[OWASP-Washington] meeting minutes

Ed Tracy @ Aspect Security ed.tracy at aspectsecurity.com
Mon Mar 28 13:24:25 EST 2005 

Thanks, Matt.

I wanted to add that everyone who gave their email address at the 
meeting has been added to this mailing list. So, I think the 
communication thing is covered.

Also, some personal notes. I have a gmail account which allows me to 
invite others. gmail is by far the best, free email system (that I know 
of). It has a Gig of space, and advanced user features like google 
search of email. It also supports POP, which yahoo is no longer 
supporting. Let me know if you'd like a personal invitation. Btw, 
maps.google.com is awesome. Someone mentioned it at the meeting, I 
wanted to push it as it offers new mapping and search capabilities.

Also, there's a free subscription to Information Security magazine at

http://www.omeda.com/cgi-win/insec.cgi?p=passalong

-ed




Matthew Chalmers wrote:

> Sorry if you get this twice but I don't think it sent the first time...
>  
> Attached are the minutes from the last meeting. If you attended please 
> look them over and let me know if you think anything should be 
> added/changed/deleted (e.g. some people don't like their name 
> mentioned). I would have sent the minutes to just the attendees but I 
> didn't get everyone's email address this time, as I wasn't there. 
> :( I'll post the final minutes to the chapter homepage by the end of 
> the business day Tuesday the 29th (a week after the meeting). Also, Ed 
> wanted the attached presentation deck sent out for everyone's benefit.
>  
> -- 
> Matthew Chalmers, GSNA, CEH, CHS
>
> ------------------------------------------------------------------------
>
>     * App Sec News
>           o SHA-1 defrocked
>             (http://www.financialcryptography.com/mt/archives/000355.html)
>
>           o XSS Proxy tool described by Andre Ludwig
>             (http://xss-proxy.sourceforge.net/Advanced_XSS_Control.txt)
>                 + takes XSS vulnerability and exploits the hell out of it
>                 + potential demonstration in the future
>     * Ethics Discussion
>           o Harvard applicants rejected for "hacking" application
>             website
>             (http://www.pcworld.com/news/article/0,aid,119938,00.asp)
>                 + everyone was surprised at the many different
>                   opinions of culpability people had
>           o Vulnerability Sharing Clubs like this one:
>             http://www.immunitysec.com/services-sharing.shtml
>     * Chapter Direction Discussion, Presentation Ideas
>           o Are we advancing webappsec, teaching it, or both? Possible
>             worksessions at future meetings to allow both to coexist
>           o Inno Eroraha suggested cross-polinating with other focus
>             groups in the DC area, ideas?
>           o Andre Ludwig suggested a demo on the XSS Proxy tool, dates?
>           o Matt Fisher suggested revisiting the Secure Model
>             Architecture discussion, volunteers to get this started?
>           o Matt Fisher suggested Absinthe and other SQL testing tools
>             demonstration, dates?
>           o Joe Bui suggested an outreach session held in DC to reach
>             the government audience. Joe is checking for space
>             availability at his office downtown.
>           o Several people suggested having a Northern VA meeting.
>             That was countered with the idea of an additional chapter.
>             If someone in VA (or any other area near DC) would like to
>             move one of our meetings to VA, please let me know. I
>             think it's a good idea.
>     * Penetration Testing Lab
>           o Introduced the OWASP Penetration Testing Checklist
>             (http://www.owasp.org/documentation/testing/application.html)
>           o Introduced WebScarab
>             (http://www.owasp.org/software/webscarab.html)
>           o Introduced WebGoat
>             (http://www.owasp.org/software/webgoat.html)
>           o Gil Prine and Jeff Williams recommended the book,
>             "Innocent Code" by Sverre H. Huseby
>

-- 
 
 
-- Ed
 

	
	
	
 
* Edward Tracy, CISSP *
ed.tracy at aspectsecurity.com <mailto:ed.tracy at aspectsecurity.com>
(443) 745-6270 (cell)
(301) 604-4882 (office)
(781) 240-7886 (fax)
 
*Aspect Security^(TM)*
Securing your applications at the source 
<http://aspectsecurity.com/about.html>
http://www.aspectsecurity.com
 
Do your developers know the top ten web application security mistakes 
<http://aspectsecurity.com/topten>?
 

 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-washington/attachments/20050328/91fe4555/attachment.html

More information about the Owasp-washington mailing list