[Owasp-alabama] Welcome the new OWASP Alabama Chapter VP Brad Causey

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Wed Aug 13 12:29:37 EDT 2008


On Aug 13, 2008, at 5:07 AM, owasp-alabama at lists.owasp.org wrote:

> After a long talk Brad has decided to accept the role as Vice- 
> President for the Alabama OWASP Chapter. Brad is a supporter of  
> OWASP and has commented on the value it provides for him and his  
> team when dealing with today’s Application Security issues.

Is there any form of membership voting in the process of electing  
officials in the chapter, or is this just personal preference?
Brad, can you share some information about yourself?

What are your hobbies, how long you have been involved in security and  
what are you currently involved with as well as where you see yourself  
going in your information security career?

> Brad and I will be working on setting up the first public chapter  
> meeting in the coming months. We already have speaker proposals from  
> Foundstone, WhiteHat Security, and potentially Chris Nickerson from  
> the “tiger team” tv documentary.

Put me down for some talks as well.

> I may also present on the LiveCD and release a special version  
> before my talk at this year’s OWASP NYC conference. www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
>
> I’m working on getting Red Bull as a sponsor for the NYC and may get  
> them to come out to our meeting with some free beverages if you guys  
> are interested.

At this point in the game what needs to be sponsored within the chapter?

> We are looking for a meeting space as well as refreshment sponsors  
> for our upcoming meetings as well. I have no problem sponsoring the  
> first couple meetings until we have some interested vendors/  
> organizations. (*remember- any vendor talks must not be a sales  
> pitch, but we allow you to place materials and banners in the  
> refreshment area).

Ironic.

> Some talk ideas:
> AJAX / Web 2.0 Security
> .NET Code Review Methodology
> Phishing Attacks and Prevention
> IDEAS????
>

Topics I regularly discuss / experience -

- Black box web application review
- Static versus scanner based web application reviews
- Hacking ASP ViewState.
- Weaponized payloads for sql injection
- Backdooring stored procedures through undocumented microsoft stored  
procedures
- The up's and downs of MSSQL2k vs latest versions of SQL
- Attacking outside of the OWASP Box mentality. (not that owasp is  
bad, but institutionalizes things that used to be fairly known into a  
repeatable manner, while entire vulnerability classes fall to the  
floor due to people just following what owasp says you should look  
for... etc. )
- Double checking the vendors work manually ( a small story about  
going back over two separate pentest companies web application review  
and finding gaping arbitrary code execution holes).
- Getting over the hype - A small talk about getting over the hype and  
helping newer people to the security scene recognize they may not know  
what they may not know....

> In order to make this chapter grow we need to hear from you. My  
> contact details are below.
>
> ( I have been working on a code review and app hack for 2 days  
> straight some hopefully all this babble makes sense)
>

Didn't you just talk about not trying to sell yourself as a vendor :).

| Daniel Uriah Clemens
| Packetninjas L.L.C | http://www.packetninjas.net
| c. 205.567.6860      | o. 866.267.8851

- Esse quam videra (to be , rather than to appear)











More information about the Owasp-alabama mailing list