[Owasp-boston] OWASP Boston

Weiler, Jim Jim.Weiler at Staples.com
Tue Mar 22 20:32:37 EST 2005

Hi Folks,

If you haven't read CSO magazine (it's free) I think it's pretty good. It
has some very real world articles in spite of the title, which initially
made me think it would be too conceptual. 
You can also find our April meeting listed in the 'events' section. 

I also went to a free 1 day mini conference in Waltham sponsored by the US
Secret Service about the role of the US Secret Service ECTFs (Electronic
Crimes Task Forces) in the InfoSec Public-Private Partnership. They would
like a lot more informal information exchange with the private sector
without worrying about conviction and prosecutions. They also talked about
the FBI's Infraguard program. I'll talk about what they covered at our April
meeting. Is anybody involved with the ECTF or Infraguard?

At the March meeting we only had a few people so Joe ended up taking us out
for pizza at Bertucci's, and we had a good time discussing some of his hacks
and application security in general.

For the April meeting we have 2 presentations, 

First, Jothy Rosenberg, CTO of Service Integrity will talk about 'Trusting
Web Services for Business : WS-Security', 

Jonathan Levin will talk about Session Management - 
- Why standard random number generation techniques are bad 
- Random #s and security: from TCP sequence #s, through key derivation, to
session keys. 
- Special focus on session keys 
- Proposed alternatives

I'll review the O'Reilly book 'Secure Coding: Principles and Practices'.

We still have some Microsoft software to give away (Age of Empires is gone)
so bring a business card for the raffle.

See you April 6,

Jim Weiler
Staples North American Application Services
Application Architect
508 2533884

More information about the Owasp-boston mailing list