[OWASP-Washington] meeting minutes
Ed Tracy @ Aspect Security
ed.tracy at aspectsecurity.com
Mon Mar 28 13:24:25 EST 2005
I wanted to add that everyone who gave their email address at the
meeting has been added to this mailing list. So, I think the
communication thing is covered.
Also, some personal notes. I have a gmail account which allows me to
invite others. gmail is by far the best, free email system (that I know
of). It has a Gig of space, and advanced user features like google
search of email. It also supports POP, which yahoo is no longer
supporting. Let me know if you'd like a personal invitation. Btw,
maps.google.com is awesome. Someone mentioned it at the meeting, I
wanted to push it as it offers new mapping and search capabilities.
Also, there's a free subscription to Information Security magazine at
Matthew Chalmers wrote:
> Sorry if you get this twice but I don't think it sent the first time...
> Attached are the minutes from the last meeting. If you attended please
> look them over and let me know if you think anything should be
> added/changed/deleted (e.g. some people don't like their name
> mentioned). I would have sent the minutes to just the attendees but I
> didn't get everyone's email address this time, as I wasn't there.
> :( I'll post the final minutes to the chapter homepage by the end of
> the business day Tuesday the 29th (a week after the meeting). Also, Ed
> wanted the attached presentation deck sent out for everyone's benefit.
> Matthew Chalmers, GSNA, CEH, CHS
> * App Sec News
> o SHA-1 defrocked
> o XSS Proxy tool described by Andre Ludwig
> + takes XSS vulnerability and exploits the hell out of it
> + potential demonstration in the future
> * Ethics Discussion
> o Harvard applicants rejected for "hacking" application
> + everyone was surprised at the many different
> opinions of culpability people had
> o Vulnerability Sharing Clubs like this one:
> * Chapter Direction Discussion, Presentation Ideas
> o Are we advancing webappsec, teaching it, or both? Possible
> worksessions at future meetings to allow both to coexist
> o Inno Eroraha suggested cross-polinating with other focus
> groups in the DC area, ideas?
> o Andre Ludwig suggested a demo on the XSS Proxy tool, dates?
> o Matt Fisher suggested revisiting the Secure Model
> Architecture discussion, volunteers to get this started?
> o Matt Fisher suggested Absinthe and other SQL testing tools
> demonstration, dates?
> o Joe Bui suggested an outreach session held in DC to reach
> the government audience. Joe is checking for space
> availability at his office downtown.
> o Several people suggested having a Northern VA meeting.
> That was countered with the idea of an additional chapter.
> If someone in VA (or any other area near DC) would like to
> move one of our meetings to VA, please let me know. I
> think it's a good idea.
> * Penetration Testing Lab
> o Introduced the OWASP Penetration Testing Checklist
> o Introduced WebScarab
> o Introduced WebGoat
> o Gil Prine and Jeff Williams recommended the book,
> "Innocent Code" by Sverre H. Huseby
* Edward Tracy, CISSP *
ed.tracy at aspectsecurity.com <mailto:ed.tracy at aspectsecurity.com>
(443) 745-6270 (cell)
(301) 604-4882 (office)
(781) 240-7886 (fax)
Securing your applications at the source
Do your developers know the top ten web application security mistakes
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-washington