[Owasp-alabama] Welcome the new OWASP Alabama Chapter VP Brad Causey

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Wed Aug 13 13:55:23 EDT 2008


See comments inline:

-----Original Message-----
From: owasp-alabama-bounces at lists.owasp.org
[mailto:owasp-alabama-bounces at lists.owasp.org] On Behalf Of
owasp-alabama at lists.owasp.org
Sent: Wednesday, August 13, 2008 11:30 AM
To: owasp-alabama at lists.owasp.org
Subject: Re: [Owasp-alabama] Welcome the new OWASP Alabama Chapter VP Brad
Causey


On Aug 13, 2008, at 5:07 AM, owasp-alabama at lists.owasp.org wrote:

> After a long talk Brad has decided to accept the role as Vice- 
> President for the Alabama OWASP Chapter. Brad is a supporter of  
> OWASP and has commented on the value it provides for him and his  
> team when dealing with today's Application Security issues.

Is there any form of membership voting in the process of electing  
officials in the chapter, or is this just personal preference?
Brad, can you share some information about yourself?

>> Chapter members are selected by the chapter president initially. I'll get
you an official response from OWASP on yearly member selection.

What are your hobbies, how long you have been involved in security and  
what are you currently involved with as well as where you see yourself  
going in your information security career?

>> Brad is very well qualified and uses OWASP in his position on a daily
basis. If you want to know more, read his book ;)  


> Brad and I will be working on setting up the first public chapter  
> meeting in the coming months. We already have speaker proposals from  
> Foundstone, WhiteHat Security, and potentially Chris Nickerson from  
> the "tiger team" tv documentary.

Put me down for some talks as well.

> I may also present on the LiveCD and release a special version  
> before my talk at this year's OWASP NYC conference.
www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
>
> I'm working on getting Red Bull as a sponsor for the NYC and may get  
> them to come out to our meeting with some free beverages if you guys  
> are interested.

At this point in the game what needs to be sponsored within the chapter?

>> Local chapters are required to support meeting expenses with
sponsorships. This helps pay for refreshments and expenses.

> We are looking for a meeting space as well as refreshment sponsors  
> for our upcoming meetings as well. I have no problem sponsoring the  
> first couple meetings until we have some interested vendors/  
> organizations. (*remember- any vendor talks must not be a sales  
> pitch, but we allow you to place materials and banners in the  
> refreshment area).

Ironic.

>> Not really- see above.

> Some talk ideas:
> AJAX / Web 2.0 Security
> .NET Code Review Methodology
> Phishing Attacks and Prevention
> IDEAS????
>

Topics I regularly discuss / experience -

- Black box web application review
- Static versus scanner based web application reviews
- Hacking ASP ViewState.
- Weaponized payloads for sql injection
- Backdooring stored procedures through undocumented microsoft stored  
procedures
- The up's and downs of MSSQL2k vs latest versions of SQL
- Attacking outside of the OWASP Box mentality. (not that owasp is  
bad, but institutionalizes things that used to be fairly known into a  
repeatable manner, while entire vulnerability classes fall to the  
floor due to people just following what owasp says you should look  
for... etc. )
- Double checking the vendors work manually ( a small story about  
going back over two separate pentest companies web application review  
and finding gaping arbitrary code execution holes).
- Getting over the hype - A small talk about getting over the hype and  
helping newer people to the security scene recognize they may not know  
what they may not know....

>> Always looking for good talks. Will speak more when slots are available. 

> In order to make this chapter grow we need to hear from you. My  
> contact details are below.
>
> ( I have been working on a code review and app hack for 2 days  
> straight some hopefully all this babble makes sense)
>

Didn't you just talk about not trying to sell yourself as a vendor :).

>> Nothing more that comments about my current state of mind my friend. Did
I miss something?

| Daniel Uriah Clemens
| Packetninjas L.L.C | http://www.packetninjas.net
| c. 205.567.6860      | o. 866.267.8851

- Esse quam videra (to be , rather than to appear)









_______________________________________________
Owasp-alabama mailing list
Owasp-alabama at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-alabama




More information about the Owasp-alabama mailing list