Time: Monday, January 23rd, 2012 @ 5:30pm

Social Media has taken over the online world; what Microsoft attempted with Passport has been made reality by Facebook, Twitter, Google, and other service providers. In addition to the proprietary identity services these platforms offer, several support protocols such as OpenID, This will be a one hour presentation that will contrast the security and privacy features available in major online identity protocols, and contrast these with Mozilla's BrowserID protocol.

Registration: Registration is strongly recommended since an invite will be extended to other groups to try to improve participation in OWASP. If space runs out, preference will be given to those who have registered!

Please register here. (Registration details are not retained after the meeting, however a sign-up sheet will be available for those claiming CPEs)

Location: Ping Identity, 200 - 788 Beatty St, Vancouver

About Ping Identity Ping Identity has generously offered their downtown office space, located on the corner of Beatty and Robson, to host our chapters meetings moving forward. The office is 6000sq/ft of a mostly open floor plan, so we should be able to accommodate a large group.