[Owasp-alabama] Welcome the new OWASP Alabama Chapter VP Brad Causey
owasp-alabama at lists.owasp.org
owasp-alabama at lists.owasp.org
Wed Aug 13 12:29:37 EDT 2008
On Aug 13, 2008, at 5:07 AM, owasp-alabama at lists.owasp.org wrote:
> After a long talk Brad has decided to accept the role as Vice-
> President for the Alabama OWASP Chapter. Brad is a supporter of
> OWASP and has commented on the value it provides for him and his
> team when dealing with today’s Application Security issues.
Is there any form of membership voting in the process of electing
officials in the chapter, or is this just personal preference?
Brad, can you share some information about yourself?
What are your hobbies, how long you have been involved in security and
what are you currently involved with as well as where you see yourself
going in your information security career?
> Brad and I will be working on setting up the first public chapter
> meeting in the coming months. We already have speaker proposals from
> Foundstone, WhiteHat Security, and potentially Chris Nickerson from
> the “tiger team” tv documentary.
Put me down for some talks as well.
> I may also present on the LiveCD and release a special version
> before my talk at this year’s OWASP NYC conference. www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
> I’m working on getting Red Bull as a sponsor for the NYC and may get
> them to come out to our meeting with some free beverages if you guys
> are interested.
At this point in the game what needs to be sponsored within the chapter?
> We are looking for a meeting space as well as refreshment sponsors
> for our upcoming meetings as well. I have no problem sponsoring the
> first couple meetings until we have some interested vendors/
> organizations. (*remember- any vendor talks must not be a sales
> pitch, but we allow you to place materials and banners in the
> refreshment area).
> Some talk ideas:
> AJAX / Web 2.0 Security
> .NET Code Review Methodology
> Phishing Attacks and Prevention
Topics I regularly discuss / experience -
- Black box web application review
- Static versus scanner based web application reviews
- Hacking ASP ViewState.
- Weaponized payloads for sql injection
- Backdooring stored procedures through undocumented microsoft stored
- The up's and downs of MSSQL2k vs latest versions of SQL
- Attacking outside of the OWASP Box mentality. (not that owasp is
bad, but institutionalizes things that used to be fairly known into a
repeatable manner, while entire vulnerability classes fall to the
floor due to people just following what owasp says you should look
for... etc. )
- Double checking the vendors work manually ( a small story about
going back over two separate pentest companies web application review
and finding gaping arbitrary code execution holes).
- Getting over the hype - A small talk about getting over the hype and
helping newer people to the security scene recognize they may not know
what they may not know....
> In order to make this chapter grow we need to hear from you. My
> contact details are below.
> ( I have been working on a code review and app hack for 2 days
> straight some hopefully all this babble makes sense)
Didn't you just talk about not trying to sell yourself as a vendor :).
| Daniel Uriah Clemens
| Packetninjas L.L.C | http://www.packetninjas.net
| c. 205.567.6860 | o. 866.267.8851
- Esse quam videra (to be , rather than to appear)
More information about the Owasp-alabama