[OWASP-Alabama] Meeting Overview, Expectations for Next Meetings

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Jan 30 21:46:36 UTC 2017

Hey all,
meeting event for February is now up on Meetup.

I fully disagree with your conclusion on not bringing in rockstars.

It has nothing to do with developers who cant escape MySQL queries and has
everything to do with wanting to learn and learning cool stuff.

Yeah, a local guy can teach us about penetrating a server due to bad
developer practices, they can teach us workshops but quality level is
different much of the time.

*Here are the reasons we should bring rockstars in:*
They have a lot of experience talking, so their presentations are actually
They provide real world examples both on the attacking side and on the
defending and building side that may not be available at the local level.
They are subject matter experts, the writers of the tools, books, and so on
offering information we could not get otherwise.
They have name recognition and are more likely to attract new people.

I am not suggesting that we replace our monthly meetings with rockstar
presentations, nor are we likely to be able to afford that. I am suggesting
that, like the Houston OWASP group, we do it every few months (they did it
every 3).

Subjectively, every successful user group I have joined back from the Cold
Fusion Birmingham User Group about a decade ago, to the PHP and OWASP
groups in Houston have used external speaks to generate excitement and to
teach cool things.

Just my 2 cents.

On Mon, Jan 30, 2017 at 11:29 AM, <owasp-alabama at lists.owasp.org> wrote:

> Meeting Outline, Notes Etc.
> * Introductions, Hello .
> * Goals of Chapter - Reviewed. Past, Present, Future.
> * Technical
> - Everyone Share some form of the following..
> * Tools - What do you use for x,y,z?
> * Process - How do you use these tools and techniques?
> * Security, Politics, Assurance
> * Book Recommendations
> * Assessment Basics
> * Advanced Assessment Topics
> * Assessing Modern Frameworks - https://www.ruhrsec.de/2017
> *Next Meeting - 3rd Thursday of Every Month.
> //  Meeting discussion points
> * Should we get a "rockstar" flown in from some other place to encourage
> membership.
> The answer on this is mostly - No - due to most developers careless
> about parameterized queries and the overall value is questionable.
> We can go through many different auditing scenarios from binary, source,
> blackbox or tool instrumentation if needed.
> Personally, I have found it doesn't matter if the prophet grew up in
> your own town he will be ignored. The same idea should be applied to
> needing to fly someone in from out of town when we have small numbers
> amongst other things.
> * Other questions - Who really is Tyler Ward ? Where is Waldo?
> Future topics to discuss:
> * Source Code Analysis - Input Tracing, demystifying source code
> analysis. Date TBA
> * Getting Developers geared on the basics. Date TBA
> * Binary Analysis - How to start.  Date TBA
> * Austin Duncan  will cover a topic of xss exploitation , demos etc at
> the next meeting.
> Please book yourself for the next OWASP meeting at the dedicated meetup
> link shared kindly by Mikhail
> --
> Daniel U. Clemens
> Direct: +1.202.747.0043 Ext 7001
> Packet Ninjas | https://www.packetninjas.net
> _______________________________________________
> OWASP-Alabama mailing list
> OWASP-Alabama at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-alabama

Mikhail Kozorovitskiy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-alabama/attachments/20170130/c2967d57/attachment.html>

More information about the OWASP-Alabama mailing list