From: Andrew van der Stock (vanderajgreebo.net)
Date: Wed May 03 2006 - 08:17:13 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's the known May OWASP meetings around the world. If there's no
meeting close to you, it could be an oversight. Directions to the
meetings and times for the meetings can be found on the relevant
chapter pages. Please check:

http://www.owasp.org/docroot/owasp/maps/index.jsp

to see if there's a chapter meeting happening in your neck of the
woods. If there is no chapter close to you, please contact me or Jeff
Williams about starting your own chapter. OWASP meetings count
towards CISSP CPE Credits.

May 2 - Melbourne, Australia. Already passed. My bad - many apologies
to Jean-Marie for not getting this out during my recent illness.

May 3 - Boston, MA, USA

6:30 pm - Fortify Software - 2 parts
Application Defense-Software That Fights Back
New Tools and Techniques to Help Discover Software Security Flaws
**********************************
8:00
Short Topic - open redirects in URLs + phishing

*********************************
8:15 - Using Paros Proxy Server as a Web Application Vulnerability
tool - Part 2
reusing Paros sessions; web crawling and vulnerability scans

http://www.owasp.org/local/boston.html

May 8 - Brussels, Belgium

Where: Deloite Diegem
http://www.deloitte.com/dtt/cda/doc/content/RouteDescriptionDiegem.pdf

PROGRAM

18h00 - 18h30: Welcome, get drink & snack

18h30 - 18h45: Sebastien Deleersnyder, Ascure
OWASP Update

18h45 - 19h15: Hillar Leoste, Zone-H
2005 Internet Attack Statistics for Belgium Presentation + Discussion

Zone-h maintains the largest archive of information about attacks
against Internet web servers. Every day the Zone-H volunteers receive
an average of 2,500 notifications related to web server intrusions.
Hillar will filter out the 2005 statistics for Belgium. I am sure
this will provide an interesting topic to discuss about!

19h15 - 20h30: Johan Peeters, Program Director secappdev.org
Can "Agile" Development Produce Secure Applications? Presentation +
Discussion

Received wisdom has it that secure development and agile processes do
not mix. Is that really so? Agile practices have proven in many
projects to yield applications with fewer functional defects. Can they
also be put to work to reduce the number of security vulnerabilities?

http://www.owasp.org/local/belgium.html

May 9 - Hong Kong

Anthony Lai (HK Chapter Lead) will be speaking at the 21st Century
Info-Security Project.

Details:
http://www.infosecurityproject.com/

May 10, Ottawa, Canada

Location:
180 Preston Street, 3rd Floor
Ottawa, K1R 7P9

Agenda
6:00pm-6:30pm - Reception
6:30pm-8:00pm - Main Presentation

Speaker: Marc Graveline - Cognos

Subject: Marc is head of security at Congonos and he is going to
speak to us about his practical experience with security threats and
what Cognos has been doing with respect to these threats.

http://www.owasp.org/local/ottawa.html

May 10, NoVA, VA, USA

Our next NoVA OWASP meeting will be on 10 May from 6-9pm. Richard
"Doc" Baum (ATT) will start by providing an example application for
the group to review for security issues.

The 2nd presentation will be by John Steven (Cigital) on how to
choose a source code analysis tool. Pravir
Chandra (Secure Software) will follow up with a discussion on how
CodeAssure actually works under the hood. It should be quite
interesting.

May 12, Rochester, NY, USA

The next meeting of the Rochester, NY chapter of OWASP will meet
Monday, May 15, 2006 at 6:00 PM. This meeting will be an open
discussions on web application security and a planning meeting held
at Tully's on Jefferson Rd. in Henrietta. Suggest a discussion topic
on the Rochester OWASP list, or bring it with you. Because we need to
reserve seats at Tully's, please RSVP to Ralf Durkee <rdrd1.net> by
Friday, May 5.

May 24, San Antonio, TX, USA
http://www.owasp.org/local/antonio.html

San Antonio OWASP Chapter: May 2006 Meeting
Topic: How to Prevent Forceful Browsing
Presenter: Dan Ross of PIC Business Systems
Date: Wednesday May 24th, 2006 11:30am - 1:00pm
Location:
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,
+TX+78
229

Abstract:
By Forceful Browsing, clients may be able to access pages which
should be
forbidden. A technique for preventing forceful browsing is
introduced. With
this technique, you may be assured that clients may only visit pages for
which links have been presented.

Granularity may be adjusted for an entire page, as well as for
specific page
parameters. For example, you may prevent a user from deleting customers
altogether, or you may permit a user to delete customer #1, but not
customer
#2. In addition, a notification system can alert you when users are
forceful
browsing.

The implementation will be presented using PHP.

Presenter Bio:
Dan Ross has been VP Engineering for 17 years at PIC Business
Systems, which
provides integrated business software for the Window Coverings and
Apparel
Industries. He has led the design, development, and maintenance of many
commercial web applications and programs. He has a BS in Industrial
Engineering from St. Mary's University in San Antonio.

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail owasprsvp _at_ denimgroup _dot_ com or call (210)
572-4400.

• application/pkcs7-signature attachment: smime.p7s

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]