[Owasp-seattle] Fwd: Next Seattle OWASP Meeting : 8/11/2009

Michael de Libero mikede at mde-dev.com
Tue Aug 11 00:15:36 EDT 2009 

Just a reminder that tomorrow is the meeting.

Talk to you tomorrow,
Mike de Libero

Begin forwarded message:

> From: Mike de Libero <mikede at mde-dev.com>
> Date: July 28, 2009 7:10:28 PM PDT
> To: owasp-seattle at lists.owasp.org
> Subject: [Owasp-seattle] Next Seattle OWASP Meeting : 8/11/2009
>
> Hello Everyone,
>
> 	I know, I know it has been too long since our last meeting, but hey
> better late then never :).  Anyways here are the pertinent details.
> Please let me know if you are coming so I can order enough food and
> drinks for everyone.
>
> Location: Bellevue Las Margaritas
>
> 437 108th Ave NE
>
> Bellevue, WA 98004
>
> (425) 453-0535
>
> Date: 8/11/2009 @ 6:30ish
>
> Speakers:
>
> Speaker: Anil Kumar Revuru
>
> The Microsoft Anti-Cross-Site Scripting Library
>
> The Microsoft Anti-Cross-Site Scripting Library V3.0 (Anti-XSS V3.0)
> is an encoding library designed to help developers protect their
> ASP.NET web-based applications from XSS attacks. It differs from most
> encoding libraries in that it uses the white-listing technique —
> sometimes referred to as the principle of inclusions — to provide
> protection against XSS attacks. This approach works by first defining
> a valid or allowable set of characters, and encodes anything outside
> this set (invalid characters or potential attacks). The white listing
> approach provides several advantages over other encoding schemes. The
> following are some new features of Anti-XSS library v3.0.
>
> 	• An expanded white list that supports more languages
> 	• Performance improvements
> 	• Performance data sheets (in the online help)
> 	• Support for Shift_JIS encoding for mobile browsers
> 	• Security Runtime Engine (SRE) HTTP module
> 	• A sample application
> In this session, we will learn in-depth how Anti-XSS works and learn
> more about its new features.
>
> Anil Kumar Revuru currently works for Information Security Tools team
> in Microsoft as Senior SDE where he is responsible for architecting
> security tools. In his previous life at Microsoft, Anil conducted
> security design reviews, threat modeling, and application and source-
> code assessments. He has authored security tools and has presented
> security courses internally at Microsoft. He excelled in his abilities
> by developing security tools such as Microsoft Threat Analysis and
> Modeling Tool and Anti-XSS Library. Anil holds a Diploma in Mechanical
> Engineering from JNTU Hyderabad. Anil displayed expert proficiency in
> the substantive and technical areas of design and development. Has
> keen interest in photography, xbox and computer hardware.
>
> ------------------------------------------
>
> Speaker: Andre Gironda
>
> Using ASVS with the Code Review Guide, Testing Guide, and Time
> Management
>
> The OWASP Application Security Verification Standards, which defines
> four levels of web application security verification, lays down a
> framework for security architecture review. While the ASVS includes
> many requirements for controls, it does not suggest which tools,
> techniques, timeline or methodologies to utilize. The OWASP Code
> Review and Testing Guides provide the technical practices and suggest
> or hint at tools, but also lack the timeline and methodology necessary
> to complete an application penetration-test or SDLC integration
> project for proper application security hygiene.
>
> This presentation will provide the 1000 foot view all the way down to
> the nitty gritty details of how to perform ASVS activities using OWASP
> resources, as well as some OWASP and non-OWASP tools (freeware or
> demoware). Example timelines for typical ASVS activities, including
> reports, will be discussed so that any sort of application security
> project can be scoped properly, delivered on-time, and within budget.
>
> Andre Gironda is an application security specialist with a global
> security consulting firm providing IT security services to the Fortune
> 500 and financial institutions as well as U.S. and foreign
> governments. Prior to his current employment, Andre held a number of
> payment application security positions in addition to working for the
> largest online auction website. He is currently a leader for the Open
> Web Application Security Project (OWASP), where he co-produces the
> global OWASP News Podcast.
> -----
>
> Thanks,
> Mike de Libero
>
> _______________________________________________
> Owasp-seattle mailing list
> Owasp-seattle at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-seattle

More information about the Owasp-seattle mailing list